TID: FMail-W32 2.2.0.0
RFC-X-No-Archive: Yes
TZUTC: 0200
CHRS: CP850 2
MSGID: 2:280/5555 642c0344
REPLY: 2.ipv6@1:103/705 288fc8b9
Hello Rob,

On Monday April 03 2023 01:47, you wrote to me:

 RS> So my ISP (Spectrum, aka Comcast Business) enabled IPv6 for me
 RS> recently (after many years of service and unanswered inquiries from me
 RS> about IPv6 support) without any notice or explanation.

Better late than never and late they are. I have had native IPv6 ftom my ISP
since 2016 and I consider that "late" as well. One ISP here in The Netherlands
suppoted IPv6 since 2010 or so...

 RS> I have 5 static IPv4 addresses (a so-called "5 pack"), but I have no
 RS> idea if I also have static IPv6 addresses or what they are.

In IPv6 the correct term is a "static prefix" or "dynamic prefix". I have a
dynamic prefix. Technically speaking. In practise changes are rare. Here ISPs
offer static prefixes on a Business account.

 RS> For my public network interface on my Windows box (vert.synchro.net),
 RS> ipconfig reports:

 RS> Ethernet adapter Internet:

 RS>    Connection-specific DNS Suffix  . :
 RS>    Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network
 RS> Connection #2
 RS>    Physical Address. . . . . . . . . : 00-25-90-85-ED-7D
 RS>    DHCP Enabled. . . . . . . . . . . : No
 RS>    Autoconfiguration Enabled . . . . : Yes
 RS>    IPv6 Address. . . . . . . . . . . :
 RS> 2600:6c88:8c40:5b::f5a(Preferred)
 RS>    Lease Obtained. . . . . . . . . . : Sunday, April 02, 2023 10:35:32
 RS> PM
 RS>    Lease Expires . . . . . . . . . . : Sunday, April 09, 2023 10:35:23
 RS> PM
 RS>    IPv6 Address. . . . . . . . . . . :
 RS> 2600:6c88:8c40:5b:7d15:cb62:16c5:350c(Preferred)
 RS>    Temporary IPv6 Address. . . . . . :
 RS> 2600:6c88:8c40:5b:c89:48b4:f442:1e7b(Deprecated)
 RS>    Temporary IPv6 Address. . . . . . :
 RS> 2600:6c88:8c40:5b:4964:18d3:2b0d:df6d(Preferred)
 RS>    Link-local IPv6 Address . . . . . :
 RS> fe80::9ec:7a2:d500:1bf8%19(Preferred)
 RS>    IPv4 Address. . . . . . . . . . . : 71.95.196.34(Preferred)
 RS>    Subnet Mask . . . . . . . . . . . : 255.255.255.248
 RS>    Default Gateway . . . . . . . . . : fe80::eaad:a6ff:fe58:de1a%19
 RS>                                        71.95.196.33
 RS>    DHCPv6 IAID . . . . . . . . . . . : 67118480
 RS>    DHCPv6 Client DUID. . . . . . . . :
 RS> 00-01-00-01-26-F4-0D-4C-00-25-90-85-ED-7D
 RS>    DNS Servers . . . . . . . . . . . : 2607:f428:ffff:ffff::1
 RS>                                        2607:f428:ffff:ffff::2
 RS>                                        192.168.1.2
 RS>                                        1.1.1.1
 RS>                                        2607:f428:ffff:ffff::1
 RS>                                        2607:f428:ffff:ffff::2
 RS>    NetBIOS over Tcpip. . . . . . . . : Disabled

With IPv6 you do not get a single address or just a handfull as is common
practice with IPv4. You get a block of addreses. For business accounts a /48
is common. I have a /56 on my consumer account.

With IPv6 it is common to assign one or more adresses to each interface in the
LAN. The one that is always there is the so called "link local address". It is
only valid on the local link and can not be routed. It is always assigned,
even when there is no internet connection. It starts with fe80:. It should be
pingable from other devices on the same LAN segment.

