You are not logged in.
The title might be misleading because I don't know which part is to blame for my issues.
I am trying to connect to other computers on my LAN utilizing IPv6 and "static" addresses (I don't know if I'm using the correct terms) for each device. I have ufw (firewall) setup with the default "deny all incoming" settings. Then I manually allow certain addresses. So far this has worked fine with IPv4 by allowing all computers from the subnet (I don't know if this is the correct word) by doing:
ufw allow from 192.168.1.0/24Now I wanted to utilize IPv6 to connect to the devices. I am using Network Manager to manage the connection. The connection info says that I have multiple IPv6 addresses. I assume it's because of the settings in Network Manager:
Method: automatic
IPv6 Privacy Extensions: Enabled (prefer temporary address)
IPv6 address generation mode: Stable privacyI have then added a rule in my firewall to allow from one of those addresses (the one which is persistent across reboots) and I can't reach the computer (for example with ssh). Looking at firewall logs I can see that ssh is using a different IPv6 address (the one that changes across reboots) while trying to connect to the computer.
Does anyone know what I'm doing wrong or where the problem lies with my approach? I want to have one "static" IPv6 for the devices in my network while utilizing some of those "privacy" settings with Network Manager/IPv6 in general (the one address that's randomized and used "for other things"). I have a feeling that I'm not understanding the multiple addresses correctly though.Would disabling those options and having "just" 1 address be the most sane solution to what I want to accomplish?
Basically, I want to have unique IPv6 addresses in my local network and to allow all IPv6 traffic in my LAN.
EDIT: following rsmarpel's advice, I disabled the temporary addresses and stuck to using a stable one. Now it works, but I am still in need of researching the implications of not utilizing the temporary "privacy" addresses.
Last edited by justasug (2019-09-08 09:21:22)
Offline
At a guess it's because your preferring temporary addresses over the stable private one. Maybe prefer the stable one or disable temporary addresses?
Offline