From owner-freebsd-stable Wed Jul 24 2:54:37 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 238E937B400 for ; Wed, 24 Jul 2002 02:54:35 -0700 (PDT) Received: from dastardly.newsbastards.org.72.27.172.IN-addr.ARPA.NetScum.dyndns.dk (dclient217-162-144-23.hispeed.ch [217.162.144.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7280D43E67 for ; Wed, 24 Jul 2002 02:54:33 -0700 (PDT) (envelope-from bounce@netscum.dyndns.dk) Received: from MAIL.NetScum.DynDNS.dK (ipv6.NetScum.dyndns.dk [2002:d9a2:9017:0:200:c0ff:fefc:19aa]) by dastardly.newsbastards.org.72.27.172.IN-addr.ARPA.NetScum.dyndns.dk (8.11.6/8.11.6-SPAMMERS-DeLiGHt) with ESMTP id g6O9sNi21235 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified NO) for ; Wed, 24 Jul 2002 11:54:26 +0200 (CEST) (envelope-from bounce@netscum.dyndns.dk) Received: (from root@localhost) by MAIL.NetScum.DynDNS.dK (8.11.6/SMI-4.1-R00T0WNED) id g6O9sN921234; Wed, 24 Jul 2002 11:54:23 +0200 (CEST) (envelope-from bounce@netscum.dyndns.dk) Date: Wed, 24 Jul 2002 11:54:23 +0200 (CEST) Message-Id: <200207240954.g6O9sN921234@MAIL.NetScum.DynDNS.dK> From: BOUWSMA Beery Organization: Men not wearing any pants that dont shave To: FreeBSD Stable Subject: Re: 6to4 default In-Reply-To: References: X-Hacked: via telnet to your port 25, what else? X-Internet-Access-Provided-By: CABAL MODEM (all hail CABAL) X-NetScum: Yes X-One-And-Only-Real-True-Fluffy: No Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [IPv6-only address above; strip the obvious for IPv4-only mail] > randy> why is > randy> ipv6_ipv4mapping="YES" # Set to "NO" to disable IPv4 mapped IPv6 addr > randy> # communication. (like ::ffff:a.b.c.d) > randy> in /etc/defaults/rc.conf > I don't understand your question. In anyway, I have a plan to change > the default to NO for 5-CURRENT before 5.0-RELEASE is out. But, I > have no plan for 4-STABLE due to avoid POLA violation. I agree that the default for this should be `NO' (at least in -current), just as it is in the NetBSD-current I've been using. There are some POLA issues with it set to `YES' -- such as, what are intended to be tcp6-only services can be accessed via IPv4 from everywhere, and filtering via IPv4 gets b0rken when the incoming connection is translated to ::ffff:a.b.c.d -- at least, that was my experience. In other words, you get tcp46 services and no way to access a service with IPv6-only. Of course, there are other POLA issues with setting this to `NO' as well -- I experienced that the `apache2' port would then only listen to IPv6 by default, which was confirmed in a NetBSD gnats bug report from Jason Thorpe that doesn't appear to have a resolution. (My solution was to explicitly listen to `0.0.0.0:80' as well as the default `80' in the config file, which seems to do the job) thanks barry bouwsma To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message