IPv6 and IPv4 - how to shut off IPv6?

Ben Scott dragonhawk at gmail.com
Sun Apr 1 21:44:42 EDT 2007 

On 4/1/07, Bruce Labitt <bruce.labitt at verizon.net> wrote:
>> You might want to look at netstat -an ...
>
> Wow!  that was a ton of data!

  Yah, by default, that shows a lot of local inter-process
connections, too.  Try these variants:

	netstat -nt    # show active TCP sockets
	netstat -ntl   # show listening TCP sockets
	netstat -nua   # show all UDP sockets

  (You don't need to type the comments (the "#" character onwards) if
that isn't obviously.)

  You can also add "-p" to the options list to show which
process/program is associated with each connection, but you need to be
"root" for that to be effective.

  You can also pipe the whole thing through "less -S" to be able to
view it easier.  For example:

	netstat -ntuap | less -S

> My router has two DNS entries in it.  They change from time to time.  I
> could put them in the file.

  What happens when you try the "host" and "ping" diagnostics
mentioned earlier?  Those should help us narrow down *where* the
slowdown is.

>> I'm assuming you have some kind of firewall between you and your
>> interent connection (DSL line, cable modem, etc.).  In which case, you
>> yank the power, count to 20, put the power back in.
> >
> There is a router, I can power it down...

  That's the way to do it.  You'd be amazed at how often that fixes
problems.  :)

> Also there is some sort of firewall running on the box.

  As root, you can temporarily disable the local firewall with:

	service iptables stop

  To turn it back on, do:

	service iptables start

  As a best practice, it isn't recommended to run without a firewall,
even if you have a dedicated firewall in your router, but for
troubleshooting, that may shed some light on things.

> As well as SELINUX in permissive mode.

  "permissive" means "complain in the log, but don't prevent", so that
should rule out SELinux as the culprit.

>> You should also make sure you don't have iptables running and blocking
>> anything.
>
> How do I check that?  OK, I got it.  The only reject is at the end of
> the list:

  You can also use

	iptables --list --numeric --verbose | less -S

to see counts (in packets and bytes) of how many times each rule has
been matched.

-- Ben

More information about the gnhlug-discuss mailing list