Re: [SLUG] IPv6 using ufw on Debian stable
On Tue, Jun 07, 2011 at 12:47:05PM +1000, Simon Rumble wrote: To Action From -- -- 22/tcp (OpenSSH) ALLOW INAnywhere 25/tcp (SMTP) ALLOW INAnywhere 80/tcp (WWW) ALLOW INAnywhere 25/tcp (Postfix) ALLOW INAnywhere 587/tcp (Postfix Submission) ALLOW INAnywhere 22/tcp (OpenSSH (v6)) ALLOW INAnywhere (v6) 25/tcp (SMTP (v6)) ALLOW INAnywhere (v6) 80/tcp (WWW (v6)) ALLOW INAnywhere (v6) 25/tcp (Postfix (v6)) ALLOW INAnywhere (v6) 587/tcp (Postfix Submission (v6)) ALLOW INAnywhere (v6) There's no ICMP6 in that list, which is why your ping responses were blocked. Nick. -- PGP Key ID = 0x418487E7 http://www.nick-andrew.net/ PGP Key fingerprint = B3ED 6894 8E49 1770 C24A 67E3 6266 6EB9 4184 87E7 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6 using ufw on Debian stable
On 7 June 2011 17:12, Nick Andrew n...@nick-andrew.net wrote: There's no ICMP6 in that list, which is why your ping responses were blocked. ufw allows ICMP (4 and 6) by default. The problem was that the Linode kernel (Xen kernels with no module support) didn't have IPv6 connection tracking compiled in. Updated to a more recent kernel and away we go! So for IPv6 Day, my web server and, get this, gopher server are available via IPv6! http://rumble.net/ gopher://rumble.net/ -- Simon Rumble si...@rumble.net -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6 using ufw on Debian stable
On Tue, Jun 07, 2011 at 12:03:50PM +1000, Simon Rumble wrote: Jun 7 11:56:23 stout kernel: [UFW AUDIT INVALID] IN=eth0 OUT= MAC=f2:3c:91:96:7e:df:c8:4c:75:f5:c4:ff:86:dd SRC=2001:4860:4002:0802::::1012 DST=2600:3c00:::f03c:91ff:fe96:7edf LEN=104 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=ICMPv6 TYPE=129 CODE=0 ID=25190 SEQ=1 I guess it just means the firewall is blocking incoming ipv6 traffic. The firewall allowed your outbound packet through, but not the inbound response. Nick. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6 using ufw on Debian stable
On 7 June 2011 12:39, Nick Andrew n...@nick-andrew.net wrote: I guess it just means the firewall is blocking incoming ipv6 traffic. The firewall allowed your outbound packet through, but not the inbound response. Yeah that's right. But not how it should work, according to what I've been reading. Here's the rules I have in place, which I should have included in the original email: simon@stout:~$ sudo ufw status verbose [sudo] password for simon: Status: active Logging: on (medium) Default: deny (incoming), allow (outgoing) New profiles: skip To Action From -- -- 22/tcp (OpenSSH) ALLOW INAnywhere 25/tcp (SMTP) ALLOW INAnywhere 80/tcp (WWW) ALLOW INAnywhere 25/tcp (Postfix) ALLOW INAnywhere 587/tcp (Postfix Submission) ALLOW INAnywhere 22/tcp (OpenSSH (v6)) ALLOW INAnywhere (v6) 25/tcp (SMTP (v6)) ALLOW INAnywhere (v6) 80/tcp (WWW (v6)) ALLOW INAnywhere (v6) 25/tcp (Postfix (v6)) ALLOW INAnywhere (v6) 587/tcp (Postfix Submission (v6)) ALLOW INAnywhere (v6) -- Simon Rumble si...@rumble.net -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6 using ufw on Debian stable
On 7 June 2011 12:47, Simon Rumble si...@rumble.net wrote: On 7 June 2011 12:39, Nick Andrew n...@nick-andrew.net wrote: I guess it just means the firewall is blocking incoming ipv6 traffic. The firewall allowed your outbound packet through, but not the inbound response. Yeah that's right. But not how it should work, according to what I've been reading. You need a rule to allow packages for existing connections in - something like this: $IPT6 -A INPUT -i $PUB_IF -m state --state RELATED,ESTABLISHED -j ACCEPT I'm not sure if you need any special setup to tell to the kernel that connections should be tracked for v6 as well. I'm not familiar with ufw so I'm not sure how it's called there. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6 using ufw on Debian stable
On Tue, Jun 7, 2011 at 1:56 PM, miloska milo...@gmail.com wrote: You need a rule to allow packages for existing connections in - something like this: $IPT6 -A INPUT -i $PUB_IF -m state --state RELATED,ESTABLISHED -j ACCEPT I'm not sure if you need any special setup to tell to the kernel that connections should be tracked for v6 as well. I'm not familiar with ufw so I'm not sure how it's called there. I believe the old stable 2.6.18 kernel on linode doesn't support ipv6 connection tracking. If you're running that kernel, swapping to the new linode kernel will solve that. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6 DDNS and DHCP3
