TID: FMail-W32 2.2.0.0   
   RFC-X-No-Archive: Yes   
   TZUTC: 0200   
   CHRS: CP850 2   
   MSGID: 2:280/5555 642c0344   
   REPLY: 2.ipv6@1:103/705 288fc8b9   
   Hello Rob,   
      
   On Monday April 03 2023 01:47, you wrote to me:   
      
    RS> So my ISP (Spectrum, aka Comcast Business) enabled IPv6 for me   
    RS> recently (after many years of service and unanswered inquiries from me   
    RS> about IPv6 support) without any notice or explanation.   
      
   Better late than never and late they are. I have had native IPv6 ftom my ISP   
   since 2016 and I consider that "late" as well. One ISP here in The Netherlands   
   suppoted IPv6 since 2010 or so...   
      
    RS> I have 5 static IPv4 addresses (a so-called "5 pack"), but I have no   
    RS> idea if I also have static IPv6 addresses or what they are.   
      
   In IPv6 the correct term is a "static prefix" or "dynamic prefix". I have a   
   dynamic prefix. Technically speaking. In practise changes are rare. Here ISPs   
   offer static prefixes on a Business account.   
      
    RS> For my public network interface on my Windows box (vert.synchro.net),   
    RS> ipconfig reports:   
      
    RS> Ethernet adapter Internet:   
      
    RS>    Connection-specific DNS Suffix  . :   
    RS>    Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network   
    RS> Connection #2   
    RS>    Physical Address. . . . . . . . . : 00-25-90-85-ED-7D   
    RS>    DHCP Enabled. . . . . . . . . . . : No   
    RS>    Autoconfiguration Enabled . . . . : Yes   
    RS>    IPv6 Address. . . . . . . . . . . :   
    RS> 2600:6c88:8c40:5b::f5a(Preferred)   
    RS>    Lease Obtained. . . . . . . . . . : Sunday, April 02, 2023 10:35:32   
    RS> PM   
    RS>    Lease Expires . . . . . . . . . . : Sunday, April 09, 2023 10:35:23   
    RS> PM   
    RS>    IPv6 Address. . . . . . . . . . . :   
    RS> 2600:6c88:8c40:5b:7d15:cb62:16c5:350c(Preferred)   
    RS>    Temporary IPv6 Address. . . . . . :   
    RS> 2600:6c88:8c40:5b:c89:48b4:f442:1e7b(Deprecated)   
    RS>    Temporary IPv6 Address. . . . . . :   
    RS> 2600:6c88:8c40:5b:4964:18d3:2b0d:df6d(Preferred)   
    RS>    Link-local IPv6 Address . . . . . :   
    RS> fe80::9ec:7a2:d500:1bf8%19(Preferred)   
    RS>    IPv4 Address. . . . . . . . . . . : 71.95.196.34(Preferred)   
    RS>    Subnet Mask . . . . . . . . . . . : 255.255.255.248   
    RS>    Default Gateway . . . . . . . . . : fe80::eaad:a6ff:fe58:de1a%19   
    RS>                                        71.95.196.33   
    RS>    DHCPv6 IAID . . . . . . . . . . . : 67118480   
    RS>    DHCPv6 Client DUID. . . . . . . . :   
    RS> 00-01-00-01-26-F4-0D-4C-00-25-90-85-ED-7D   
    RS>    DNS Servers . . . . . . . . . . . : 2607:f428:ffff:ffff::1   
    RS>                                        2607:f428:ffff:ffff::2   
    RS>                                        192.168.1.2   
    RS>                                        1.1.1.1   
    RS>                                        2607:f428:ffff:ffff::1   
    RS>                                        2607:f428:ffff:ffff::2   
    RS>    NetBIOS over Tcpip. . . . . . . . : Disabled   
      
   With IPv6 you do not get a single address or just a handfull as is common   
   practice with IPv4. You get a block of addreses. For business accounts a /48   
   is common. I have a /56 on my consumer account.   
      
   With IPv6 it is common to assign one or more adresses to each interface in the   
   LAN. The one that is always there is the so called "link local address". It is   
   only valid on the local link and can not be routed. It is always assigned,   
   even when there is no internet connection. It starts with fe80:. It should be   
   pingable from other devices on the same LAN segment.   
      
