This post is intended to be a quick note to self on linux IPv6 commands, for quick reference when needed.
# Find the route decision for a given address. ip route get 2a00:1450:4001:820::200e ip -6 route route -A inet6 (apt-get install net-tools) # equivalent to netstat -rn -A inet6 netstat -A inet6 -rn netstat -r ip -6 route show table 51820 ip -6 neigh ip -6 neigh show proxy # DHCPv6 release / renew dhclient -6 -r ens18 dhclient -6 ens18 # Flush IPv6 neighbors cache ip -family inet6 neigh flush any # Find the route decision for a given address. ip route get 2a00:1450:4001:820::200e # Request a router advertisement (apt-get install -y ndisc6) rdisc6 eth0 # Perform a Neighbor Solicitation (arp IPv4 equivalent) (apt-get install -y ndisc6) ndisc6 2001:db8::42 eth0 # ping multicast address to have all link-local hosts to respond. ping ff02::1%eth0
Good articles about IPv6:
- IPv6 range blocks
- IPv6 unicast, anycast, multicast – well known addresses.
- IPv6 ping from multiple locations.
Bonus section ‘ufw’ firewall
Check status of firewall and enable or disable.
# ufw status
# ufw enable
# ufw disable
View firewall rules and number to delete a specific rule.
# ufw status verbose
# ufw status numbered
Delete a firewall rule (from number of last cmd)
# ufw delete 12
Rules needed to allow IPv6 routing via wireguard to endpoint (no iptables forwarding would be needed on IPv6 as the other peer carries the public IP – they also should implement a firewall before using the below command!)
# ufw route allow in on eth0 out on wghub to 2602:xxx:730b:xxx:cafe::12
IPv4 firewall and routing rule to open Plex Media Server port 32400 and internal IPv4 space of wireguard peer.
# ufw allow in on eth0 out on wghub to 10.100.100.11 port 32400
# ufw route allow in on eth0 out on wghub to 10.100.100.11 port 32400
Add rule and get logs for matches of that rule:
# ufw allow log proto any from any to 192.168.1.x
# tail -f /var/log/ufw.log
Extra bonus iptables NAT forwarding
On VPS (public endpoint) forward IPv4 traffic on tcp/32400 to wireguard peer. (recall IPv6 doesn’t need a rule)
# iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 32400 -j DNAT –to 10.100.100.11:32400
Test your port forwards
For IPv6 I use: