Difference between revisions of "IPv6 (简体中文)"

From ArchWiki
Jump to: navigation, search
(Page moved.)
(7 intermediate revisions by 2 users not shown)
Line 4: Line 4:
 
[[pt:Disabling IPv6]]
 
[[pt:Disabling IPv6]]
 
[[ru:IPv6]]
 
[[ru:IPv6]]
[[zh-TW:Disabling IPv6]]
+
[[zh-TW:IPv6]]
 
{{Article summary start}}
 
{{Article summary start}}
 
{{Article summary text|This article covers IPv6, and basics of configuring different IPv6 related things like static IP adresses.}}
 
{{Article summary text|This article covers IPv6, and basics of configuring different IPv6 related things like static IP adresses.}}
Line 11: Line 11:
 
{{Article summary end}}
 
{{Article summary end}}
 
{{Translateme (简体中文)}}
 
{{Translateme (简体中文)}}
 +
{{TranslationStatus (简体中文)|IPv6|2012-10-07|225745}}
 
在Arch Linux, IPv6默认是打开的。如果你要找IPv6隧道的资料,可以看 [[IPv6 - Tunnel Broker Setup]].
 
在Arch Linux, IPv6默认是打开的。如果你要找IPv6隧道的资料,可以看 [[IPv6 - Tunnel Broker Setup]].
  
Line 43: Line 44:
  
 
== 静态地址 ==
 
== 静态地址 ==
 +
Sometime using static address can improve security. For example, if your local router uses Neighbor Discovery or radvd ([http://www.apps.ietf.org/rfc/rfc2461.html RFC 2461]), your interface will automatically be assigned an address based its MAC address (using IPv6's Stateless Autoconfiguration).  This may be less than ideal for security since it allows a system to be tracked even if the network portion of the IP address changes.
  
 
To assign a static address (for example {{ic|2001:470:1000:1000::5/64}}):
 
To assign a static address (for example {{ic|2001:470:1000:1000::5/64}}):
Line 77: Line 79:
 
许多人并不需要这个特性,屏蔽它可以增加性能(许多程序会首先查询IPv6地址,不管你是否有IPv6连接)。
 
许多人并不需要这个特性,屏蔽它可以增加性能(许多程序会首先查询IPv6地址,不管你是否有IPv6连接)。
  
==禁用功能==
+
== 禁用 IPv6 ==
 +
{{Note|1=The Arch kernel has IPv6 support built in directly [https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/linux&id=3aa460e18eac7002bc013949dd401b16f16120b5], therefore a module cannot be blacklisted.}}
  
添加{{ic|1=ipv6.disable=1}}到你的启动加载器的内核行中。
+
=== Disable functionality ===
 +
Adding {{ic|1=ipv6.disable=1}} to the [[kernel line]] disables the whole IPv6 stack, which is likely what you want if you are experiencing issues.  See [[Kernel parameters]] for more information.
  
另外你可以通过sysctl禁用IPv6,添加下面的内容到 {{ic|/etc/sysctl.conf}}:
+
Alternatively, adding {{ic|1=ipv6.disable_ipv6=1}} instead will keep the IPv6 stack functional but will not assign IPv6 addresses to any of your network devices.
{{bc|<nowiki># Disable IPv6
+
 
net.ipv6.conf.all.disable_ipv6 = 1</nowiki>}}
+
One can also avoid assigning IPv6 addresses to specific network interfaces by adding the following sysctl config to {{ic|/etc/sysctl.d/ipv6.conf}}:
 +
{{bc|<nowiki>
 +
# Disable IPv6
 +
net.ipv6.conf.all.disable_ipv6 = 1
 +
net.ipv6.conf.<interface0>.disable_ipv6 = 1
 +
...
 +
net.ipv6.conf.<interfaceN>.disable_ipv6 = 1
 +
</nowiki>}}
 +
Note that you must list all of the targeted interfaces explicitly, as disabling "all" does not apply to interfaces that are already "up" when sysctl settings are applied.
  
 
=== Other programs ===
 
=== Other programs ===
Disabling ipv6 functionality in the kernel does not prevent other programs from trying to use ipv6. In most cases, this is completely harmless, but if you find yourself having issues with that program, you should consult the program's manpages for a way to disable that functionality.
+
Disabling IPv6 functionality in the kernel does not prevent other programs from trying to use IPv6. In most cases, this is completely harmless, but if you find yourself having issues with that program, you should consult the program's manpages for a way to disable that functionality.
  