Then there are the global unicast addresses that is assigned when there is an
IPv6 router present that is connected to the internet. There should be at
least one. It can either be assigned by SLAAC or DHCP6. In your case it is the
address ending in ::f5a. It is that address that you should advertise in the
DNS when making that system available for running servers.

You also see some temporary adresses. So called privacy addersses. These are
used for making outgoing calls. They can be disabled on the OS level. I have
disabloed them on the system running servers as I find they are just in the
way for that paricular use.

 RS> When I connect out to an Internet site (e.g. whatismyipaddress.com),
 RS> it says I'm connecting from 2600:6c88:8c40:5b:915d:3a98:8ac1:7886, but
 RS> I'm pretty sure that address changes.

I am a bit puzzeld where that comes from. Keep in mind that with IPv6 every
device in your LAN has it own IPv5 address(es). So the result depends on what
machine you use to connect to whatsmyipaddress.com.

 RS> My ISP provided router appears to be a Sagemcom,

I too have a Sagemcom. An F3896LG-ZG to be precise. I am afraid I can't be of
much help as it is a DOCSIS 3.1 modem/router with ISP specific firmware.

 RS> but I don't know much more about it (I use my own wireless access
 RS> points and routers for DHCP/NAT/Firewall for the other devices on my
 RS> internal/private networks).

I am a bit puzzled here. You say you use your own router. Does that mean the
Sagemcom is in bridge mode? Or do you have a router behind router
configuration?

 RS> The ISP router (the Sagemcom) web UI reports that the vert.synchro.net
 RS> system has IPv6 address 2600:6c88:8c40:5b::f5a,

Checks out... So you Sagemcom is not in bridge mode. The Sagemcom acts as a
router and has assigned that addres (via DHCP6) to the Fido Machine.

 RS> but when I attempt to connect to that IPv6 address or the ::7886
 RS> address (or even just ping6 them) from a remote host, I don't have any
 RS> success.

Of course. With IPv6 there is no NAT (or not normally) and so there is also no
port forwarding. Every device has its own public address. But... that does not
mean that it is open to the internet. There is no NAT, but every decent router
has a firewall that blocks any unsollicited incoming packet. To run a server
on that address one has to go through a procedure that is a bit similar to
port forwarding in IPv4. On must instruct the firewall to pass the port for
that particular address. Some router manufactures call it pinholing. Others
call it ... port forwarding... To make it easier to understand for the
customet they say... :(

So, the reason you can not connect from a remote host is because port 24554 is
blocked by the firewall in the router. (as it should by default) It presumably
also blocks Ping.

 RS> Still a bit mysterious to me with so many addresses and so little
 RS> information from the ISP. Any tips are welcome,

Perhaps you should go through some of the many basic training course in IPv6
that are available on the Internet. I find this one a good starting point for
the IPv6 newbie:

https://www.youtube.com/watch?v=PWiERFT27NU&vl=nl

But maybe this one is below you level. In that case you can easely find
something more advanced.


Cheers, Michiel

--- GoldED+/W32-MSVC 1.1.5-b20170303
 * Origin: he.net certified sage (2:280/5555)
SEEN-BY: 1/19 123 15/0 16/0 19/10 37 90/1 104/117 105/81 106/201 123/130
SEEN-BY: 123/131 142/104 153/7715 203/0 218/700 221/0 1 6 360 226/30
SEEN-BY: 227/114 229/110 111 112 113 206 307 317 400 424 426 428 452
SEEN-BY: 229/470 550 664 700 230/0 240/1120 5832 250/1 266/512 280/464
SEEN-BY: 280/5003 5006 5555 282/1038 292/854 301/1 310/31 317/3 320/119
SEEN-BY: 320/219 319 2119 322/0 757 342/200 396/45 423/81 460/58 633/280
SEEN-BY: 712/848 5019/40 5020/545 1042 5053/58
PATH: 280/5555 221/1 320/219 229/426