On 22/03/10 13:38, Peter Chubb wrote: Has anyone added scripts to dhcpd.conf to control DDNS records based on MAC address? It's such an obvious idea, that someone must have done it! Haven't done that, but just FYI, Windows 7 (and possibly Vista, but haven't tested) does client-side (so may be completely irrelevant to your use case) IPv6 DDNS updates out-of-the-box. Make sure you serve out an FQDN via DHCP (yes, via IPv4) and that your DNS zone allows updates. It'll add an record automagically with a TTL of 1200 (not sure how to adjust that). But client-side may not be what you're after. As for something server-side, what Glen said. signature.asc Description: OpenPGP digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6 DDNS and DHCP3
At Mon, 22 Mar 2010 15:01:10 +1030, Glen Turner g...@gdt.id.au wrote: On 22/03/10 13:08, Peter Chubb wrote: Has anyone added scripts to dhcpd.conf to control DDNS records based on MAC address? See ddns-hostname in dhcpd.conf(5). You can set it to an expression, see dhcp-eval(5). The vector hardware contains the MAC address. I ended up shoving everything onto a shell script, and using execute(). It should be possible to do the bit-flipping directly in dhcpd though. Here's what I ended up with: In /etc/dhcp3/dhcpd.conf: on commit { if (not static) { set ddns-fwd-name = option host-name; execute (/usr/local/bin/ddns-ipv6, ddns-fwd-name); on expiry or release { execute (/usr/local/bin/ddns-ipv6, -d, ddns-fwd-name); } } } And in /usr/local/bin/ddns-upv6: #!/bin/sh # # Add or delete an IPv6 address record via DDNS # # Adjust these for your network. PFX='2001:388::' DOMAIN=your.domain KEYFILE=/etc/bind/Kyour.domain.+157+51932.private # DEBUG #exec 2 /tmp/ddns-ipv6-log 2 #set -x # Run the rest in an asynchronous subshell, to allow delays # while the ARP cache is updated. ( # May need /usr/local/[s]bin here too. # But don't rely on the PATH handed in, because we may be # run by a privileged user PATH=/sbin:/usr/sbin:/bin:/usr/bin export PATH # Get auto-allocated EUI-64 address via the ARP table. ipv6addr() { # Ping to make sure the ARP table is populated. until ping -c 1 $2 /dev/null 21 do sleep 1 done MAC=`arp $2 | sed -e 1d -e 's/[^ ]* * ether *\([^ ]*\) *C.*/\1/'` # now flip bit 7 0-1 (GLOBAL not LOCAL address) msb=`echo $MAC | sed 's/^\(..\):.*/\1/'` NEWMSB=`echo 16i $msb 2 + 10op | dc` tail=`echo $MAC| sed s/\(..\):\(..\):\(..\):\(..\):\(..\):\(..\)/$NEWMSB\2:\3ff:fe\4:\5\6/` echo $1:$tail } Usage() { echo $1 [-d] prefix ddns-name exit 1 } case $1 in -d) DELETE=1; shift ;; -*) Usage $0 ;; *) ;; esac if [ $DELETE ] then IPADDR=`host -t $1 | sed -n s'/.*address \(.*\)$/\1/p'` [ $IPADDR ] || exit 1 nsupdate -k $KEYFILE -! server localhost update delete $1.$DOMAIN IN $IPADDR send ! else IPADDR=`ipv6addr $PFX $1` nsupdate -k $KEYFILE -! server localhost update add $1.$DOMAIN 86400 IN $IPADDR send ! fi ) exit 0 In general though, I'd recommend against DHCPv6 outside of a residential ISP scenario (and even there the hosts will autoconf, it's the router which takes it's address from DHCPv6). Autoconf + stateles DHCPv6 seem to have much less difficulties. I'm not using DHCPv6. I'm using autoconf for address and router assignment, but I want hosts to be named, and to have consistent names across IPv4 and IPv6. So DHCP for IPv4 (where hostnames are assigned) needs to add the autoconfigured IPv6 address as well as the IPv4 address when doing ddns. -- Dr Peter Chubbwww.nicta.com.au peter DOT chubb AT nicta.com.au http://www.ertos.nicta.com.au ERTOS within National ICT Australia From Imagination to Impact Imagining the (ICT) Future -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6 DDNS and DHCP3
On 22/03/10 13:08, Peter Chubb wrote: Has anyone added scripts to dhcpd.conf to control DDNS records based on MAC address? See ddns-hostname in dhcpd.conf(5). You can set it to an expression, see dhcp-eval(5). The vector hardware contains the MAC address. Note that you can log an expression, which is useful for debugging the expression. You just keep renewing the DHCP lease until the log looks good, then assign write the ddns-hostname clause. See this for the leading zero trick https://lists.isc.org/pipermail/dhcp-users/2009-January/007726.html and the remainder of that mailing list for fine info. In general though, I'd recommend against DHCPv6 outside of a residential ISP scenario (and even there the hosts will autoconf, it's the router which takes it's address from DHCPv6). Autoconf + stateles DHCPv6 seem to have much less difficulties. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6 question
