Re: [SLUG] IPV6

[Dean Hamstead]

local dns problems will manifest themselves as failed look ups, long look
up times then normal transfer rates.

if domain names are resolving properly they will be resolving to ipv4
addresses and the stack will use the right protocol.

check your network cable, switch/hub port and look at /var/log/messages
for error messages - it could also be your network card.

Dean

On Mon, November 27, 2006 11:24 pm, Ashley wrote:
> Hi All,
>   My ADSL is as slow as dialup when searching for pages. even google
> takes 30-60 seconds to start to display. I know it's only 512k ADSL but
> I think there must be a problem as my daughter's XP machine displays all
> pages very quickly.
> My machine is an AMD64 3300+ running Ubuntu64 6.10 and my daughter's is
> a 1700 celeron with XP.
> I assumed the problem was DNS related but we both use the same DNS. The
> only thing I can see that is significantly different is the existance of
> ipV6 addresses
> How do I stop Ubuntu 6.10 trying to use ipV6. I've removed the addresses
> where I could find them, but still I get them displayed when I do an
> ifconfig.
>
> TIA
> Ashley
> --
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPV6

[heracles]

Hi Dean,
Actually what I am getting is very long lookup times but the transfer rate,
on downloads, is just fine.
 
Ashley

>-- Original Message --
>Date: Mon, 27 Nov 2006 23:46:43 +1100 (EST)
>Subject: Re: [SLUG] IPV6
>From: "Dean Hamstead" <[EMAIL PROTECTED]>
>To: "Ashley" <[EMAIL PROTECTED]>
>Cc: slug@slug.org.au
>
>
>local dns problems will manifest themselves as failed look ups, long look
>up times then normal transfer rates.
>
>if domain names are resolving properly they will be resolving to ipv4
>addresses and the stack will use the right protocol.
>
>check your network cable, switch/hub port and look at /var/log/messages
>for error messages - it could also be your network card.
>
>Dean
>
>On Mon, November 27, 2006 11:24 pm, Ashley wrote:
>> Hi All,
>>   My ADSL is as slow as dialup when searching for pages. even google
>> takes 30-60 seconds to start to display. I know it's only 512k ADSL but
>> I think there must be a problem as my daughter's XP machine displays all
>> pages very quickly.
>> My machine is an AMD64 3300+ running Ubuntu64 6.10 and my daughter's is
>> a 1700 celeron with XP.
>> I assumed the problem was DNS related but we both use the same DNS. The
>> only thing I can see that is significantly different is the existance
of
>> ipV6 addresses
>> How do I stop Ubuntu 6.10 trying to use ipV6. I've removed the addresses
>> where I could find them, but still I get them displayed when I do an
>> ifconfig.
>>
>> TIA
>> Ashley
>> --
>> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
>> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>>
>

Stay well & happy
Ashley

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPV6

[Dean Hamstead]

cat your resolv.conf (cat /etc/resolv.conf)

then test each server by hand

ie

nslookup google.com 256.256.256.256

where the obviously wrong ip address is the nslookup server

are you using a billion router? i found that its internal name
server was 100% happy with windows but it seriously didnt like
unix clients.

Dean

[EMAIL PROTECTED] wrote:

Hi Dean,
Actually what I am getting is very long lookup times but the transfer rate,
on downloads, is just fine.
 
Ashley



-- Original Message --
Date: Mon, 27 Nov 2006 23:46:43 +1100 (EST)
Subject: Re: [SLUG] IPV6
From: "Dean Hamstead" <[EMAIL PROTECTED]>
To: "Ashley" <[EMAIL PROTECTED]>
Cc: slug@slug.org.au


local dns problems will manifest themselves as failed look ups, long look
up times then normal transfer rates.

if domain names are resolving properly they will be resolving to ipv4
addresses and the stack will use the right protocol.

check your network cable, switch/hub port and look at /var/log/messages
for error messages - it could also be your network card.

Dean

On Mon, November 27, 2006 11:24 pm, Ashley wrote:

Hi All,
  My ADSL is as slow as dialup when searching for pages. even google
takes 30-60 seconds to start to display. I know it's only 512k ADSL but
I think there must be a problem as my daughter's XP machine displays all
pages very quickly.
My machine is an AMD64 3300+ running Ubuntu64 6.10 and my daughter's is
a 1700 celeron with XP.
I assumed the problem was DNS related but we both use the same DNS. The
only thing I can see that is significantly different is the existance

of

ipV6 addresses
How do I stop Ubuntu 6.10 trying to use ipV6. I've removed the addresses
where I could find them, but still I get them displayed when I do an
ifconfig.

TIA
Ashley
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html



Stay well & happy
Ashley



--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPV6

[tuxta2]

Dean Hamstead wrote:

cat your resolv.conf (cat /etc/resolv.conf)

then test each server by hand

ie

nslookup google.com 256.256.256.256

where the obviously wrong ip address is the nslookup server

are you using a billion router? i found that its internal name
server was 100% happy with windows but it seriously didnt like
unix clients.

Dean
My parents Dlink modem/router handled dns fine on Doze, but I had the 
same problem as described in this thread on Ubuntu. To fix it I just set 
the ip statically and tried a few different dns servers until I found 
the best performing one and shoved it in /etc/resolv.conf


Since then, we have all noticed Ubuntu / firefox returning pages faster 
than their old Doze install.


Hope that helps some

Tuxta
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPV6

[Ashley]

Thanks Guys,
Cat resolv.conf gives only my router ie. only one line!

Then nslookup google.com 192.168.1.1  gives:

;; reply from unexpected source: 192.168.1.1#3073, expected 192.168.1.1#53
Server: 192.168.1.1
Address:192.168.1.1#53

Non-authoritative answer:
Name:   google.com
Address: 64.233.187.99

I have a netcomm nb5 adsl2+ modem/router. I will try the option offered 
by Tuxta next to see if that helps. I'll have to find a few DNSs first 
however. Any one with a suggestion?


Thanks again
Ashley


Dean Hamstead wrote:

cat your resolv.conf (cat /etc/resolv.conf)

then test each server by hand

ie

nslookup google.com 256.256.256.256

where the obviously wrong ip address is the nslookup server

are you using a billion router? i found that its internal name
server was 100% happy with windows but it seriously didnt like
unix clients.

Dean

[EMAIL PROTECTED] wrote:

Hi Dean,
Actually what I am getting is very long lookup times but the transfer 
rate,

on downloads, is just fine.
 
Ashley



-- Original Message --
Date: Mon, 27 Nov 2006 23:46:43 +1100 (EST)
Subject: Re: [SLUG] IPV6
From: "Dean Hamstead" <[EMAIL PROTECTED]>
To: "Ashley" <[EMAIL PROTECTED]>
Cc: slug@slug.org.au


local dns problems will manifest themselves as failed look ups, long 
look

up times then normal transfer rates.

if domain names are resolving properly they will be resolving to ipv4
addresses and the stack will use the right protocol.

check your network cable, switch/hub port and look at /var/log/messages
for error messages - it could also be your network card.

Dean

On Mon, November 27, 2006 11:24 pm, Ashley wrote:

Hi All,
  My ADSL is as slow as dialup when searching for pages. even google
takes 30-60 seconds to start to display. I know it's only 512k ADSL but
I think there must be a problem as my daughter's XP machine displays 
all

pages very quickly.
My machine is an AMD64 3300+ running Ubuntu64 6.10 and my daughter's is
a 1700 celeron with XP.
I assumed the problem was DNS related but we both use the same DNS. The
only thing I can see that is significantly different is the existance

of

ipV6 addresses
How do I stop Ubuntu 6.10 trying to use ipV6. I've removed the 
addresses

where I could find them, but still I get them displayed when I do an
ifconfig.

TIA
Ashley
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html



Stay well & happy
Ashley




--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPV6

[Ashley]

Solved the problem. Found the addresses of my ISPs DNSs and programmed 
them in. Much faster!!!


Thanks for the assistance, it is really appreciated. I should have 
thought of this but I was blinded by my confidence in the new ADSL 
router/modem.


Thanks again
Ashley

tuxta2 wrote:

Dean Hamstead wrote:

cat your resolv.conf (cat /etc/resolv.conf)

then test each server by hand

ie

nslookup google.com 256.256.256.256

where the obviously wrong ip address is the nslookup server

are you using a billion router? i found that its internal name
server was 100% happy with windows but it seriously didnt like
unix clients.

Dean
My parents Dlink modem/router handled dns fine on Doze, but I had the 
same problem as described in this thread on Ubuntu. To fix it I just set 
the ip statically and tried a few different dns servers until I found 
the best performing one and shoved it in /etc/resolv.conf


Since then, we have all noticed Ubuntu / firefox returning pages faster 
than their old Doze install.


Hope that helps some

Tuxta

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPV6

[Martin Visser]

The line in your response from nslookup,

;; reply from unexpected source: 192.168.1.1#3073, expected 192.168.1.1#53

definitely looks like the culprit. DNS responses should source from UDP port
53. I'm sure with the the Linux resolver normally blocks a response not from
port 53. It could be that your firewall (on Linux) might be stopping it.
(Though it is interesting that you seem to get responses through
eventually). You might want to see if there is a firmware upgrade for your
router.

