Does SUSE 11 do IPV6 by default?

Hello

I’ve recently setup a public web server using OpenSUSE 11.0.

Does SUSE 11 use IPV6 by default?
It would appear to when I run this command:
lsmod | grep -i “ipv6”

Output gives me:
ipv6 331544 19 ip6t_REJECT,nf_conntrack_ipv6,ip6table_mangle

Is it safe to leave it on?
Does the SUSE Firewall support IPV6?

Thanks

  • Teraserve wrote, On 07/23/2008 12:46 PM:
    > Hello
    >
    > I’ve recently setup a public web server using OpenSUSE 11.0.
    >
    > Does SUSE 11 use IPV6 by default?

Yes.

> Is it safe to leave it on?
> Does the SUSE Firewall support IPV6?

No, AFAIK it can either block IPV6 completely or let it through, it cannot filter it.

Uwe

Hello Uwe

How do I disable IPV6 traffic?

Can’t see anything in the firewall options.

Thanks

> How do I disable IPV6 traffic?

YaST>Network Devices>Network Settings>Global Options> uncheck Enable IPv6.

Thanks, sounds obvious now.

I’ve done it on a local server.

Once unchecked and [Finish] selected I immediately loose network connectivity to the machine.

On physically visiting the machine, when I run “ifconfig” I notice eth0 has dissapeared.

Yast did tell me to reboot when disabling IPV6. So I reboot the machine, and no problem, it comes up without IPV6.

However it can’t do this in the public web server remotely. Since I will loose network connectivity, I won’t be able to reboot.

What do you suggest? One option would be to put a reboot command in the crontab.

> Once unchecked and [Finish] selected I immediately loose network
> connectivity to the machine.

Hmm I run OS11 in a VM so I cannot really speak to the issue you are seeing,
but what if you untick the Enable IPv6 and then go to the Overview tab an
reconfigure it. Don’t forget to also check in the Hostnames tab and the
routing tab to make sure it is all square. Then reboot and see if you lose
eth0. The network configuration screens are a bit in flux and sometimes
they just don’t ‘get’ what you are trying to do.

Play with your local box and test it out a bit before jumping on that web
server.

Teraserve wrote:

>
> Thanks, sounds obvious now.
>
> I’ve done it on a local server.
>
> Once unchecked and [Finish] selected I immediately loose network
> connectivity to the machine.
>
> On physically visiting the machine, when I run “ifconfig” I notice eth0
> has dissapeared.
>
> Yast did tell me to reboot when disabling IPV6. So I reboot the
> machine, and no problem, it comes up without IPV6.
>
> However it can’t do this in the public web server remotely. Since I
> will loose network connectivity, I won’t be able to reboot.
>
> What do you suggest? One option would be to put a reboot command in the
> crontab.
>
>

changing that setting is equivalent to changing the contents
of /etc/modprobe.d/ipv6

if ipv6 is ENABLED, contains:
#install ipv6 /bin/true

if ipv6 is DISABLED, contains:
install ipv6 /bin/true

the ‘#’ comment character is removed to disable ipv6.

Basically, you’re telling the system to load ‘/bin/true’ instead of the ipv6
module when you disable it.

So, to disable ipv6:

  • Edit /etc/modprobe.d/ipv6, REMOVE the ‘#’ comment character.
    Should read:

install ipv6 /bin/true

At the prompt, type ‘reboot’.

Wait a few minutes, log in again!

There ARE ways to do this without a reboot, but being remote, it becomes
somewhat more difficult (quickly!)

Hope this helps.


L R Nix
lornix@lornix.com

Hello Lornix

That did it. Many thanks.

Teraserve wrote:

>
> Hello Lornix
>
> That did it. Many thanks.
>
>

You’re welcome, glad I could help. Managing remote systems is sometimes a
challenge… you have to make sure it comes back up when you ‘fix’
something. Some of the systems I remotely admin are cross country trips,
and would involve a plane ride or several days driving. :open_mouth:


L R Nix
lornix@lornix.com

> Hello Lornix
>
> That did it. Many thanks.

Lornix
Will any future mucking inside of YaST overwrite his setting and return it
to its previous value? I am always reluctant to suggest file edits (though
I do it myself frequently) since it is unclear what settings get lost and
when. Sometimes you will see warnings inside of text files that tell you
not to edit them for that very reason.

GofBorg wrote:

>> Hello Lornix
>>
>> That did it. Many thanks.
>
> Lornix
> Will any future mucking inside of YaST overwrite his setting and return it
> to its previous value? I am always reluctant to suggest file edits
> (though I do it myself frequently) since it is unclear what settings get
> lost and
> when. Sometimes you will see warnings inside of text files that tell you
> not to edit them for that very reason.

I tried several things to make sure of that, including searching for all
files modified within last hour. the /etc/modules.d/ipv6 is the only thing
changed for that particular option.

And inversely, changing the file by hand causes an appropriate change in the
option.

Yes, I usually recommend using the tools to make changes, most especially
for system options, but in this case, changing that option from YaST would
cause him to lose network connectivity, dropping communications with the
remote machine… so another way was needed.

Good call though. Config file edits by the uninitiated are not usually good
things. {Grin} You must Grok your system.


L R Nix
lornix@lornix.com