On Tue, Mar 03, 2009 at 10:55:27PM +1100, Robert Barnett wrote: Just for fun, I'm setting up a FC10 machine with as an IPv6 router. The tunnel device (tun0) is automatically created using a script (aiccu) is this a 6to4 sit or are you using a tunnel broker ? You can use ip -6 r g ipv6.google.com or ping6 ping6 ipv6.google.com PING ipv6.google.com(2001:4860:c003::68) 56 data bytes 64 bytes from 2001:4860:c003::68: icmp_seq=1 ttl=60 time=387 ms i use 6to4 addressing because I have a static ipv4 adsl address ip -6 r ::/96 via :: dev ppp06to4 metric 256 mtu 1440 advmss 1380 hoplimit 4294967295 unreachable 2002:3cf1:f856:8::1 dev lo proto kernel metric 256 error -128 mtu 16436 advmss 16376 hoplimit 4294967295 2002:3cf1:f856:11::/64 dev eth0.0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 2002::/16 dev ppp06to4 proto kernel metric 256 mtu 1440 advmss 1380 hoplimit 4294967295 2000::/3 via ::192.88.99.1 dev ppp06to4 metric 10 mtu 1440 advmss 1380 hoplimit 4294967295 fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth1 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth0.0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth0.1 proto kernel metric 256 mtu 1460 advmss 1400 hoplimit 4294967295 fe80::/64 dev ppp06to4 proto kernel metric 256 mtu 1440 advmss 1380 hoplimit 4294967295 unreachable fe80::/64 dev lo proto kernel metric 256 error -128 mtu 16436 advmss 16376 hoplimit 4294967295 fe80::/64 dev wlan0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev tap0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 6to4 addresses are inthe 2002::/16 space ifconfig ppp06to4 ppp06to4 Link encap:IPv6-in-IPv4 inet6 addr: 2002:3cf1:f856::1/16 Scope:Global inet6 addr: ::60.241.248.86/128 Scope:Compat UP RUNNING NOARP MTU:1440 Metric:1 RX packets:9712 errors:0 dropped:0 overruns:0 frame:0 TX packets:13236 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2045103 (1.9 MiB) TX bytes:1264034 (1.2 MiB) i create it with $IP tunnel add $TUNNAME mode sit ttl 32 remote any local $IPV4ADDR if you are using a broker then it will setup the interface I want to allow other machines to use this box as a gateway, but I think I have the config wrong 1: lo: LOOPBACK,UP,LOWER_UP mtu 16436 inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qlen 100 inet6 2001:1938:83:52::3/64 scope global valid_lft forever preferred_lft forever inet6 fe80::20d:57ff:fd9b:4b24/64 scope link valid_lft forever preferred_lft forever 40: tun0: POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP mtu 1280 qlen 500 inet6 2001:1938:83:52::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::1838:83:52:2/64 scope link valid_lft forever preferred_lft forever 2001:1938:83:52::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 2001:1938:83:52::/64 dev tun0 proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 4294967295 fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev tun0 proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 4294967295 default via 2001:1938:83:52::1 dev tun0 metric 1024 mtu 1280 advmss 1220 hoplimit 4294967295 I have radvd running and everything works well on the LAN using the stateless addresses. -- I've tried many combinations of a few things to solve the problem turning off /etc/init.d/iptables turning off /etc/init.d/ip6tables sysctl -w net.ipv6.conf.default.forwarding=1 sysctl -w net.ipv6.conf.all.forwarding=1 Restricting prefix of tun0 # /sbin/ip -6 addr del 2001:1938:83:52::2/64 dev tun0 # /sbin/ip -6 addr add 2001:1938:83:52::2/126 dev tun0 Changing the global ip on eth0 to the same as tun0 Any thoughts? Thanks Robbie Barnett rob...@barnett.id.au 0431864709 Skype Name: retsil42 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- I glance at the headlines just to kind of get a flavor for what's moving. I rarely read the stories, and get briefed by people who are probably read the news themselves. - George W. Bush 09/21/2003 Washington, DC signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6 question
Robert Barnett rob...@barnett.id.au writes: Just for fun, I'm setting up a FC10 machine with as an IPv6 router. The tunnel device (tun0) is automatically created using a script (aiccu) I want to allow other machines to use this box as a gateway, but I think I have the config wrong ...you didn't tell us why: what is actually going wrong? [...] I have radvd running and everything works well on the LAN using the stateless addresses. -- I've tried many combinations of a few things to solve the problem turning off /etc/init.d/iptables turning off /etc/init.d/ip6tables sysctl -w net.ipv6.conf.default.forwarding=1 sysctl -w net.ipv6.conf.all.forwarding=1 Restricting prefix of tun0 # /sbin/ip -6 addr del 2001:1938:83:52::2/64 dev tun0 # /sbin/ip -6 addr add 2001:1938:83:52::2/126 dev tun0 Changing the global ip on eth0 to the same as tun0 Any thoughts? My psychic powers fail to detect your actual problem, but nothing stands out in that configuration as obviously broken. Um, how about you tell us how the clients fail, what their IPv6 routing tables say, and show us the output of ping6, traceroute6, and/or tcpdump on the router to show where traffic is getting to? Regards, Daniel -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6.broadway.aarnet.net.au
On Tue, Oct 23, 2007 at 02:02:47PM +1000, Christopher Vance wrote: On 10/23/07, Alex Samad [EMAIL PROTECTED] wrote: I will want to set this on an openwrt box, do you see any problems ? My gateway runs a different free OS, so I can't give explicit step-by-steps, but I would expect Linux on your openwrt to be more than adequate. tracked down the a ipkg (openwrt package) for this from hexagon The ifconfig manual on my Linux box mentions tunnel, so you look mostly set. AARNet use the Hexago broker, which talks TSP (tunnel setup protocol). You might find a tspc package appropriate for your hardware and distro, or you could perhaps compile it yourself from source. Alternatively, you can keep the tunnel up by whacking on the appropriate web from from time to time. For my own use, I analysed their web form sufficiently to write a perl script I run out of cron, avoiding the use of a binary that can get increasingly decrepit as I do my six-monthly OS upgrade. I could pass on a redacted copy of this if you'd like. (It only does the keep-alive, not the initial tunnel setup, which is just static OS-dependent configuration.) thanks -- Christopher -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6.broadway.aarnet.net.au
On 10/23/07, Alex Samad [EMAIL PROTECTED] wrote: Any one know what has happened to ipv6.broadway.aarnet.net.au (::192.231.212.5) , I used to use it as a 6to4 gateway. But it doesn't seem to be working any more. I have an explicit tunnel (2001::/16), rather than 6to4 (2002::/16), with broker.aarnet.net.au, and it passes my traffic just fine, as it has for years. -- Christopher -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6.broadway.aarnet.net.au
On Tue, 2007-10-23 at 10:26 +1000, Alex Samad wrote: Hi Any one know what has happened to ipv6.broadway.aarnet.net.au (::192.231.212.5) , I used to use it as a 6to4 gateway. But it doesn't seem to be working any more. I'll find out. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6.broadway.aarnet.net.au
On Tue, Oct 23, 2007 at 10:38:28AM +1000, Christopher Vance wrote: On 10/23/07, Alex Samad [EMAIL PROTECTED] wrote: Any one know what has happened to ipv6.broadway.aarnet.net.au (::192.231.212.5) , I used to use it as a 6to4 gateway. But it doesn't seem to be working any more. I have an explicit tunnel (2001::/16), rather than 6to4 (2002::/16), with broker.aarnet.net.au, and it passes my traffic just fine, as it has for years. cool, tried it, looks like I have been there before, I have a userid, but forgotten my password :( I will want to set this on an openwrt box, do you see any problems ? -- Christopher -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6.broadway.aarnet.net.au
On 10/23/07, Alex Samad [EMAIL PROTECTED] wrote: I will want to set this on an openwrt box, do you see any problems ? My gateway runs a different free OS, so I can't give explicit step-by-steps, but I would expect Linux on your openwrt to be more than adequate. The ifconfig manual on my Linux box mentions tunnel, so you look mostly set. AARNet use the Hexago broker, which talks TSP (tunnel setup protocol). You might find a tspc package appropriate for your hardware and distro, or you could perhaps compile it yourself from source. Alternatively, you can keep the tunnel up by whacking on the appropriate web from from time to time. For my own use, I analysed their web form sufficiently to write a perl script I run out of cron, avoiding the use of a binary that can get increasingly decrepit as I do my six-monthly OS upgrade. I could pass on a redacted copy of this if you'd like. (It only does the keep-alive, not the initial tunnel setup, which is just static OS-dependent configuration.) -- Christopher -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPV6
Solved the problem. Found the addresses of my ISPs DNSs and programmed them in. Much faster!!! Thanks for the assistance, it is really appreciated. I should have thought of this but I was blinded by my confidence in the new ADSL router/modem. Thanks again Ashley tuxta2 wrote: Dean Hamstead wrote: cat your resolv.conf (cat /etc/resolv.conf) then test each server by hand ie nslookup google.com 256.256.256.256 where the obviously wrong ip address is the nslookup server are you using a billion router? i found that its internal name server was 100% happy with windows but it seriously didnt like unix clients. Dean My parents Dlink modem/router handled dns fine on Doze, but I had the same problem as described in this thread on Ubuntu. To fix it I just set the ip statically and tried a few different dns servers until I found the best performing one and shoved it in /etc/resolv.conf Since then, we have all noticed Ubuntu / firefox returning pages faster than their old Doze install. Hope that helps some Tuxta -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPV6
The line in your response from nslookup, ;; reply from unexpected source: 192.168.1.1#3073, expected 192.168.1.1#53 definitely looks like the culprit. DNS responses should source from UDP port 53. I'm sure with the the Linux resolver normally blocks a response not from port 53. It could be that your firewall (on Linux) might be stopping it. (Though it is interesting that you seem to get responses through eventually). You might want to see if there is a firmware upgrade for your router. Regards, Martin Martin Visser -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPV6
local dns problems will manifest themselves as failed look ups, long look up times then normal transfer rates. if domain names are resolving properly they will be resolving to ipv4 addresses and the stack will use the right protocol. check your network cable, switch/hub port and look at /var/log/messages for error messages - it could also be your network card. Dean On Mon, November 27, 2006 11:24 pm, Ashley wrote: Hi All, My ADSL is as slow as dialup when searching for pages. even google takes 30-60 seconds to start to display. I know it's only 512k ADSL but I think there must be a problem as my daughter's XP machine displays all pages very quickly. My machine is an AMD64 3300+ running Ubuntu64 6.10 and my daughter's is a 1700 celeron with XP. I assumed the problem was DNS related but we both use the same DNS. The only thing I can see that is significantly different is the existance of ipV6 addresses How do I stop Ubuntu 6.10 trying to use ipV6. I've removed the addresses where I could find them, but still I get them displayed when I do an ifconfig. TIA Ashley -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPV6
Hi Dean, Actually what I am getting is very long lookup times but the transfer rate, on downloads, is just fine. Ashley -- Original Message -- Date: Mon, 27 Nov 2006 23:46:43 +1100 (EST) Subject: Re: [SLUG] IPV6 From: Dean Hamstead [EMAIL PROTECTED] To: Ashley [EMAIL PROTECTED] Cc: slug@slug.org.au local dns problems will manifest themselves as failed look ups, long look up times then normal transfer rates. if domain names are resolving properly they will be resolving to ipv4 addresses and the stack will use the right protocol. check your network cable, switch/hub port and look at /var/log/messages for error messages - it could also be your network card. Dean On Mon, November 27, 2006 11:24 pm, Ashley wrote: Hi All, My ADSL is as slow as dialup when searching for pages. even google takes 30-60 seconds to start to display. I know it's only 512k ADSL but I think there must be a problem as my daughter's XP machine displays all pages very quickly. My machine is an AMD64 3300+ running Ubuntu64 6.10 and my daughter's is a 1700 celeron with XP. I assumed the problem was DNS related but we both use the same DNS. The only thing I can see that is significantly different is the existance of ipV6 addresses How do I stop Ubuntu 6.10 trying to use ipV6. I've removed the addresses where I could find them, but still I get them displayed when I do an ifconfig. TIA Ashley -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html Stay well happy Ashley -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPV6
cat your resolv.conf (cat /etc/resolv.conf) then test each server by hand ie nslookup google.com 256.256.256.256 where the obviously wrong ip address is the nslookup server are you using a billion router? i found that its internal name server was 100% happy with windows but it seriously didnt like unix clients. Dean [EMAIL PROTECTED] wrote: Hi Dean, Actually what I am getting is very long lookup times but the transfer rate, on downloads, is just fine. Ashley -- Original Message -- Date: Mon, 27 Nov 2006 23:46:43 +1100 (EST) Subject: Re: [SLUG] IPV6 From: Dean Hamstead [EMAIL PROTECTED] To: Ashley [EMAIL PROTECTED] Cc: slug@slug.org.au local dns problems will manifest themselves as failed look ups, long look up times then normal transfer rates. if domain names are resolving properly they will be resolving to ipv4 addresses and the stack will use the right protocol. check your network cable, switch/hub port and look at /var/log/messages for error messages - it could also be your network card. Dean On Mon, November 27, 2006 11:24 pm, Ashley wrote: Hi All, My ADSL is as slow as dialup when searching for pages. even google takes 30-60 seconds to start to display. I know it's only 512k ADSL but I think there must be a problem as my daughter's XP machine displays all pages very quickly. My machine is an AMD64 3300+ running Ubuntu64 6.10 and my daughter's is a 1700 celeron with XP. I assumed the problem was DNS related but we both use the same DNS. The only thing I can see that is significantly different is the existance of ipV6 addresses How do I stop Ubuntu 6.10 trying to use ipV6. I've removed the addresses where I could find them, but still I get them displayed when I do an ifconfig. TIA Ashley -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html Stay well happy Ashley -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPV6
Dean Hamstead wrote: cat your resolv.conf (cat /etc/resolv.conf) then test each server by hand ie nslookup google.com 256.256.256.256 where the obviously wrong ip address is the nslookup server are you using a billion router? i found that its internal name server was 100% happy with windows but it seriously didnt like unix clients. Dean My parents Dlink modem/router handled dns fine on Doze, but I had the same problem as described in this thread on Ubuntu. To fix it I just set the ip statically and tried a few different dns servers until I found the best performing one and shoved it in /etc/resolv.conf Since then, we have all noticed Ubuntu / firefox returning pages faster than their old Doze install. Hope that helps some Tuxta -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPV6
Thanks Guys, Cat resolv.conf gives only my router ie. only one line! Then nslookup google.com 192.168.1.1 gives: ;; reply from unexpected source: 192.168.1.1#3073, expected 192.168.1.1#53 Server: 192.168.1.1 Address:192.168.1.1#53 Non-authoritative answer: Name: google.com Address: 64.233.187.99 I have a netcomm nb5 adsl2+ modem/router. I will try the option offered by Tuxta next to see if that helps. I'll have to find a few DNSs first however. Any one with a suggestion? Thanks again Ashley Dean Hamstead wrote: cat your resolv.conf (cat /etc/resolv.conf) then test each server by hand ie nslookup google.com 256.256.256.256 where the obviously wrong ip address is the nslookup server are you using a billion router? i found that its internal name server was 100% happy with windows but it seriously didnt like unix clients. Dean [EMAIL PROTECTED] wrote: Hi Dean, Actually what I am getting is very long lookup times but the transfer rate, on downloads, is just fine. Ashley -- Original Message -- Date: Mon, 27 Nov 2006 23:46:43 +1100 (EST) Subject: Re: [SLUG] IPV6 From: Dean Hamstead [EMAIL PROTECTED] To: Ashley [EMAIL PROTECTED] Cc: slug@slug.org.au local dns problems will manifest themselves as failed look ups, long look up times then normal transfer rates. if domain names are resolving properly they will be resolving to ipv4 addresses and the stack will use the right protocol. check your network cable, switch/hub port and look at /var/log/messages for error messages - it could also be your network card. Dean On Mon, November 27, 2006 11:24 pm, Ashley wrote: Hi All, My ADSL is as slow as dialup when searching for pages. even google takes 30-60 seconds to start to display. I know it's only 512k ADSL but I think there must be a problem as my daughter's XP machine displays all pages very quickly. My machine is an AMD64 3300+ running Ubuntu64 6.10 and my daughter's is a 1700 celeron with XP. I assumed the problem was DNS related but we both use the same DNS. The only thing I can see that is significantly different is the existance of ipV6 addresses How do I stop Ubuntu 6.10 trying to use ipV6. I've removed the addresses where I could find them, but still I get them displayed when I do an ifconfig. TIA Ashley -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html Stay well happy Ashley -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
RE: [SLUG] IPv6
Please be aware! This e-mail is liberally mixed with my personal opinion as well as technical fact, so read with that in mind. If you will be annoyed or offended by a little (or perhaps a lot) of ranting I suggest you skip this mail. Want my opinion of the modern ISP, read on... I did a quick Google in an attempt to find the benefits that IPv6 has over IPv4. There does not seem to be a killer app for IPv6. The thing that impressed me is the ability for a IPv6 node to be mobile and maybe with the prevalence of wireless ISPs IPv6 will become a reality. I also read that IPv6 is more efficient to route, so what does that mean in percentage terms? Do you think it will be a good idea to start IPv6 networks from the ground up, instead of starting with IPv4 and upgrading to IPv6? That's the biggest sticking point... For IPv6 every app is the killer app, and that's actually harder to sell than you may first think. Secondly, there's no regulator. That's great for decentralisation and equality (sort of, and even so only in some cases) but it means there is no-one to mandate an update. And as most executives are cowards (if you think you're worried about your job, think of how much of a dork/tool/knob your CEO is and keep in mind that he probably knows he is out of his depth, and worries constantly that he'll be found out) so it's not like some turkey like Trujillo is going to risk his job over a new protocol, especially when no-one else is doing it. That's 90% of a CEO's job these days, it seems: don't do anything risky, and only do what has succeeded before. And if you're not a technology company, well then it's likely that the CIO is some accounting recycle or, worse, some boob from Marketing who wanted better oversight of the website so he sleazed his way into the role. I even saw a HR migrant once. HR. It's a nightmare only previously hinted to in the panels of Dilbert cartoons. Everyone has gotten so used to bandaids and hacks that we've missed the true benefit of IPv6: rationalisation. We were running out off addressing, IPv6 was taking too long and so we got NAT. NAT sucks. Sure, there are some security by obscurity benefits, but the internet was a peer network to start with. I've been fortunate enough to participate in a community network in my area, and I have come to love having a range of static addresses I control. And part of making a not-for-profit network work was IPv6, because it gave us addressing to burn. The infuriating issue we have struck, specifically, is acquiring internet routable addressing, because APNIC and the like cling to the old ideals of a tiered internet and limited resources, when, for the 'net as a whole to take the next step, resources have to become a secondary concern through them being abundant. But I digress... IPv6 turns packet level encryption from a PITA hack to core feature. QoS is a design priority and not an afterthought. RSVP is not fun. IPv6 is engineered, it works and has (almost) stopped changing under our feet (wasn't the evaporation of site local addressing a pain?). There may be something to be said for a hypothesis that suggests that, for some carriers at least, IPv6 will be the writing on the wall when it comes to the easy days of making a buck on the Internet. All of those issues aside, it's hard for a small time developer, like open source programmers tend to be, to