SUCCESS (Re: Anyone succeeded in setting up anonymous IPv6 connectivity in Debian Etch?)
On Sun, 2008-11-09 at 07:56 +0200, Noam Rathaus wrote: > Hi Omer, > > So now it works? :) YES, IT WORKS NOW! > On Sunday 09 November 2008 01:04:10 Omer Zak wrote: > > > > > 1) Your firewall is blocking > > > > This turned out to have been the case. > > The following iptables commands fixed the problem > > (where: IPTABLES="/sbin/iptables" > > INET_IFACE="ppp+"): > > > > $IPTABLES -A INPUT -p 41 -i $INET_IFACE -j ACCEPT > > $IPTABLES -A OUTPUT -p 41 -o $INET_IFACE -j ACCEPT --- Omer = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Anyone succeeded in setting up anonymous IPv6 connectivity in Debian Etch?
Hi Omer, So now it works? :) On Sunday 09 November 2008 01:04:10 Omer Zak wrote: > Hello Noam, > I may not have clarified myself. > Basically, when I set wireshark to listen to sit1, it captures my > ping6's Echo Request packets - but no replies. > > I also found that there are no ppp0 or eth1 traffic corresponding to the > ping6-created sit1 traffic (my PC has two Ethernet cards, and eth1 is > the one which is connected to the ADSL modem; I use pptp and it creates > the network device ppp0; in other words, any IPv6 traffic is supposed to > pass through sit1->ppp0->eth1 and back). > > I did see ppp0 traffic when tspc creates a tunnel, and it indicates > success in connecting to anon.freenet6.net (the IPv6 tunnel broker which > I use, as it supports anonymous logins). > > After reading the "2008-08-25 - Configuring IPv6 using AARNet's free > broker" article at http://www.nick-andrew.net/ I found that my iptables > firewall blocked protocol 41 packets in both input and output. > > On Sat, 2008-11-08 at 22:11 +0200, Noam Rathaus wrote: > > > When I try to ping6 ipv6.google.com, I get no response. According to > > > wireshark, ICMPv6 echo requests are sent, but there are no echo > > > replies. I tried all 4 values of -I parameter of ping6: > > > sit0,sit1 - no response. > > > sit,tun - unknown iface. > > > > You shouldn't see any ICMPv6 traffic! TSPC tunnels everything via > > IPv4/IPv4UDP, so no ICMPv6 should be visible. > > See my comment above. > > > > I tried to ping6 both ipv6.google.com and 2001:4860:0:1001::68 (with -I > > > both sit0 and sit1) - no response. > > > > > > > So I see two options: > > > > 1) Your firewall is blocking > > This turned out to have been the case. > The following iptables commands fixed the problem > (where: IPTABLES="/sbin/iptables" > INET_IFACE="ppp+"): > > $IPTABLES -A INPUT -p 41 -i $INET_IFACE -j ACCEPT > $IPTABLES -A OUTPUT -p 41 -o $INET_IFACE -j ACCEPT > > --- Omer -- Noam Rathaus CTO [EMAIL PROTECTED] http://www.beyondsecurity.com "Know that you are safe." Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Anyone succeeded in setting up anonymous IPv6 connectivity in Debian Etch?
Hello Noam, I may not have clarified myself. Basically, when I set wireshark to listen to sit1, it captures my ping6's Echo Request packets - but no replies. I also found that there are no ppp0 or eth1 traffic corresponding to the ping6-created sit1 traffic (my PC has two Ethernet cards, and eth1 is the one which is connected to the ADSL modem; I use pptp and it creates the network device ppp0; in other words, any IPv6 traffic is supposed to pass through sit1->ppp0->eth1 and back). I did see ppp0 traffic when tspc creates a tunnel, and it indicates success in connecting to anon.freenet6.net (the IPv6 tunnel broker which I use, as it supports anonymous logins). After reading the "2008-08-25 - Configuring IPv6 using AARNet's free broker" article at http://www.nick-andrew.net/ I found that my iptables firewall blocked protocol 41 packets in both input and output. On Sat, 2008-11-08 at 22:11 +0200, Noam Rathaus wrote: > > When I try to ping6 ipv6.google.com, I get no response. According to > > wireshark, ICMPv6 echo requests are sent, but there are no echo replies. > > I tried all 4 values of -I parameter of ping6: > > sit0,sit1 - no response. > > sit,tun - unknown iface. > > > > You shouldn't see any ICMPv6 traffic! TSPC tunnels everything via > IPv4/IPv4UDP, so no ICMPv6 should be visible. See my comment above. > > I tried to ping6 both ipv6.google.com and 2001:4860:0:1001::68 (with -I > > both sit0 and sit1) - no response. > > > > > So I see two options: > > > 1) Your firewall is blocking This turned out to have been the case. The following iptables commands fixed the problem (where: IPTABLES="/sbin/iptables" INET_IFACE="ppp+"): $IPTABLES -A INPUT -p 41 -i $INET_IFACE -j ACCEPT $IPTABLES -A OUTPUT -p 41 -o $INET_IFACE -j ACCEPT --- Omer -- Did you shave a yak today? My own blog is at http://www.zak.co.il/tddpirate/ My opinions, as expressed in this E-mail message, are mine alone. They do not represent the official policy of any organization with which I may be affiliated in any way. WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: distro with ntfs built in the kernel
On Sat, Nov 8, 2008 at 9:09 PM, Tzafrir Cohen <[EMAIL PROTECTED]> wrote: > On Sat, Nov 08, 2008 at 07:41:32PM +0200, sara fink wrote: > > On Sat, Nov 8, 2008 at 12:55 PM, Tzafrir Cohen <[EMAIL PROTECTED] > >wrote: > > > > > On Fri, Nov 07, 2008 at 11:58:48PM +0200, sara fink wrote: > > > > I want to boot a livecd, and use dd to create image of asus eee 901 > which > > > > has 2 partitions of ntfs (in total 12gb). > > > > > > Why would that require ntfs support? > > > > > > The laptop came with windows xp home. I want to backup all the stuff > > (drivers specific to this asus eee) before I connect the laptop to the > > internet. > > The partitions are ntfs and the backup hd is also ntfs. > > I tried some livecd distributions and they didnt come with ntfs support. > > > > > > > > > > > > > And even if you did want to mount that partition, you could easily > > > include the ntfs module in the initrd. On a Debian system you can force > > > including a module in the initrd by adding it to > > > /etc/initramfs-tools/modules . > > > > > > But this is if I install the distribution? I just want to boot from > livecd, > > dd to iso and burn the iso. Will install first of all, a normal windows > > system and after windows will finish the duties, will wipe it and install > > linux. > > dd does not require ntfs drivers in the kernel. It is just a simple > image of the partition. I tried yesterday with a distribution that didn't have ntfs enabled in the kernel not as module or built in, and the external hd (ntfs) that I wanted for backup, wasn't recognized. > > > And even if you did want to mount them, modular NTFS support would have > been fine, as you only need to read from the partition after the system > has booted. what do u mean by modular? > > > -- > Tzafrir Cohen | [EMAIL PROTECTED] | VIM is > http://tzafrir.org.il || a Mutt's > [EMAIL PROTECTED] || best > ICQ# 16849754 || friend > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > >
Re: Anyone succeeded in setting up anonymous IPv6 connectivity in Debian Etch?
Hi Omer, On Saturday 08 November 2008 11:13:34 Omer Zak wrote: > Hello Noam, > Thanks for your answer. I still need more help. > > On Sat, 2008-11-08 at 10:09 +0200, Noam Rathaus wrote: > > I have been able to do it using: > > apt-get install tspc > > I installed it, too. > > > verify tun works: > > ifconfig tun > > I do not have tun, but I have sit0 and sit1. > Should tun exist as well? > If yes, how do I find why wasn't it set up as well? I have no idea who made it, my guess is it either came from tspc or openvpn With openvpn I used, but in this case, I didn't do it, so I guess its either a leftover or was done when I installed: openvpn --mktun --dev tun > > According to lsmod, the following modules are loaded: > - tun Here as well > - sit Not here > - tunnel4 (used by sit) Nope > - ipv6 (used by sit) Yep > > Am I missing anything? > > > and ping: > > ipv6.google.com > > PING ipv6.google.com(2001:4860:0:1001::68) 56 data bytes > > 64 bytes from 2001:4860:0:1001::68: icmp_seq=1 ttl=52 time=305 ms > > 64 bytes from 2001:4860:0:1001::68: icmp_seq=3 ttl=52 time=494 ms > > 64 bytes from 2001:4860:0:1001::68: icmp_seq=4 ttl=52 time=505 ms > > ^C > > --- ipv6.google.com ping statistics --- > > 5 packets transmitted, 3 received, 40% packet loss, time 4013ms > > rtt min/avg/max/mdev = 305.720/435.197/505.567/91.669 ms > > When I try to ping6 ipv6.google.com, I get no response. According to > wireshark, ICMPv6 echo requests are sent, but there are no echo replies. > I tried all 4 values of -I parameter of ping6: > sit0,sit1 - no response. > sit,tun - unknown iface. > You shouldn't see any ICMPv6 traffic! TSPC tunnels everything via IPv4/IPv4UDP, so no ICMPv6 should be visible. > I tried to ping6 both ipv6.google.com and 2001:4860:0:1001::68 (with -I > both sit0 and sit1) - no response. > > > So I see two options: > > 1) Your firewall is blocking > > 2) Your NAT hinders it > > How to check for those possibilities? My guess is that something isn't properly configured, as wireshark didn't show any traffic on the TSPC port. > > > Try to play with tunnel_mode=v6anyv4 > > and if_tunnel_v6v4=sit1, if_tunnel_v6udpv4=tun > > My /etc/tsp/tspc.conf already has those settings. > > > You can use ethereal (wireshark) to see the data being sent on port 3653 > > - as well as the channel being built. > > According to wireshark, the channel does get set up. > I suspect something is strange in the output of route -6. How should it > look like? > My route -6 output looks like this (certain information was censored by > replacing it by asterisks): > 2001:5c0:8fff::8000:0::/128 :: > U 25600 sit1 > 2001:5c0:8fff::8000:1::/128 > 2001:5c0:8fff::8000:1:: UC0 80 sit1 > 2000::/3:: > U 1 00 sit1 > fe80::/64 :: > U 25600 eth0 > fe80::/64 :: > U 25600 eth1 > fe80::/64 :: > U 25600 sit1 > > ::1/128 :: > > U 0 78 1 lo > 2001:5c0:8fff::8000:0::/128 :: > U 0 01 lo > fe80::/128 :: > U 0 02 lo > fe80::/128 :: > U 0 02 lo > fe80::/128 :: > U 0 02 lo > fe80:::/128 :: > U 0 01 lo > fe80:::/128 :: > U 0 01 lo > fe80:::/128 :: > U 0 01 lo > fe80::211:2fff::/128:: > U 0 71 lo > fe80::2c0:cff::/128 :: > U 0 01 lo > ff00::/8:: > U 25600 eth0 > ff00::/8:: > U 25600 eth1 > ff00::/8:: > U 25600 sit1 > > Thanks, > > --- Omer [EMAIL PROTECTED]:~# route -6 Kernel IPv6 routing table DestinationNext Hop Flag Met Ref Use If 2001:5c0:8fff:::eb/128 :: U256 0 0 tun 2000::/3 :: U1 0 0 tun fe80::/64 :: U256 0 0 eth0 fe80::/64 :: U256 0 0 tun ::/0 :: !n -1 1 2 lo ::1/128:: Un 0 1 4 lo 2001:5c0:8fff:::eb/128 :: Un 0 1 1 lo fe80::211:11ff:fe55:bf01/128 :: Un 0 1 0 lo ff00::/8
Re: distro with ntfs built in the kernel
sara fink wrote: Hello everyone I am looking for a livecd of any distro which has built in or as module ntfs in the kernel. If someone knows of such a distro, I will be glad to hear. Technically - none of them. NTFS support is only reliably done with "ntfs-3g". That is a user-space file system support (through FUSE). Shachar = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: distro with ntfs built in the kernel
On Sat, Nov 08, 2008 at 07:41:32PM +0200, sara fink wrote: > On Sat, Nov 8, 2008 at 12:55 PM, Tzafrir Cohen <[EMAIL PROTECTED]>wrote: > > > On Fri, Nov 07, 2008 at 11:58:48PM +0200, sara fink wrote: > > > I want to boot a livecd, and use dd to create image of asus eee 901 which > > > has 2 partitions of ntfs (in total 12gb). > > > > Why would that require ntfs support? > > > The laptop came with windows xp home. I want to backup all the stuff > (drivers specific to this asus eee) before I connect the laptop to the > internet. > The partitions are ntfs and the backup hd is also ntfs. > I tried some livecd distributions and they didnt come with ntfs support. > > > > > > > > And even if you did want to mount that partition, you could easily > > include the ntfs module in the initrd. On a Debian system you can force > > including a module in the initrd by adding it to > > /etc/initramfs-tools/modules . > > > But this is if I install the distribution? I just want to boot from livecd, > dd to iso and burn the iso. Will install first of all, a normal windows > system and after windows will finish the duties, will wipe it and install > linux. dd does not require ntfs drivers in the kernel. It is just a simple image of the partition. And even if you did want to mount them, modular NTFS support would have been fine, as you only need to read from the partition after the system has booted. -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il || a Mutt's [EMAIL PROTECTED] || best ICQ# 16849754 || friend = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: distro with ntfs built in the kernel
On Sat, Nov 8, 2008 at 12:55 PM, Tzafrir Cohen <[EMAIL PROTECTED]>wrote: > On Fri, Nov 07, 2008 at 11:58:48PM +0200, sara fink wrote: > > I want to boot a livecd, and use dd to create image of asus eee 901 which > > has 2 partitions of ntfs (in total 12gb). > > Why would that require ntfs support? The laptop came with windows xp home. I want to backup all the stuff (drivers specific to this asus eee) before I connect the laptop to the internet. The partitions are ntfs and the backup hd is also ntfs. I tried some livecd distributions and they didnt come with ntfs support. > > > And even if you did want to mount that partition, you could easily > include the ntfs module in the initrd. On a Debian system you can force > including a module in the initrd by adding it to > /etc/initramfs-tools/modules . But this is if I install the distribution? I just want to boot from livecd, dd to iso and burn the iso. Will install first of all, a normal windows system and after windows will finish the duties, will wipe it and install linux. > > > Slightly more efficiant (and maybe more portable) than dd would be to > use partimage. Partimage backs up only the blocks from a partition that > contain useful information. partimage 0.6.7 which I have on my system > (Debian Lenny) lists NTFS partition support as "experimental" in its > README. I want to backup everything. Maybe I will find surprises after that. > > > And if you want to create your own: CD/USB > http://wiki.debian.org/DebianLive I want to create a cd of my own after that, but it will be a windows one, at the begining. > > You can use that to either customize the initrd or create an initrd with > your custom kernel. > > -- > Tzafrir Cohen | [EMAIL PROTECTED] | VIM is > http://tzafrir.org.il || a Mutt's > [EMAIL PROTECTED] || best > ICQ# 16849754 || friend > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > >
Re: distro with ntfs built in the kernel
On Fri, Nov 07, 2008 at 11:58:48PM +0200, sara fink wrote: > I want to boot a livecd, and use dd to create image of asus eee 901 which > has 2 partitions of ntfs (in total 12gb). Why would that require ntfs support? And even if you did want to mount that partition, you could easily include the ntfs module in the initrd. On a Debian system you can force including a module in the initrd by adding it to /etc/initramfs-tools/modules . Slightly more efficiant (and maybe more portable) than dd would be to use partimage. Partimage backs up only the blocks from a partition that contain useful information. partimage 0.6.7 which I have on my system (Debian Lenny) lists NTFS partition support as "experimental" in its README. And if you want to create your own: CD/USB http://wiki.debian.org/DebianLive You can use that to either customize the initrd or create an initrd with your custom kernel. -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il || a Mutt's [EMAIL PROTECTED] || best ICQ# 16849754 || friend = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Anyone succeeded in setting up anonymous IPv6 connectivity in Debian Etch?
Hello Noam, Thanks for your answer. I still need more help. On Sat, 2008-11-08 at 10:09 +0200, Noam Rathaus wrote: > I have been able to do it using: > apt-get install tspc I installed it, too. > verify tun works: > ifconfig tun I do not have tun, but I have sit0 and sit1. Should tun exist as well? If yes, how do I find why wasn't it set up as well? According to lsmod, the following modules are loaded: - tun - sit - tunnel4 (used by sit) - ipv6 (used by sit) Am I missing anything? > and ping: > ipv6.google.com > PING ipv6.google.com(2001:4860:0:1001::68) 56 data bytes > 64 bytes from 2001:4860:0:1001::68: icmp_seq=1 ttl=52 time=305 ms > 64 bytes from 2001:4860:0:1001::68: icmp_seq=3 ttl=52 time=494 ms > 64 bytes from 2001:4860:0:1001::68: icmp_seq=4 ttl=52 time=505 ms > ^C > --- ipv6.google.com ping statistics --- > 5 packets transmitted, 3 received, 40% packet loss, time 4013ms > rtt min/avg/max/mdev = 305.720/435.197/505.567/91.669 ms When I try to ping6 ipv6.google.com, I get no response. According to wireshark, ICMPv6 echo requests are sent, but there are no echo replies. I tried all 4 values of -I parameter of ping6: sit0,sit1 - no response. sit,tun - unknown iface. I tried to ping6 both ipv6.google.com and 2001:4860:0:1001::68 (with -I both sit0 and sit1) - no response. > So I see two options: > 1) Your firewall is blocking > 2) Your NAT hinders it How to check for those possibilities? > Try to play with tunnel_mode=v6anyv4 > and if_tunnel_v6v4=sit1, if_tunnel_v6udpv4=tun My /etc/tsp/tspc.conf already has those settings. > You can use ethereal (wireshark) to see the data being sent on port 3653 - as > well as the channel being built. According to wireshark, the channel does get set up. I suspect something is strange in the output of route -6. How should it look like? My route -6 output looks like this (certain information was censored by replacing it by asterisks): 2001:5c0:8fff::8000:0::/128 :: U 25600 sit1 2001:5c0:8fff::8000:1::/128 2001:5c0:8fff::8000:1:: UC0 80 sit1 2000::/3:: U 1 00 sit1 fe80::/64 :: U 25600 eth0 fe80::/64 :: U 25600 eth1 fe80::/64 :: U 25600 sit1 ::1/128 :: U 0 78 1 lo 2001:5c0:8fff::8000:0::/128 :: U 0 01 lo fe80::/128 :: U 0 02 lo fe80::/128 :: U 0 02 lo fe80::/128 :: U 0 02 lo fe80:::/128 :: U 0 01 lo fe80:::/128 :: U 0 01 lo fe80:::/128 :: U 0 01 lo fe80::211:2fff::/128:: U 0 71 lo fe80::2c0:cff::/128 :: U 0 01 lo ff00::/8:: U 25600 eth0 ff00::/8:: U 25600 eth1 ff00::/8:: U 25600 sit1 Thanks, --- Omer -- Did you shave a yak today? My own blog is at http://www.zak.co.il/tddpirate/ My opinions, as expressed in this E-mail message, are mine alone. They do not represent the official policy of any organization with which I may be affiliated in any way. WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Anyone succeeded in setting up anonymous IPv6 connectivity in Debian Etch?
Hi Omer, I have been able to do it using: apt-get install tspc verify tun works: ifconfig tun and ping: ipv6.google.com PING ipv6.google.com(2001:4860:0:1001::68) 56 data bytes 64 bytes from 2001:4860:0:1001::68: icmp_seq=1 ttl=52 time=305 ms 64 bytes from 2001:4860:0:1001::68: icmp_seq=3 ttl=52 time=494 ms 64 bytes from 2001:4860:0:1001::68: icmp_seq=4 ttl=52 time=505 ms ^C --- ipv6.google.com ping statistics --- 5 packets transmitted, 3 received, 40% packet loss, time 4013ms rtt min/avg/max/mdev = 305.720/435.197/505.567/91.669 ms I also found http://www.cyberciti.biz/faq/tspc-debian-ubuntu-linux-configure-ipv6-tunnel/ as reference But since it worked without a hitch didn't have to use it. So I see two options: 1) Your firewall is blocking 2) Your NAT hinders it Try to play with tunnel_mode=v6anyv4 and if_tunnel_v6v4=sit1, if_tunnel_v6udpv4=tun They appear to (in several mailing list) allow you to circumvent the firewall issue. You can use ethereal (wireshark) to see the data being sent on port 3653 - as well as the channel being built. On Friday 07 November 2008 14:32:23 Omer Zak wrote: > After installation of the tspc package (version 2.1.1-6), the tspc > daemon can be started and when started, it sets up the sit1 interface > (which can be viewed by /sbin/ifconfig) and ping6 to the assigned IPv6 > address works. > > Since I am reluctant to register for a channel broker, I use the > anonymous login to anon.freenet6.net. > > The problem is that even after setting up the tunnel, attempts to ping6 > IPv6 hosts (such as ipv6.google.com or www.ipv6.uni-muenster.de) yield > no response. > > Is there anything I should do besides starting the aforementioned > daemon? > According to http://www.howtoforge.com/using-ipv6-on-debian-etch, I > should set up also sit0 interface. What are the roles of sit0 and sit1, > and why are both necessary? Is there anything I should do to get tspc > to set up also sit0? > >--- Omer -- Noam Rathaus CTO [EMAIL PROTECTED] http://www.beyondsecurity.com "Know that you are safe." Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