Regards, Martin

Martin Visser
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6

[Peter Chubb]

> "Dean" == Dean Hamstead <[EMAIL PROTECTED]> writes:

Dean> im not sure if this is a chat topic or not but anyway, is anyone
Dean> here using ipv6? im thinking of using it here at home for
Dean> curiosities sake. im running debian and freebsd so they are
Dean> ready. macosx and xp (for the parents and kids etc) are also
Dean> ipv6 ready.

I'm using it, using the AARNET tunnel broker ... providing your
firewall/router can be made to pass protocol 41, you can use the IPv4
connectivity to the ourtside world, and everything is fine.

The WAPs I've used are fine --- they just act as ethernet bridges
(I'm using one from Linksys; it doesn't talk IPv6 but bridges it in
ethernet packets just fine).


Dean> i can just about guarentee that the linksys router, belkin and
Dean> apple waps are also not ipv6 compatable


-- 
Dr Peter Chubb  http://www.gelato.unsw.edu.au  peterc AT gelato.unsw.edu.au
http://www.ertos.nicta.com.au   ERTOS within National ICT Australia
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6

[Dean Hamstead]

what have you done in terms of ip addressing?

Dean

Peter Chubb wrote:

"Dean" == Dean Hamstead <[EMAIL PROTECTED]> writes:



Dean> im not sure if this is a chat topic or not but anyway, is anyone
Dean> here using ipv6? im thinking of using it here at home for
Dean> curiosities sake. im running debian and freebsd so they are
Dean> ready. macosx and xp (for the parents and kids etc) are also
Dean> ipv6 ready.

I'm using it, using the AARNET tunnel broker ... providing your
firewall/router can be made to pass protocol 41, you can use the IPv4
connectivity to the ourtside world, and everything is fine.

The WAPs I've used are fine --- they just act as ethernet bridges
(I'm using one from Linksys; it doesn't talk IPv6 but bridges it in
ethernet packets just fine).


Dean> i can just about guarentee that the linksys router, belkin and
Dean> apple waps are also not ipv6 compatable




--
WWW: http://deanpatrick.tk
LAN: http://www.bong.com.au
EMAIL: [EMAIL PROTECTED]
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6

[Alexander Samad]

On Tue, Dec 13, 2005 at 02:03:29PM +1100, Dean Hamstead wrote:
> im not sure if this is a chat topic or not
> 
> but anyway, is anyone here using ipv6? im thinking of
> using it here at home for curiosities sake. im running
> debian and freebsd so they are ready. macosx and xp
> (for the parents and kids etc) are also ipv6 ready.
> 
> i can just about guarentee that the linksys router,
> belkin and apple waps are also not ipv6 compatable
> 
> so, like i was saying. id like to hear from anyone running
> it at home or work etc (or using ?6bone?) especially with
> off the shelf appliance style hardware.

I am running at home just to play with, but I have 3 networks hanging
off the firewall, lan, wan and a firewire (again more playing), I run
ipv6 on all of them.


I also have 2 internet connections (1 static and 1 dynamic),  I onyl use the 
ip6to4 addressing
schema, which is a pain for the dhcp internet address cause I have to
make changes to my internet dns, if memory serves me correctly you get a
/64 on the 6to4 address space to chop up how you want internally, also
using fe80 for site addressing so I can use these addresses with out
worring about the changing dhcp address and therefor a changing 6to4
address

I routing my encapsulated traffic via ::192.231.212.5 (aus 4to6 gateway)
and via the ::192.88.99.1 which is defined as a 4to6 gateway which is
mean to be provided by your isp 

had some fun setting it up and ip6tables, but now I have it running
haven't played with it in a while.  Setup my proxy pack to try ipv6
addresses first for some sites


> 
> Dean
> -- 
> WWW: http://deanpatrick.tk
> LAN: http://www.bong.com.au
> EMAIL: [EMAIL PROTECTED]
> -- 
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
> 


signature.asc
Description: Digital signature
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6

[Dean Hamstead]

how do applications seem to react?

most programs seem very 'ipv4' hardcoded. especially in windows,
but in general to programs seem to accept ip6 addresses?

Dean

Alexander Samad wrote:

On Tue, Dec 13, 2005 at 02:03:29PM +1100, Dean Hamstead wrote:


im not sure if this is a chat topic or not

but anyway, is anyone here using ipv6? im thinking of
using it here at home for curiosities sake. im running
debian and freebsd so they are ready. macosx and xp
(for the parents and kids etc) are also ipv6 ready.

i can just about guarentee that the linksys router,
belkin and apple waps are also not ipv6 compatable

so, like i was saying. id like to hear from anyone running
it at home or work etc (or using ?6bone?) especially with
off the shelf appliance style hardware.



I am running at home just to play with, but I have 3 networks hanging
off the firewall, lan, wan and a firewire (again more playing), I run
ipv6 on all of them.


I also have 2 internet connections (1 static and 1 dynamic),  I onyl use the 
ip6to4 addressing
schema, which is a pain for the dhcp internet address cause I have to
make changes to my internet dns, if memory serves me correctly you get a
/64 on the 6to4 address space to chop up how you want internally, also
using fe80 for site addressing so I can use these addresses with out
worring about the changing dhcp address and therefor a changing 6to4
address

I routing my encapsulated traffic via ::192.231.212.5 (aus 4to6 gateway)
and via the ::192.88.99.1 which is defined as a 4to6 gateway which is
mean to be provided by your isp 


had some fun setting it up and ip6tables, but now I have it running
haven't played with it in a while.  Setup my proxy pack to try ipv6
addresses first for some sites




Dean
--
WWW: http://deanpatrick.tk
LAN: http://www.bong.com.au
EMAIL: [EMAIL PROTECTED]
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html



--
WWW: http://deanpatrick.tk
LAN: http://www.bong.com.au
EMAIL: [EMAIL PROTECTED]
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6

[Alexander Samad]

On Tue, Dec 13, 2005 at 04:25:15PM +1100, Dean Hamstead wrote:
> how do applications seem to react?
> 
> most programs seem very 'ipv4' hardcoded. especially in windows,
> but in general to programs seem to accept ip6 addresses?

I just use names and let dns handle it, if its a ipv6 aware app, then it
will make a ipv6 connection first then fall back to ipv4. lot of the
main tools are aware, X ssh exim apache 

like I said I did it for a bit of interest but now its in place its just
there

> 
> Dean
> 
> Alexander Samad wrote:
> >On Tue, Dec 13, 2005 at 02:03:29PM +1100, Dean Hamstead wrote:
> >
> >>im not sure if this is a chat topic or not
> >>
> >>but anyway, is anyone here using ipv6? im thinking of
> >>using it here at home for curiosities sake. im running
> >>debian and freebsd so they are ready. macosx and xp
> >>(for the parents and kids etc) are also ipv6 ready.
> >>
> >>i can just about guarentee that the linksys router,
> >>belkin and apple waps are also not ipv6 compatable
> >>
> >>so, like i was saying. id like to hear from anyone running
> >>it at home or work etc (or using ?6bone?) especially with
> >>off the shelf appliance style hardware.
> >
> >
> >I am running at home just to play with, but I have 3 networks hanging
> >off the firewall, lan, wan and a firewire (again more playing), I run
> >ipv6 on all of them.
> >
> >
> >I also have 2 internet connections (1 static and 1 dynamic),  I onyl use 
> >the ip6to4 addressing
> >schema, which is a pain for the dhcp internet address cause I have to
> >make changes to my internet dns, if memory serves me correctly you get a
> >/64 on the 6to4 address space to chop up how you want internally, also
> >using fe80 for site addressing so I can use these addresses with out
> >worring about the changing dhcp address and therefor a changing 6to4
> >address
> >
> >I routing my encapsulated traffic via ::192.231.212.5 (aus 4to6 gateway)
> >and via the ::192.88.99.1 which is defined as a 4to6 gateway which is
> >mean to be provided by your isp 
> >
> >had some fun setting it up and ip6tables, but now I have it running
> >haven't played with it in a while.  Setup my proxy pack to try ipv6
> >addresses first for some sites
> >
> >
> >
> >>Dean
> >>-- 
> >>WWW: http://deanpatrick.tk
> >>LAN: http://www.bong.com.au
> >>EMAIL: [EMAIL PROTECTED]
> >>-- 
> >>SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> >>Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
> >>
> 
> -- 
> WWW: http://deanpatrick.tk
> LAN: http://www.bong.com.au
> EMAIL: [EMAIL PROTECTED]
> 


signature.asc
Description: Digital signature
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6

[Anand Kumria]

On Tue, Dec 13, 2005 at 02:03:29PM +1100, Dean Hamstead wrote:
> im not sure if this is a chat topic or not

nah

> 
> but anyway, is anyone here using ipv6? 

yes, in fact progsoc -- where slug.org.au is hosted -- is also using
IP6. While you can ping6 the slug box on 2001:388:c152:7::4 alas the
webserver is not listening via IPv6.

> i can just about guarentee that the linksys router,
> belkin and apple waps are also not ipv6 compatable

Some linksys routers are, for example,
http://www.research.earthlink.net/ipv6/
have an image for a WRT54G router that basically autoconfigures
everything.

> so, like i was saying. id like to hear from anyone running
> it at home or work etc (or using ?6bone?) especially with
> off the shelf appliance style hardware.

Since my work is my home, I'm running it at both places.

Anand

-- 
 `When any government, or any church for that matter, undertakes to say to
  its subjects, "This you may not read, this you must not see, this you are
  forbidden to know," the end result is tyranny and oppression no matter how
  holy the motives' -- Robert A Heinlein, "If this goes on --"
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6

[Anand Kumria]

On Tue, Dec 13, 2005 at 03:37:09PM +1100, Alexander Samad wrote:
> 
> I also have 2 internet connections (1 static and 1 dynamic),  I onyl use the 
> ip6to4 addressing
> schema, which is a pain for the dhcp internet address cause I have to
> make changes to my internet dns, if memory serves me correctly you get a

If you have a static IPv4 address you can use either the AARNet IPv6
tunnel broker (reasonably okay) or 6to4 address (tends to have higher
latency due to dog-leg routing).

If you have a dynamic IPv4 you really want to be using the AARNet IPv6
broker.

One advantage 6to4 address has is that you can get your reverse DNS
setup (http://6to4.nro.net).

> /64 on the 6to4 address space to chop up how you want internally, also
> using fe80 for site addressing so I can use these addresses with out
> worring about the changing dhcp address and therefor a changing 6to4
> address

The site-local prefix (fe80) has been deprecated (rfc3879), instead you 
want IPv6 local addresses (rfc4193) which you can self-generate with
tools such as:
http://www.hznet.de/tools/generate-uniq-local-ipv6-unicast-addr.sh

> I routing my encapsulated traffic via ::192.231.212.5 (aus 4to6 gateway)
> and via the ::192.88.99.1 which is defined as a 4to6 gateway which is
> mean to be provided by your isp 

You mean 6to4, however the 6to4 anycast address (::192.88.99.1) is
normally provided by the topologically closest network -- at the moment
that is switzerland as neither AARNet nor Telstra advertise reachability
of their 6to4 service.

> had some fun setting it up and ip6tables, but now I have it running
> haven't played with it in a while.  Setup my proxy pack to try ipv6
> addresses first for some sites

Which proxy are you using? I was under the impression that Squid was
fundamentally broken w.r.t IPv6 -- I'm been meaning to look at Apache2
mod_proxy but, on my laptop, I'm using polipo with some success.

Anand

-- 
 `When any government, or any church for that matter, undertakes to say to
  its subjects, "This you may not read, this you must not see, this you are
  forbidden to know," the end result is tyranny and oppression no matter how
  holy the motives' -- Robert A Heinlein, "If this goes on --"


signature.asc
Description: Digital signature
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6

[Alexander Samad]

On Fri, Dec 16, 2005 at 01:00:32AM +1100, Anand Kumria wrote:
> On Tue, Dec 13, 2005 at 03:37:09PM +1100, Alexander Samad wrote:
> > 
> > I also have 2 internet connections (1 static and 1 dynamic),  I onyl use 
> > the ip6to4 addressing
> > schema, which is a pain for the dhcp internet address cause I have to
> > make changes to my internet dns, if memory serves me correctly you get a
> 
> If you have a static IPv4 address you can use either the AARNet IPv6
> tunnel broker (reasonably okay) or 6to4 address (tends to have higher
> latency due to dog-leg routing).
> 
> If you have a dynamic IPv4 you really want to be using the AARNet IPv6
> broker.

I have a bunch of script run to update dyndns, ipsec and a few other
things, so just tacked on a bit to update the ipv6 address associated
with the dynamic

> 
> One advantage 6to4 address has is that you can get your reverse DNS
> setup (http://6to4.nro.net).
> 
> > /64 on the 6to4 address space to chop up how you want internally, also
> > using fe80 for site addressing so I can use these addresses with out
> > worring about the changing dhcp address and therefor a changing 6to4
> > address
> 
> The site-local prefix (fe80) has been deprecated (rfc3879), instead you 
> want IPv6 local addresses (rfc4193) which you can self-generate with
> tools such as:
>   http://www.hznet.de/tools/generate-uniq-local-ipv6-unicast-addr.sh
So much reading to do and so little time, just to save me time reading
the rfc's can I still use those address, i will get around to it, but
haven't had a need to follow up in ipv6, but maybe now I do 8)

> 
> > I routing my encapsulated traffic via ::192.231.212.5 (aus 4to6 gateway)
> > and via the ::192.88.99.1 which is defined as a 4to6 gateway which is
> > mean to be provided by your isp 
> 
> You mean 6to4, however the 6to4 anycast address (::192.88.99.1) is
> normally provided by the topologically closest network -- at the moment
> that is switzerland as neither AARNet nor Telstra advertise reachability
> of their 6to4 service.
yep, I found one through japan as well, I use it as a fall back

> 
> > had some fun setting it up and ip6tables, but now I have it running
> > haven't played with it in a while.  Setup my proxy pack to try ipv6
> > addresses first for some sites
> 
> Which proxy are you using? I was under the impression that Squid was
> fundamentally broken w.r.t IPv6 -- I'm been meaning to look at Apache2
> mod_proxy but, on my laptop, I'm using polipo with some success.

Proxy pac tell my browser to by pass for certain ipv6 address, just to
make sure it was working and all that

> 
> Anand

Sounds like you have been playing with it for while ? for work or fun

> 
> -- 
>  `When any government, or any church for that matter, undertakes to say to
>   its subjects, "This you may not read, this you must not see, this you are
>   forbidden to know," the end result is tyranny and oppression no matter how
>   holy the motives' -- Robert A Heinlein, "If this goes on --"



> -- 
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


signature.asc
Description: Digital signature
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6

[Anand Kumria]

On Fri, Dec 16, 2005 at 09:12:26AM +1100, Alexander Samad wrote:
> On Fri, Dec 16, 2005 at 01:00:32AM +1100, Anand Kumria wrote:
> > On Tue, Dec 13, 2005 at 03:37:09PM +1100, Alexander Samad wrote:
> > > 
> > > I also have 2 internet connections (1 static and 1 dynamic),  I onyl use 
> > > the ip6to4 addressing
> > > schema, which is a pain for the dhcp internet address cause I have to
> > > make changes to my internet dns, if memory serves me correctly you get a
> > 
> > If you have a static IPv4 address you can use either the AARNet IPv6
> > tunnel broker (reasonably okay) or 6to4 address (tends to have higher
> > latency due to dog-leg routing).
> > 
> > If you have a dynamic IPv4 you really want to be using the AARNet IPv6
> > broker.
> 
> I have a bunch of script run to update dyndns, ipsec and a few other
> things, so just tacked on a bit to update the ipv6 address associated
> with the dynamic

Well, that means that your IPv6 prefix is being updated each time you
get a new address.  There is lots of pain associated with that
(renumbering is easier with IPv6 but on-the-fly router renumbering is
still being worked out).

> > The site-local prefix (fe80) has been deprecated (rfc3879), instead you 
> > want IPv6 local addresses (rfc4193) which you can self-generate with
> > tools such as:
> > http://www.hznet.de/tools/generate-uniq-local-ipv6-unicast-addr.sh
> So much reading to do and so little time, just to save me time reading
> the rfc's can I still use those address, i will get around to it, but
> haven't had a need to follow up in ipv6, but maybe now I do 8)

Basically:
RFC3330 (or RFC1918) specifies a number of 'private use' IPv4
addresses: 10.0.0.0/8, 172.16.0.0/16 and 192.168.0.0/16

Strangely enough most people and organisations that deploy
private-use IPv4 address tend to pick the same ones (so
192.168.0.0/24 and 192.168.1.0/24 are very common).

If you then have to connect two 192.168.1.0/24 networks together
you end up having to do double-NAT and installing lots of
'funky' routes in various routers.

There are a lot of other issues (described in RFC3879) as well,
so the solution is to allow people to generate their own prefix
but which isn't routed. So long as the generated prefix is
unique, you can then connect two (or more) 'private use' IPv6
networks together without having to worry about address
collision.

The shell script just generates an address prefix for you to
use.

> > > I routing my encapsulated traffic via ::192.231.212.5 (aus 4to6 gateway)
> > > and via the ::192.88.99.1 which is defined as a 4to6 gateway which is
> > > mean to be provided by your isp 
> > 
> > You mean 6to4, however the 6to4 anycast address (::192.88.99.1) is
> > normally provided by the topologically closest network -- at the moment
> > that is switzerland as neither AARNet nor Telstra advertise reachability
> > of their 6to4 service.
> yep, I found one through japan as well, I use it as a fall back

Think about it.  The one in Japan (I'm assuming you are talking about
kddilab.6to4.jp) _is_ advertising itself via anycast.

The fact that you aren't using it when you use 192.88.99.1 means that it
is topologically closer to route via switzerland than japan.  Picking
that one means you are increasing your own latency.

> Sounds like you have been playing with it for while ? 

Yes

> for work or fun

Both

Regards,
Anand
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6

[Alexander Samad]

On Sun, Dec 18, 2005 at 03:08:14PM +1100, Anand Kumria wrote:
> On Fri, Dec 16, 2005 at 09:12:26AM +1100, Alexander Samad wrote:
> > On Fri, Dec 16, 2005 at 01:00:32AM +1100, Anand Kumria wrote:
> > > On Tue, Dec 13, 2005 at 03:37:09PM +1100, Alexander Samad wrote:
> > > > 
> > > > I also have 2 internet connections (1 static and 1 dynamic),  I onyl 
> > > > use the ip6to4 addressing
> > > > schema, which is a pain for the dhcp internet address cause I have to
> > > > make changes to my internet dns, if memory serves me correctly you get a
> > > 
> > > If you have a static IPv4 address you can use either the AARNet IPv6
> > > tunnel broker (reasonably okay) or 6to4 address (tends to have higher
> > > latency due to dog-leg routing).
> > > 
> > > If you have a dynamic IPv4 you really want to be using the AARNet IPv6
> > > broker.
> > 
> > I have a bunch of script run to update dyndns, ipsec and a few other
> > things, so just tacked on a bit to update the ipv6 address associated
> > with the dynamic
> 
> Well, that means that your IPv6 prefix is being updated each time you
> get a new address.  There is lots of pain associated with that
> (renumbering is easier with IPv6 but on-the-fly router renumbering is
> still being worked out).
Yep, but I use it only for out bound, the static is my inbound one,
it was a challenge to be done at the time.

> 
> > > The site-local prefix (fe80) has been deprecated (rfc3879), instead you 
> > > want IPv6 local addresses (rfc4193) which you can self-generate with
> > > tools such as:
> > >   http://www.hznet.de/tools/generate-uniq-local-ipv6-unicast-addr.sh
> > So much reading to do and so little time, just to save me time reading
> > the rfc's can I still use those address, i will get around to it, but
> > haven't had a need to follow up in ipv6, but maybe now I do 8)
> 
> Basically:
>   RFC3330 (or RFC1918) specifies a number of 'private use' IPv4
>   addresses: 10.0.0.0/8, 172.16.0.0/16 and 192.168.0.0/16
> 
>   Strangely enough most people and organisations that deploy
>   private-use IPv4 address tend to pick the same ones (so
>   192.168.0.0/24 and 192.168.1.0/24 are very common).
> 
>   If you then have to connect two 192.168.1.0/24 networks together
>   you end up having to do double-NAT and installing lots of
>   'funky' routes in various routers.
> 
>   There are a lot of other issues (described in RFC3879) as well,
>   so the solution is to allow people to generate their own prefix
>   but which isn't routed. So long as the generated prefix is
>   unique, you can then connect two (or more) 'private use' IPv6
>   networks together without having to worry about address
>   collision.
> 
>   The shell script just generates an address prefix for you to
>   use.
Understand

> 
> > > > I routing my encapsulated traffic via ::192.231.212.5 (aus 4to6 gateway)
> > > > and via the ::192.88.99.1 which is defined as a 4to6 gateway which is
> > > > mean to be provided by your isp 
> > > 
> > > You mean 6to4, however the 6to4 anycast address (::192.88.99.1) is
> > > normally provided by the topologically closest network -- at the moment
> > > that is switzerland as neither AARNet nor Telstra advertise reachability
> > > of their 6to4 service.
> > yep, I found one through japan as well, I use it as a fall back
> 
> Think about it.  The one in Japan (I'm assuming you are talking about
> kddilab.6to4.jp) _is_ advertising itself via anycast.
Sorry I think I have thrown a spanner in here, at some point in time
when I was setting this up, the ::192.88.99.1 address resolved to an
address in japan, not switzerland.  The ping times to swit was around
400ms and the japan one was around 200ms, so right now I have 2 with
metrics attached, 1 goes to 192.231.212.5 with is ~12ms and the second
goes to ::192.88.99.1.  Its been working, haven't bothered to play with
it for a while.  But looks like there has been some changes worth my
time again.

> 
> The fact that you aren't using it when you use 192.88.99.1 means that it
> is topologically closer to route via switzerland than japan.  Picking
> that one means you are increasing your own latency.
> 
> > Sounds like you have been playing with it for while ? 
> 
> Yes
> 
> > for work or fun
> 
> Both
What is the work angle, if you can discuss or off line or  Just
interested to see what is happening in the real work world with ipv6
> 
> Regards,
> Anand
> 


signature.asc
Description: Digital signature
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

RE: [SLUG] ipv6

[Visser, Martin]

Anand Kumria wrote :-

>The site-local prefix (fe80) has been deprecated (rfc3879), instead you
want IPv6 local addresses (rfc4193) which you
>can self-generate with tools such as:
>
http://www.hznet.de/tools/generate-uniq-local-ipv6-unicast-addr.sh
  

Hmm, I dropped off the IETF announce lists a few years ago so I have
missed this fairly significant change. One thing I noticed though was
that this script doesn't comply with the mentioned RFC. I am guessing it
may have been written against an earlier draft (yep, the script says
Sept. 2004). 

While it creates a pseudo-random address, a few problems I see are that
it uses FD00::/8 as the prefix (instead of FC00::/7 which means it only
tries to use half of the available space) and MD5 instead of SHA1 as the
digest/randomizer. I know I am pedantic but one of the assumptions in
this RFC (section 3.2.1) is that all generators of locally assigned
global IDs use the same algorithm.

It seems like it might be useful for me (or someone) to create an
up-to-date version of this script over the Christmas break!

Regards, Martin

Martin Visser, CISSP
Network and Security Consultant 
Consulting & Integration
Technology Solutions Group - HP Services

410 Concord Road
Rhodes NSW  2138
Australia 

Mobile: +61-411-254-513
Fax: +61-2-9022-1800 
E-mail: martin.visserAThp.com

This email (including any attachments) is intended only for the use of
the individual or entity named above and may contain information that is
confidential, proprietary or privileged. If you are not the intended
recipient, please notify HP immediately by return email and then delete
the email, destroy any printed copy and do not disclose or use the
information in it.

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6

[Anand Kumria]

On Mon, Dec 19, 2005 at 10:30:43PM +1100, Visser, Martin wrote:
> Anand Kumria wrote :-
> 
> >The site-local prefix (fe80) has been deprecated (rfc3879), instead you
> want IPv6 local addresses (rfc4193) which you
> >can self-generate with tools such as:
> >
> http://www.hznet.de/tools/generate-uniq-local-ipv6-unicast-addr.sh
>   
> 
> Hmm, I dropped off the IETF announce lists a few years ago so I have
> missed this fairly significant change. One thing I noticed though was
> that this script doesn't comply with the mentioned RFC. I am guessing it
> may have been written against an earlier draft (yep, the script says
> Sept. 2004). 

Hmm, I thought I had updated the URL before I sent out my email.

Anyway, http://www.hznet.de/tools/generate-rfc4193-addr.sh is one
which seems to comply with the RFC.  It might be worthwhile checking
this as throughly as you have the last one though.

> While it creates a pseudo-random address, a few problems I see are that
> it uses FD00::/8 as the prefix (instead of FC00::/7 which means it only
> tries to use half of the available space) and MD5 instead of SHA1 as the
> digest/randomizer. I know I am pedantic but one of the assumptions in
> this RFC (section 3.2.1) is that all generators of locally assigned
> global IDs use the same algorithm.

Holger, it is probably worthwhile if you generate a 303 - See
other  response if someone tries to access the earlier shell script.

Regards,
Anand

-- 
 `When any government, or any church for that matter, undertakes to say to
  its subjects, "This you may not read, this you must not see, this you are
  forbidden to know," the end result is tyranny and oppression no matter how
  holy the motives' -- Robert A Heinlein, "If this goes on --"


signature.asc
Description: Digital signature
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6

[Holger Zuleger]

Anand Kumria wrote:

On Mon, Dec 19, 2005 at 10:30:43PM +1100, Visser, Martin wrote:


Anand Kumria wrote :-



The site-local prefix (fe80) has been deprecated (rfc3879), instead you


want IPv6 local addresses (rfc4193) which you


can self-generate with tools such as:



http://www.hznet.de/tools/generate-uniq-local-ipv6-unicast-addr.sh
 


Hmm, I dropped off the IETF announce lists a few years ago so I have
missed this fairly significant change. One thing I noticed though was
that this script doesn't comply with the mentioned RFC. I am guessing it
may have been written against an earlier draft (yep, the script says
Sept. 2004). 



Hmm, I thought I had updated the URL before I sent out my email.

Anyway, http://www.hznet.de/tools/generate-rfc4193-addr.sh is one
which seems to comply with the RFC.  It might be worthwhile checking
this as throughly as you have the last one though.



While it creates a pseudo-random address, a few problems I see are that
it uses FD00::/8 as the prefix (instead of FC00::/7 which means it only
tries to use half of the available space) and MD5 instead of SHA1 as the
No! This is what RFC 4193 call a "locally" assigned uniq ipv6 unicast 
address. In one of the former drafts the addresses with an L bit set to 
0 are called "globally" assigned local ipv6 unicast addresses.

Currently these are not defined (See Chapter 3.2).


digest/randomizer. I know I am pedantic but one of the assumptions in
this RFC (section 3.2.1) is that all generators of locally assigned
global IDs use the same algorithm.



Holger, it is probably worthwhile if you generate a 303 - See
other  response if someone tries to access the earlier shell script.

Yes, done and thank you for the hint.


Regards,
Anand


Greets
Holger

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6

[Martin Visser]

Howard,While in some respect, I share your sentiments (in wanting to get people to think about the move to IPv6) I still think you are way too early. I have been doing network designs and consulting for a the very biggest corporate and government bodies for the last 18 years or so. I have been watching IPv6 as it began its gestation about 10-12 years ago. But guess what - I see almost *no* interest from even the largest of end-user enterprises. Only large software (read Microsoft) and networking companies (read Cisco) have made any sort of effort to promote. While it is built into the core of most current OSes and the higher-end network equipment - that really is about it. 
It only will really become meaningful when it becomes the default option from the major ISPs and carriers for the carriage of IP traffic. And even then I would suspect that for the most part, end-users will be able to choose to be shielded from the intricacies of IPv6.
Even in the briefest look around, you will realise how far away real-world adoption really is. Most configuration dialogues and web forms today still try to parse/display an "IP address" as a dotted quad (eg 
1.2.3.4). That is, they ignore the IPv6 format of IP addresses. The other simple matter is that I would wager that if you took 10 experienced (10+ years) network engineers and ask them about IPv6 and what it is about and have they even played with it, 9 of them would probably have told you about the huge new size of the address space, but the need for it has been pretty well removed with private IP address space (
10.x.x.x etc) and NAT, and no they haven't played with it. IMHO it really still is only of real interest to propeller heads (myself included).On the other hand I do believe it will come into play at some stage (because as Vint Cerf once said - every light buld will need an IP address in the future) but my current hunch is that it might be at least 5 years before any credible moves need to be made (by us end users).
I'm happy to be contradicted.Regards, MartinOn 10/5/06, Howard Lowndes <[EMAIL PROTECTED]
> wrote:I'm thinking that its about time I started thinking about planning for
IPv4 to IPv6 transitions for my SMB clients.What knowledge base is there out there, esp. any "Been there, Done that,Got the {T shirt|Scars} to prove it".--Howard.LANNet Computing Associates - Your Linux people <
http://lannetlinux.com>When you want a computer system that works, just choose Linux;When you want a computer system that works, just, choose Microsoft.--Flatter government, not fatter government; abolish the Australian states.
--SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
-- Regards, MartinMartin Visser
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6

[Joseph Goncalves]

Hi Martin, 
> While in some respect, I share your sentiments (in wanting to get
> people to think about the move to IPv6) I still think you are way too
> early. I have been doing network designs and consulting for a the
> very biggest corporate and government bodies for the last 18 years or
> so. I have been watching IPv6 as it began its gestation about 10-12
> years ago. But guess what - I see almost *no* interest from even the
> largest of end-user enterprises. Only large software (read Microsoft)
> and networking companies (read Cisco) have made any sort of effort to
> promote. While it is built into the core of most current OSes and the
> higher-end network equipment - that really is about it.

I did a quick Google in an attempt to find the benefits that IPv6 has 
over IPv4. There does not seem to be a killer app for IPv6. The thing 
that impressed me is the ability for a IPv6 node to be mobile and maybe 
with the prevalence of wireless ISPs IPv6 will become a reality. I also 
read that IPv6 is more efficient to route, so what does that mean in 
percentage terms? Do you think it will be a good idea to start IPv6 
networks from the ground up, instead of starting with IPv4 and 
upgrading to IPv6?

>
>
> It only will really become meaningful when it becomes the default
> option from the major ISPs and carriers for the carriage of IP
> traffic. And even then I would suspect that for the most part,
> end-users will be able to choose to be shielded from the intricacies
> of IPv6.

End-users for the most part use domain names so this wouldn't change.

>
> Even in the briefest look around, you will realise how far away
> real-world adoption really is. Most configuration dialogues and web
> forms today still try to parse/display an "IP address" as a dotted
> quad (eg 1.2.3.4). That is, they ignore the IPv6 format of IP
> addresses. The other simple matter is that I would wager that if you
> took 10 experienced (10+ years) network engineers and ask them about
> IPv6 and what it is about and have they even played with it, 9 of
> them would probably have told you about the huge new size of the
> address space, but the need for it has been pretty well removed with
> private IP address space (10.x.x.x etc) and NAT, and no they haven't
> played with it. IMHO it really still is only of real interest to
> propeller heads (myself included).

From what I read, IPv6 has been rethought and re-engineered so that it 
just works a lot better. 

>
> On the other hand I do believe it will come into play at some stage
> (because as Vint Cerf once said - every light buld will need an IP
> address in the future) but my current hunch is that it might be at
> least 5 years before any credible moves need to be made (by us end
> users).

Maybe ubiquitous wireless mesh networks might do the trick...

>
> I'm happy to be contradicted.

I'm not really contradicting, just wanted some peoples thoughts on the 
matter, because I have been ignorant.

Regards
Joseph
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

RE: [SLUG] IPv6

[Christopher Martin]

Please be aware! This e-mail is liberally mixed with my personal opinion as
well as technical fact, so read with that in mind. If you will be annoyed or
offended by a little (or perhaps a lot) of ranting I suggest you skip this
mail. Want my opinion of the modern ISP, read on...

> I did a quick Google in an attempt to find the benefits that IPv6 has
> over IPv4. There does not seem to be a killer app for IPv6. The thing
> that impressed me is the ability for a IPv6 node to be mobile and maybe
> with the prevalence of wireless ISPs IPv6 will become a reality. I also
> read that IPv6 is more efficient to route, so what does that mean in
> percentage terms? Do you think it will be a good idea to start IPv6
> networks from the ground up, instead of starting with IPv4 and
> upgrading to IPv6?

That's the biggest sticking point... For IPv6 every app is the killer app,
and that's actually harder to sell than you may first think.

Secondly, there's no regulator. That's great for decentralisation and
equality (sort of, and even so only in some cases) but it means there is
no-one to mandate an update. And as most executives are cowards (if you
think you're worried about your job, think of how much of a dork/tool/knob
your CEO is and keep in mind that he probably knows he is out of his depth,
and worries constantly that he'll be found out) so it's not like some turkey
like Trujillo is going to risk his job over a new protocol, especially when
no-one else is doing it. That's 90% of a CEO's job these days, it seems:
don't do anything risky, and only do what has succeeded before. And if
you're not a technology company, well then it's likely that the CIO is some
accounting recycle or, worse, some boob from Marketing who wanted better
oversight of the website so he sleazed his way into the role. I even saw a
HR migrant once. HR. It's a nightmare only previously hinted to in the
panels of Dilbert cartoons.

Everyone has gotten so used to bandaids and hacks that we've missed the true
benefit of IPv6: rationalisation.

We were running out off addressing, IPv6 was taking too long and so we got
NAT. NAT sucks. Sure, there are some "security by obscurity" benefits, but
the internet was a peer network to start with. I've been fortunate enough to
participate in a community network in my area, and I have come to love
having a range of static addresses I control. And part of making a
not-for-profit network work was IPv6, because it gave us addressing to burn.
The infuriating issue we have struck, specifically, is acquiring internet
routable addressing, because APNIC and the like cling to the old ideals of a
tiered internet and limited resources, when, for the 'net as a whole to take
the next step, resources have to become a secondary concern through them
being abundant. But I digress...

IPv6 turns packet level encryption from a PITA hack to core feature. QoS is
a design priority and not an afterthought. RSVP is not fun. IPv6 is
engineered, it works and has (almost) stopped changing under our feet
(wasn't the evaporation of site local addressing a pain?).

There may be something to be said for a hypothesis that suggests that, for
some carriers at least, IPv6 will be the writing on the wall when it comes
to the easy days of making a buck on the Internet.

All of those issues aside, it's hard for a small time developer, like open
source programmers tend to be, to set up a simulation network to really do
appropriate dev and testing. 

That's the real trick. No one is writing code that does more with IPv6 than
it does with v4. It's not like anyone is writing software that does a/b/c
with v4, but d/e/f works fully under v6, and only in a limited fashion in
v4. People just don't see the point of writing features that only 2% of
geeks use, let alone the general population. And developers worry that if
they tell customers they have to deploy IPv6 to run their software at its
full feature set then customers/users might look elsewhere. As a developer,
you're better off taking the easy road: make sure it opens a :: socket and
can handle  responses from DNS, and nothing more. There is no use coding
in that cool QoS variable rate stuff, because no-one wants to use it and you
can't test it.

> > It only will really become meaningful when it becomes the default
> > option from the major ISPs and carriers for the carriage of IP
> > traffic. And even then I would suspect that for the most part,
> > end-users will be able to choose to be shielded from the intricacies
> > of IPv6.
> 
> End-users for the most part use domain names so this wouldn't change.

But those nasty BIND4 servers out there need to go... And any NT4 DNS
servers, but if you're still running NT you deserve what you get. Anyone
know if Netware 4 supports IPv6?

> > Even in the briefest look around, you will realise how far away
> > real-world adoption really is. Most configuration dialogues and web
> > forms today still try to parse/display an "IP address" as a dotted
> > quad 

Re: [SLUG] IPv6

[Martin Visser]

There are some really good thoughts here.As Christopher rightly points out IPv6 has built-in a lot of the features that have been  "hacks" we have added on to IPv41. Lots of address space to waste - NAT not required.
2. Built in security (IPSEC) and Quality of Service at the IP level.3. Mobility so you can connect via your "home" IP address. The thing is, I think we have grown comfortable with the hacks and maybe the business drivers haven't materialised for it yet.
For instance, my story about an IP address in every light-bulb might seem far-fetched at the moment. But closer to reality might be an IP address for every mobile phone. It even makes sense - to be able to send and receive IP traffic to the same address no matter where am. The problem is that for mobile data services, you pay for traffic you both send and receive. And if your phone's IP address is just "out there" for some one to push traffic to you could be quite vulnerable. So the current method of "pulling" IP traffic from your, and hence just using a NATted (or at least non-associated address) makes more sense from a business point of view. So while from a utopian and ubiquitous connectivity point of view IPv6 mobile-IP makes perfect sense - unless bandwidth is free then it doesn't add much value on what we already have.
Also as far as government mandates are concerned, which Howard mentioned, unfortunately I have seen this fall in a big heap once before. There was a huge big, quite mature and technical quite good protocol stack called OSI (Open Systems Interconnect) that was developed by the commitees of the ITU.  It was promoted very strongly by all and sundry and I think USA, UK and even Oz governments all launched programs called something like GOSIP (government OSI profile). These all had various timeframes for adoption. But unfortunately (for OSI) a grass-roots (and truly open) stack known as TCP/IP came to public knowledge in the early 90's and the rest (as they say) is history. I do come across OSI protocols now and then but you won't find many proponents of it. (Actually he biggest problem with OSI was it's cost. It was nearly impossible to find free protocol stacks. And this was because the standards and specification were all copyrighted by the ITU and had to be purchased. Therefore no self-respecting open-source hackers or academics were going to touch it. The IETF and the free nature of RFCs etc to my mind is prime driver for the wonderful spread of internet and it's releated technologies).  I did a little googling for "ipv6 us government mandate" and there is stuff there - but not much. 
http://www.wcsr.com/default.asp?id=114&objId=181 reports that only slow progress is being made. Also the mandate at this stage seems to be only at the very core of the networks. My guess is that most will just be doing the bare IPv4 inside of IPv6 tunnelling that is required. This will be not much different from say what is happening with the core of ISPs transition from ATM to MPLS that has been happening over the last 5 years or so. This sort of thing has been totally transparent to end users (apart from some marketing from the carriers on their "next generation MPLS networks".)
But despite my nay-saying I still think we should be encouraging customers and suppliers to examine the future and at least make it available for our evaluation, as Christopher has suggested. It probably is about time I rattled by ISPs chain so I might do that. (Actually an area that I think you should really hassle them about is proper IP multicast and end-to-end quality of service. That way things like IP streaming of multimedia would actually work properly, and without having to either duplicate the same streams a gazillion times. The only problem is that it probably requires your ISP to talk to their upstream provider into providing the same service (and so on). This is probably a difficult thing)
Enough musings for now, regards Martin
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6

[Martin Visser]

Also for a positive slant on where Australia might be headed for with IPv6 there appears be even a summit - http://www.isoc-au.org.au/ipv6summit/  Papers from last years summit are available here 
http://www.isoc-au.org.au/ipv6summit05/abstracts.html
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6

[Martin Barry]

$quoted_author = "Howard Lowndes" ;
> 
> I seem to recall reading somewhere that some major US agencies - I think 
>  one was DoD - are mandating that their systems change over in 2008, so 
> I think the urgency might be nearer than you predict.

i think you will find that they are mandating _support_ for IPv6 which is
quite seperate to the _use_ of IPv6.

what we need to see is that everything in the core of networks can handle
IPv6 by the time everything at the edge can use it.

only once people are convinced that services won't be broken will they host
them on IPv6 space. this is easier to do within networks where the
environment is known. can you imagine how long it's going to take before
major public websites are hosted on IPv6 space?!?

cheers
marty

-- 
IMPORTANT: This email is intended for the use of the individual addressee(s)
named above and may contain information that is confidential, privileged or
unsuitable for overly sensitive persons with low self-esteem, no sense of
humour or irrational religious beliefs. If you are not the intended recipient,
any dissemination, distribution or copying of this email is not authorised
(either explicitly or implicitly) and constitutes an irritating social faux
pas.

Unless the word absquatulation has been used in its correct context somewhere
other than in this warning, it does not have any legal or no grammatical use
and may be ignored. No animals were harmed in the transmission of this email,
although the kelpie next door is living on borrowed time, let me tell you.
Those of you with an overwhelming fear of the unknown will be gratified to
learn that there is no hidden message revealed by reading this warning
backwards, so just ignore that Alert Notice from Microsoft.

However, by pouring a complete circle of salt around yourself and your computer
you can ensure that no harm befalls you and your pets. If you have received
this email in error, please add some nutmeg and egg whites, whisk and place in
a warm oven for 40 minutes.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6

[Martin Pool]

On 08/10/2006, at 06:25 , Howard Lowndes wrote:

I seem to recall reading somewhere that some major US agencies - I  
think  one was DoD - are mandating that their systems change over  
in 2008, so I think the urgency might be nearer than you predict.


Well, there was also a mandate to switch from TCP/IP to OSI...

  http://findarticles.com/p/articles/mi_m0SMG/is_n1_v8/ai_6281886

If there were any remaining doubts about the future success of  
computer network protocols based on the Open Systems  
Interconnection model, a 1987 letter from the Department of Defense  
to all services

Perhaps I'm crazy but my money's still on TCP.

If the DoD switches all their systems to IPv6 it might make more  
suppliers support it, but OS/firmware support is not really what's  
lacking.  Linux has had IPv6 for years and how many people use it?


--
Martin



--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6.broadway.aarnet.net.au

[Christopher Vance]

On 10/23/07, Alex Samad <[EMAIL PROTECTED]> wrote:
> Any one know what has happened to ipv6.broadway.aarnet.net.au 
> (::192.231.212.5)
> , I used to use it as a 6to4 gateway.  But it doesn't seem to be working any
> more.

I have an explicit tunnel (2001::/16), rather than 6to4 (2002::/16),
with broker.aarnet.net.au, and it passes my traffic just fine, as it
has for years.

-- 
Christopher
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6.broadway.aarnet.net.au

[Glen Turner]

On Tue, 2007-10-23 at 10:26 +1000, Alex Samad wrote:
> Hi
> 
> Any one know what has happened to ipv6.broadway.aarnet.net.au 
> (::192.231.212.5) 
> , I used to use it as a 6to4 gateway.  But it doesn't seem to be working any 
> more.

I'll find out.

-- 
 Glen Turner

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6.broadway.aarnet.net.au

[Alex Samad]

On Tue, Oct 23, 2007 at 10:38:28AM +1000, Christopher Vance wrote:
> On 10/23/07, Alex Samad <[EMAIL PROTECTED]> wrote:
> > Any one know what has happened to ipv6.broadway.aarnet.net.au 
> > (::192.231.212.5)
> > , I used to use it as a 6to4 gateway.  But it doesn't seem to be working any
> > more.
> 
> I have an explicit tunnel (2001::/16), rather than 6to4 (2002::/16),
> with broker.aarnet.net.au, and it passes my traffic just fine, as it
> has for years.
cool, tried it, looks like I have been there before, I have a userid, but 
forgotten my password :(

I will want to set this on an openwrt box, do you see any problems ?

> 
> -- 
> Christopher
> -- 
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
> 


signature.asc
Description: Digital signature
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6.broadway.aarnet.net.au

[Christopher Vance]

On 10/23/07, Alex Samad <[EMAIL PROTECTED]> wrote:
> I will want to set this on an openwrt box, do you see any problems ?

My gateway runs a different free OS, so I can't give explicit
step-by-steps, but I would expect Linux on your openwrt to be more
than adequate.

The ifconfig manual on my Linux box mentions tunnel, so you look mostly set.

AARNet use the Hexago broker, which talks TSP (tunnel setup protocol).
 You might find a tspc package appropriate for your hardware and
distro, or you could perhaps compile it yourself from source.

Alternatively, you can keep the tunnel up by whacking on the
appropriate web from from time to time.  For my own use, I analysed
their web form sufficiently to write a perl script I run out of cron,
avoiding the use of a binary that can get increasingly decrepit as I
do my six-monthly OS upgrade.

I could pass on a redacted copy of this if you'd like.  (It only does
the keep-alive, not the initial tunnel setup, which is just static
OS-dependent configuration.)

-- 
Christopher
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] ipv6.broadway.aarnet.net.au

[Alex Samad]

On Tue, Oct 23, 2007 at 02:02:47PM +1000, Christopher Vance wrote:
> On 10/23/07, Alex Samad <[EMAIL PROTECTED]> wrote:
> > I will want to set this on an openwrt box, do you see any problems ?
> 
> My gateway runs a different free OS, so I can't give explicit
> step-by-steps, but I would expect Linux on your openwrt to be more
> than adequate.
tracked down the a ipkg (openwrt package) for this from hexagon
> 
> The ifconfig manual on my Linux box mentions tunnel, so you look mostly set.
> 
> AARNet use the Hexago broker, which talks TSP (tunnel setup protocol).
>  You might find a tspc package appropriate for your hardware and
> distro, or you could perhaps compile it yourself from source.
> 
> Alternatively, you can keep the tunnel up by whacking on the
> appropriate web from from time to time.  For my own use, I analysed
> their web form sufficiently to write a perl script I run out of cron,
> avoiding the use of a binary that can get increasingly decrepit as I
> do my six-monthly OS upgrade.
> 
> I could pass on a redacted copy of this if you'd like.  (It only does
> the keep-alive, not the initial tunnel setup, which is just static
> OS-dependent configuration.)
> 
thanks
> -- 
> Christopher
> -- 
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
> 


signature.asc
Description: Digital signature
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6 question

[Alex Samad]

On Tue, Mar 03, 2009 at 10:55:27PM +1100, Robert Barnett wrote:
>
> Just for fun, I'm setting up a FC10 machine with as an IPv6 router.
> The tunnel device (tun0) is automatically created using a script (aiccu)

is this a 6to4 sit or are you using a tunnel broker ?


You can use ip -6 r g ipv6.google.com

or ping6 

ping6 ipv6.google.com
PING ipv6.google.com(2001:4860:c003::68) 56 data bytes
64 bytes from 2001:4860:c003::68: icmp_seq=1 ttl=60 time=387 ms

i use 6to4 addressing because I have a static ipv4 adsl address

 ip -6 r
::/96 via :: dev ppp06to4  metric 256  mtu 1440 advmss 1380 hoplimit
4294967295
unreachable 2002:3cf1:f856:8::1 dev lo  proto kernel  metric 256  error
-128 mtu 16436 advmss 16376 hoplimit 4294967295
2002:3cf1:f856:11::/64 dev eth0.0  proto kernel  metric 256  mtu 1500
advmss 1440 hoplimit 4294967295
2002::/16 dev ppp06to4  proto kernel  metric 256  mtu 1440 advmss 1380
hoplimit 4294967295
2000::/3 via ::192.88.99.1 dev ppp06to4  metric 10  mtu 1440 advmss 1380
hoplimit 4294967295
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440
hoplimit 4294967295
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440
hoplimit 4294967295
fe80::/64 dev eth0.0  proto kernel  metric 256  mtu 1500 advmss 1440
hoplimit 4294967295
fe80::/64 dev eth0.1  proto kernel  metric 256  mtu 1460 advmss 1400
hoplimit 4294967295
fe80::/64 dev ppp06to4  proto kernel  metric 256  mtu 1440 advmss 1380
hoplimit 4294967295
unreachable fe80::/64 dev lo  proto kernel  metric 256  error -128 mtu
16436 advmss 16376 hoplimit 4294967295
fe80::/64 dev wlan0  proto kernel  metric 256  mtu 1500 advmss 1440
hoplimit 4294967295
fe80::/64 dev tap0  proto kernel  metric 256  mtu 1500 advmss 1440
hoplimit 4294967295

6to4 addresses are inthe 2002::/16 space

 ifconfig ppp06to4
ppp06to4  Link encap:IPv6-in-IPv4
  inet6 addr: 2002:3cf1:f856::1/16 Scope:Global
  inet6 addr: ::60.241.248.86/128 Scope:Compat
  UP RUNNING NOARP  MTU:1440  Metric:1
  RX packets:9712 errors:0 dropped:0 overruns:0 frame:0
  TX packets:13236 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:2045103 (1.9 MiB)  TX bytes:1264034 (1.2 MiB)


i create it with 
$IP tunnel add $TUNNAME mode sit ttl 32 remote any local $IPV4ADDR
  
if you are using a broker then it will setup the interface



> I want to allow other machines to use this box as a gateway, but I think 
> I have the config wrong
>
> 1: lo:  mtu 16436
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: eth0:  mtu 1500 qlen 100
> inet6 2001:1938:83:52::3/64 scope global
>valid_lft forever preferred_lft forever
> inet6 fe80::20d:57ff:fd9b:4b24/64 scope link
>valid_lft forever preferred_lft forever
> 40: tun0:  mtu 1280 qlen 500
> inet6 2001:1938:83:52::2/64 scope global
>valid_lft forever preferred_lft forever
> inet6 fe80::1838:83:52:2/64 scope link
>valid_lft forever preferred_lft forever
>
> 2001:1938:83:52::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 
> 1440 hoplimit 4294967295
> 2001:1938:83:52::/64 dev tun0  proto kernel  metric 256  mtu 1280 advmss 
> 1220 hoplimit 4294967295
> fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440  
> hoplimit 4294967295
> fe80::/64 dev tun0  proto kernel  metric 256  mtu 1280 advmss 1220  
> hoplimit 4294967295
> default via 2001:1938:83:52::1 dev tun0  metric 1024  mtu 1280 advmss  
> 1220 hoplimit 4294967295
>
> I have radvd running and everything works well on the LAN using the  
> stateless addresses.
>
> --
>
> I've tried many combinations of a few things to solve the problem
>
> turning off /etc/init.d/iptables
>
> turning off /etc/init.d/ip6tables
>
> sysctl -w net.ipv6.conf.default.forwarding=1
>
> sysctl -w net.ipv6.conf.all.forwarding=1
>
> Restricting prefix of tun0
> # /sbin/ip -6 addr del 2001:1938:83:52::2/64 dev tun0
> # /sbin/ip -6 addr add 2001:1938:83:52::2/126 dev tun0
>
> Changing the global ip on eth0 to the same as tun0
>
> Any thoughts?
>
> Thanks
>
> Robbie Barnett
>
> rob...@barnett.id.au
> 0431864709
> Skype Name: retsil42
>
> -- 
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>

-- 
"I glance at the headlines just to kind of get a flavor for what's moving. I 
rarely read the stories, and get briefed by people who are probably read the 
news themselves."

- George W. Bush
09/21/2003
Washington, DC


signature.asc
Description: Digital signature
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6 question

[Daniel Pittman]

Robert Barnett  writes:

> Just for fun, I'm setting up a FC10 machine with as an IPv6 router.
> The tunnel device (tun0) is automatically created using a script (aiccu)
> I want to allow other machines to use this box as a gateway, but I think I
> have the config wrong

...you didn't tell us why: what is actually going wrong?

[...]

> I have radvd running and everything works well on the LAN using the
> stateless addresses.
>
> --
> I've tried many combinations of a few things to solve the problem
> turning off /etc/init.d/iptables
> turning off /etc/init.d/ip6tables
> sysctl -w net.ipv6.conf.default.forwarding=1
> sysctl -w net.ipv6.conf.all.forwarding=1
>
> Restricting prefix of tun0
> # /sbin/ip -6 addr del 2001:1938:83:52::2/64 dev tun0
> # /sbin/ip -6 addr add 2001:1938:83:52::2/126 dev tun0
>
> Changing the global ip on eth0 to the same as tun0
>
> Any thoughts?

My psychic powers fail to detect your actual problem, but nothing stands
out in that configuration as obviously broken.

Um, how about you tell us how the clients fail, what their IPv6 routing
tables say, and show us the output of ping6, traceroute6, and/or tcpdump
on the router to show where traffic is getting to?

Regards,
Daniel
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6 DDNS and DHCP3

[Glen Turner]

On 22/03/10 13:08, Peter Chubb wrote:


Has anyone added scripts to dhcpd.conf to control DDNS  records based
on MAC address?


See ddns-hostname in dhcpd.conf(5). You can set it to an expression,
see dhcp-eval(5). The vector "hardware" contains the MAC address.

Note that you can log an expression, which is useful for debugging
the expression. You just keep renewing the DHCP lease until the log
looks good, then assign write the ddns-hostname clause. See this
for the leading zero trick
https://lists.isc.org/pipermail/dhcp-users/2009-January/007726.html
and the remainder of that mailing list for fine info.

In general though, I'd recommend against DHCPv6 outside of a residential
ISP scenario (and even there the hosts will autoconf, it's the router
which takes it's address from DHCPv6). Autoconf + stateles DHCPv6 seem
to have much less difficulties.

--
 Glen Turner   
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6 DDNS and DHCP3

[Jeremy Visser]

On 22/03/10 13:38, Peter Chubb wrote:
> Has anyone added scripts to dhcpd.conf to control DDNS  records based
> on MAC address?
> 
> It's such an obvious idea, that someone must have done it!

Haven't done that, but just FYI, Windows 7 (and possibly Vista, but
haven't tested) does client-side (so may be completely irrelevant to
your use case) IPv6 DDNS updates out-of-the-box.

Make sure you serve out an FQDN via DHCP (yes, via IPv4) and that your
DNS zone allows updates. It'll add an  record automagically with a
TTL of 1200 (not sure how to adjust that).

But client-side may not be what you're after. As for something
server-side, what Glen said.



signature.asc
Description: OpenPGP digital signature
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6 DDNS and DHCP3

[Peter Chubb]

At Mon, 22 Mar 2010 15:01:10 +1030,
Glen Turner  wrote:
> 
> On 22/03/10 13:08, Peter Chubb wrote:
> >
> > Has anyone added scripts to dhcpd.conf to control DDNS  records based
> > on MAC address?
> 
> See ddns-hostname in dhcpd.conf(5). You can set it to an expression,
> see dhcp-eval(5). The vector "hardware" contains the MAC address.

I ended up shoving everything onto a shell script, and using execute().
It should be possible to do the bit-flipping directly in dhcpd though.

Here's what I ended up with:

In /etc/dhcp3/dhcpd.conf:

on commit {
   if (not static) {
  set ddns-fwd-name = option host-name;
execute ("/usr/local/bin/ddns-ipv6", ddns-fwd-name);
on expiry or release {
execute ("/usr/local/bin/ddns-ipv6", "-d",  ddns-fwd-name);
}
   }
}


And in /usr/local/bin/ddns-upv6:
#!/bin/sh
#
# Add or delete an IPv6 address record via DDNS

#
# Adjust these for your network.
PFX='2001:388::'
DOMAIN=your.domain
KEYFILE=/etc/bind/Kyour.domain.+157+51932.private

# DEBUG
#exec 2> /tmp/ddns-ipv6-log >&2
#set -x

# Run the rest in an asynchronous subshell, to allow delays
# while the ARP cache is updated.
(

# May need /usr/local/[s]bin here too.
# But don't rely on the PATH handed in, because we may be 
# run by a privileged user
PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH

# Get auto-allocated EUI-64 address via the ARP table.
ipv6addr()
{
# Ping to make sure the ARP table is populated.
until ping -c 1 "$2" > /dev/null 2>&1
do
sleep 1
done

MAC=`arp "$2" | sed -e 1d -e 's/[^ ]* * ether *\([^ ]*\) *C.*/\1/'`
# now flip bit 7 0-1 (GLOBAL not LOCAL address)
msb=`echo $MAC | sed 's/^\(..\):.*/\1/'`
NEWMSB=`echo "16i $msb 2 + 10op" | dc`
tail=`echo $MAC| sed 
"s/\(..\):\(..\):\(..\):\(..\):\(..\):\(..\)/$NEWMSB\2:\3ff:fe\4:\5\6/"`
echo $1:$tail
}

Usage()
{
echo $1 [-d] prefix ddns-name
exit 1
}

case "$1" in
-d)
DELETE=1;
shift
;;
-*)
Usage $0
;;
*)
;;
esac

if [ "$DELETE" ]
then
IPADDR=`host -t  "$1" | sed -n s'/.*address \(.*\)$/\1/p'`
[ "$IPADDR" ] || exit 1
nsupdate -k "$KEYFILE" <<-!
 server localhost
 update delete $1.$DOMAIN IN  $IPADDR
 send
!
else
IPADDR=`ipv6addr $PFX $1`
nsupdate -k "$KEYFILE" <<-!
 server localhost
 update add $1.$DOMAIN 86400 IN  $IPADDR
 send
!
fi
) &
exit 0

> 
> In general though, I'd recommend against DHCPv6 outside of a residential
> ISP scenario (and even there the hosts will autoconf, it's the router
> which takes it's address from DHCPv6). Autoconf + stateles DHCPv6 seem
> to have much less difficulties.

I'm not using DHCPv6.  I'm using autoconf for address and router 
assignment, but I want hosts to be named, and to have consistent names across 
IPv4 and IPv6.  So DHCP for IPv4 (where hostnames are assigned) needs to add
the autoconfigured IPv6 address as well as the IPv4 address when doing ddns.
--
Dr Peter Chubbwww.nicta.com.au  peter DOT chubb AT nicta.com.au
http://www.ertos.nicta.com.au   ERTOS within National ICT Australia
From Imagination to Impact   Imagining the (ICT) Future
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6 using ufw on Debian stable

[Nick Andrew]

On Tue, Jun 07, 2011 at 12:03:50PM +1000, Simon Rumble wrote:
> Jun  7 11:56:23 stout kernel: [UFW AUDIT INVALID] IN=eth0 OUT=
> MAC=f2:3c:91:96:7e:df:c8:4c:75:f5:c4:ff:86:dd
> SRC=2001:4860:4002:0802::::1012
> DST=2600:3c00:::f03c:91ff:fe96:7edf LEN=104 TC=0 HOPLIMIT=55
> FLOWLBL=0 PROTO=ICMPv6 TYPE=129 CODE=0 ID=25190 SEQ=1

I guess it just means the firewall is blocking incoming ipv6 traffic.
The firewall allowed your outbound packet through, but not the inbound
response.

Nick.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6 using ufw on Debian stable

[Simon Rumble]

On 7 June 2011 12:39, Nick Andrew  wrote:

> I guess it just means the firewall is blocking incoming ipv6 traffic.
> The firewall allowed your outbound packet through, but not the inbound
> response.
>

Yeah that's right.  But not how it should work, according to what I've been
reading.

Here's the rules I have in place, which I should have included in the
original email:

simon@stout:~$ sudo ufw status verbose
[sudo] password for simon:
Status: active
Logging: on (medium)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To Action  From
-- --  
22/tcp (OpenSSH)   ALLOW INAnywhere
25/tcp (SMTP)  ALLOW INAnywhere
80/tcp (WWW)   ALLOW INAnywhere
25/tcp (Postfix)   ALLOW INAnywhere
587/tcp (Postfix Submission) ALLOW INAnywhere
22/tcp (OpenSSH (v6))  ALLOW INAnywhere (v6)
25/tcp (SMTP (v6)) ALLOW INAnywhere (v6)
80/tcp (WWW (v6))  ALLOW INAnywhere (v6)
25/tcp (Postfix (v6))  ALLOW INAnywhere (v6)
587/tcp (Postfix Submission (v6)) ALLOW INAnywhere (v6)

-- 
Simon Rumble 
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6 using ufw on Debian stable

[miloska]

On 7 June 2011 12:47, Simon Rumble  wrote:
> On 7 June 2011 12:39, Nick Andrew  wrote:
>
>> I guess it just means the firewall is blocking incoming ipv6 traffic.
>> The firewall allowed your outbound packet through, but not the inbound
>> response.
>>
>
> Yeah that's right.  But not how it should work, according to what I've been
> reading.
>


You need a rule to allow packages for existing connections in -
something like this:

$IPT6 -A INPUT -i $PUB_IF -m state --state RELATED,ESTABLISHED -j ACCEPT

I'm not sure if you need any special setup to tell to the kernel that
connections should be tracked for v6 as well.


I'm not familiar with ufw so I'm not sure how it's called there.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6 using ufw on Debian stable

[Michael Chesterton]

On Tue, Jun 7, 2011 at 1:56 PM, miloska  wrote:

> You need a rule to allow packages for existing connections in -
> something like this:
>
> $IPT6 -A INPUT -i $PUB_IF -m state --state RELATED,ESTABLISHED -j ACCEPT
>
> I'm not sure if you need any special setup to tell to the kernel that
> connections should be tracked for v6 as well.
>
> I'm not familiar with ufw so I'm not sure how it's called there.


 I believe the old stable 2.6.18 kernel on linode doesn't support ipv6
connection tracking. If you're running that kernel, swapping to the new
linode kernel will solve that.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6 using ufw on Debian stable

[Nick Andrew]

On Tue, Jun 07, 2011 at 12:47:05PM +1000, Simon Rumble wrote:
> To Action  From
> -- --  
> 22/tcp (OpenSSH)   ALLOW INAnywhere
> 25/tcp (SMTP)  ALLOW INAnywhere
> 80/tcp (WWW)   ALLOW INAnywhere
> 25/tcp (Postfix)   ALLOW INAnywhere
> 587/tcp (Postfix Submission) ALLOW INAnywhere
> 22/tcp (OpenSSH (v6))  ALLOW INAnywhere (v6)
> 25/tcp (SMTP (v6)) ALLOW INAnywhere (v6)
> 80/tcp (WWW (v6))  ALLOW INAnywhere (v6)
> 25/tcp (Postfix (v6))  ALLOW INAnywhere (v6)
> 587/tcp (Postfix Submission (v6)) ALLOW INAnywhere (v6)

There's no ICMP6 in that list, which is why your ping responses were
blocked.

Nick.
-- 
PGP Key ID = 0x418487E7  http://www.nick-andrew.net/
PGP Key fingerprint = B3ED 6894 8E49 1770 C24A  67E3 6266 6EB9 4184 87E7
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] IPv6 using ufw on Debian stable

[Simon Rumble]

On 7 June 2011 17:12, Nick Andrew  wrote:

> There's no ICMP6 in that list, which is why your ping responses were
> blocked.
>

ufw allows ICMP (4 and 6) by default.  The problem was that the Linode
kernel (Xen kernels with no module support) didn't have IPv6 connection
tracking compiled in.  Updated to a more recent kernel and away we go!

So for IPv6 Day, my web server and, get this, gopher server are available
via IPv6!

http://rumble.net/
gopher://rumble.net/

-- 
Simon Rumble 
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html