   Then there are the global unicast addresses that is assigned when there is an   
   IPv6 router present that is connected to the internet. There should be at   
   least one. It can either be assigned by SLAAC or DHCP6. In your case it is the   
   address ending in ::f5a. It is that address that you should advertise in the   
   DNS when making that system available for running servers.   
      
   You also see some temporary adresses. So called privacy addersses. These are   
   used for making outgoing calls. They can be disabled on the OS level. I have   
   disabloed them on the system running servers as I find they are just in the   
   way for that paricular use.   
      
    RS> When I connect out to an Internet site (e.g. whatismyipaddress.com),   
    RS> it says I'm connecting from 2600:6c88:8c40:5b:915d:3a98:8ac1:7886, but   
    RS> I'm pretty sure that address changes.   
      
   I am a bit puzzeld where that comes from. Keep in mind that with IPv6 every   
   device in your LAN has it own IPv5 address(es). So the result depends on what   
   machine you use to connect to whatsmyipaddress.com.   
      
    RS> My ISP provided router appears to be a Sagemcom,   
      
   I too have a Sagemcom. An F3896LG-ZG to be precise. I am afraid I can't be of   
   much help as it is a DOCSIS 3.1 modem/router with ISP specific firmware.   
      
    RS> but I don't know much more about it (I use my own wireless access   
    RS> points and routers for DHCP/NAT/Firewall for the other devices on my   
    RS> internal/private networks).   
      
   I am a bit puzzled here. You say you use your own router. Does that mean the   
   Sagemcom is in bridge mode? Or do you have a router behind router   
   configuration?   
      
    RS> The ISP router (the Sagemcom) web UI reports that the vert.synchro.net   
    RS> system has IPv6 address 2600:6c88:8c40:5b::f5a,   
      
   Checks out... So you Sagemcom is not in bridge mode. The Sagemcom acts as a   
   router and has assigned that addres (via DHCP6) to the Fido Machine.   
      
    RS> but when I attempt to connect to that IPv6 address or the ::7886   
    RS> address (or even just ping6 them) from a remote host, I don't have any   
    RS> success.   
      
   Of course. With IPv6 there is no NAT (or not normally) and so there is also no   
   port forwarding. Every device has its own public address. But... that does not   
   mean that it is open to the internet. There is no NAT, but every decent router   
   has a firewall that blocks any unsollicited incoming packet. To run a server   
   on that address one has to go through a procedure that is a bit similar to   
   port forwarding in IPv4. On must instruct the firewall to pass the port for   
   that particular address. Some router manufactures call it pinholing. Others   
   call it ... port forwarding... To make it easier to understand for the   
   customet they say... :(   
      
   So, the reason you can not connect from a remote host is because port 24554 is   
   blocked by the firewall in the router. (as it should by default) It presumably   
   also blocks Ping.   
      
    RS> Still a bit mysterious to me with so many addresses and so little   
    RS> information from the ISP. Any tips are welcome,   
      
   Perhaps you should go through some of the many basic training course in IPv6   
   that are available on the Internet. I find this one a good starting point for   
   the IPv6 newbie:   
      
   https://www.youtube.com/watch?v=PWiERFT27NU&vl=nl   
      
   But maybe this one is below you level. In that case you can easely find   
   something more advanced.   
      
      
   Cheers, Michiel   
      
   --- GoldED+/W32-MSVC 1.1.5-b20170303   
    * Origin: he.net certified sage (2:280/5555)   
   SEEN-BY: 1/19 123 15/0 16/0 19/10 37 90/1 104/117 105/81 106/201 123/130   
   SEEN-BY: 123/131 142/104 153/7715 203/0 218/700 221/0 1 6 360 226/30   
   SEEN-BY: 227/114 229/110 111 112 113 206 307 317 400 424 426 428 452   
   SEEN-BY: 229/470 550 664 700 230/0 240/1120 5832 250/1 266/512 280/464   
   SEEN-BY: 280/5003 5006 5555 282/1038 292/854 301/1 310/31 317/3 320/119   
   SEEN-BY: 320/219 319 2119 322/0 757 342/200 396/45 423/81 460/58 633/280   
   SEEN-BY: 712/848 5019/40 5020/545 1042 5053/58   
   PATH: 280/5555 221/1 320/219 229/426