For instance, dhcpcd will continue to harmlessly attempt to perform ipv6 router solicitation. To disable this, as stated in the dhcpcd.conf manpage, add the following to {{ic|/etc/dhcpcd.conf}}:
+
For instance, dhcpcd will continue to harmlessly attempt to perform IPv6 router solicitation. To disable this, as stated in the dhcpcd.conf manpage, add the following to {{ic|/etc/dhcpcd.conf}}:
 
  noipv6rs
 
  noipv6rs
  
 
==附加资源==
 
==附加资源==
 
*[http://www.kernel.org/doc/Documentation/networking/ipv6.txt ipv6] - kernel.org 文档库
 
*[http://www.kernel.org/doc/Documentation/networking/ipv6.txt ipv6] - kernel.org 文档库

Revision as of 02:28, 12 November 2012

Summary help replacing me
This article covers IPv6, and basics of configuring different IPv6 related things like static IP adresses.
Related
IPv6 - Tunnel Broker Setup

Tango-preferences-desktop-locale.png本页面需要更新翻译,内容可能已经与英文脱节。要贡献翻译,请访问简体中文翻译组Tango-preferences-desktop-locale.png

附注: please use the first argument of the template to provide more detailed indications.
翻译状态: 本文是英文页面 IPv6翻译,最后翻译时间:2012-10-07,点击这里可以查看翻译后英文页面的改动。

在Arch Linux, IPv6默认是打开的。如果你要找IPv6隧道的资料,可以看 IPv6 - Tunnel Broker Setup.

Privacy Extensions

To enable Privacy Extensions for Stateless Address Autoconfiguration in IPv6 according to RFC 4941, reproduce the following steps:

Add these lines to /etc/sysctl.conf:

# Enable IPv6 Privacy Extensions
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.<nic0>.use_tempaddr = 2
...
net.ipv6.conf.<nicN>.use_tempaddr = 2

Where <nic0> to <nicN> are your nic's (the "all" or "default" parameters do not apply to nic's that already exist when the sysctl settings are applied).

After a reboot, at the latest, Privacy Extensions should be enabled.

Neighbor Discovery

Pinging the multicast address ff02::1 results in all hosts in link-local scope responding. An interface has to be specified. With a ping to the multicast address ff02::2 only routers will respond.

$ ping6 ff02::1%eth0

If you add an option -I <your-global-ipv6>, link-local hosts will respond with their link-global scope addresses. The interface can be omitted in this case.

$ ping6 -I 2001:4f8:fff6::21 ff02::1

静态地址

Sometime using static address can improve security. For example, if your local router uses Neighbor Discovery or radvd (RFC 2461), your interface will automatically be assigned an address based its MAC address (using IPv6's Stateless Autoconfiguration). This may be less than ideal for security since it allows a system to be tracked even if the network portion of the IP address changes.

To assign a static address (for example 2001:470:1000:1000::5/64):

Add your static IP using netcfg. You can load them at startup by specifying your netcfg profiles in the NETWORKS section of /etc/rc.conf:

/etc/network.d/eth0

CONNECTION='ethernet'
DESCRIPTION='ipv6+ipv4 eth0'
INTERFACE='eth0'

IP=static
ADDR=192.168.1.5
NETMASK=24
ROUTES=
GATEWAY=192.168.1.1

IP6=static
ADDR6=(2001:470:1000:1000::5/64)
GATEWAY6=2001:470:1000:1000::1

/etc/rc.conf

NETWORKS=(eth0)

Finally DAEMONS section should contain "net-profiles" instead of the deprecated "network". See Netcfg for more information.

禁用 IPv6

禁用 IPv6 据称可以加速网络访问速度,因为在不支持 IPv6 的网络上程序也会试图使用它来访问。另外说一句, Firefox 也在受影响的程序列表中。在 IPv6 广泛采用之前,我们可以通过禁用它受益。

许多人并不需要这个特性,屏蔽它可以增加性能(许多程序会首先查询IPv6地址,不管你是否有IPv6连接)。

禁用 IPv6

Note: The Arch kernel has IPv6 support built in directly [1], therefore a module cannot be blacklisted.

Disable functionality

Adding ipv6.disable=1 to the kernel line disables the whole IPv6 stack, which is likely what you want if you are experiencing issues. See Kernel parameters for more information.

Alternatively, adding ipv6.disable_ipv6=1 instead will keep the IPv6 stack functional but will not assign IPv6 addresses to any of your network devices.

One can also avoid assigning IPv6 addresses to specific network interfaces by adding the following sysctl config to /etc/sysctl.d/ipv6.conf:

# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.<interface0>.disable_ipv6 = 1
...
net.ipv6.conf.<interfaceN>.disable_ipv6 = 1

Note that you must list all of the targeted interfaces explicitly, as disabling "all" does not apply to interfaces that are already "up" when sysctl settings are applied.

Other programs

Disabling IPv6 functionality in the kernel does not prevent other programs from trying to use IPv6. In most cases, this is completely harmless, but if you find yourself having issues with that program, you should consult the program's manpages for a way to disable that functionality.

For instance, dhcpcd will continue to harmlessly attempt to perform IPv6 router solicitation. To disable this, as stated in the dhcpcd.conf manpage, add the following to /etc/dhcpcd.conf:

noipv6rs

附加资源

  • ipv6 - kernel.org 文档库