set up a simulation network to really do appropriate dev and testing. That's the real trick. No one is writing code that does more with IPv6 than it does with v4. It's not like anyone is writing software that does a/b/c with v4, but d/e/f works fully under v6, and only in a limited fashion in v4. People just don't see the point of writing features that only 2% of geeks use, let alone the general population. And developers worry that if they tell customers they have to deploy IPv6 to run their software at its full feature set then customers/users might look elsewhere. As a developer, you're better off taking the easy road: make sure it opens a :: socket and can handle responses from DNS, and nothing more. There is no use coding in that cool QoS variable rate stuff, because no-one wants to use it and you can't test it. It only will really become meaningful when it becomes the default option from the major ISPs and carriers for the carriage of IP traffic. And even then I would suspect that for the most part, end-users will be able to choose to be shielded from the intricacies of IPv6. End-users for the most part use domain names so this wouldn't change. But those nasty BIND4 servers out there need to go... And any NT4 DNS servers, but if you're still running NT you deserve what you get. Anyone know if Netware 4 supports IPv6? Even in the briefest look around, you will realise how far away real-world adoption really is. Most configuration dialogues and web forms today still try to parse/display an IP address as a dotted quad (eg 1.2.3.4). That is, they
Re: [SLUG] IPv6
There are some really good thoughts here.As Christopher rightly points out IPv6 has built-in a lot of the features that have been hacks we have added on to IPv41. Lots of address space to waste - NAT not required. 2. Built in security (IPSEC) and Quality of Service at the IP level.3. Mobility so you can connect via your home IP address. The thing is, I think we have grown comfortable with the hacks and maybe the business drivers haven't materialised for it yet. For instance, my story about an IP address in every light-bulb might seem far-fetched at the moment. But closer to reality might be an IP address for every mobile phone. It even makes sense - to be able to send and receive IP traffic to the same address no matter where am. The problem is that for mobile data services, you pay for traffic you both send and receive. And if your phone's IP address is just out there for some one to push traffic to you could be quite vulnerable. So the current method of pulling IP traffic from your, and hence just using a NATted (or at least non-associated address) makes more sense from a business point of view. So while from a utopian and ubiquitous connectivity point of view IPv6 mobile-IP makes perfect sense - unless bandwidth is free then it doesn't add much value on what we already have. Also as far as government mandates are concerned, which Howard mentioned, unfortunately I have seen this fall in a big heap once before. There was a huge big, quite mature and technical quite good protocol stack called OSI (Open Systems Interconnect) that was developed by the commitees of the ITU. It was promoted very strongly by all and sundry and I think USA, UK and even Oz governments all launched programs called something like GOSIP (government OSI profile). These all had various timeframes for adoption. But unfortunately (for OSI) a grass-roots (and truly open) stack known as TCP/IP came to public knowledge in the early 90's and the rest (as they say) is history. I do come across OSI protocols now and then but you won't find many proponents of it. (Actually he biggest problem with OSI was it's cost. It was nearly impossible to find free protocol stacks. And this was because the standards and specification were all copyrighted by the ITU and had to be purchased. Therefore no self-respecting open-source hackers or academics were going to touch it. The IETF and the free nature of RFCs etc to my mind is prime driver for the wonderful spread of internet and it's releated technologies). I did a little googling for ipv6 us government mandate and there is stuff there - but not much. http://www.wcsr.com/default.asp?id=114objId=181 reports that only slow progress is being made. Also the mandate at this stage seems to be only at the very core of the networks. My guess is that most will just be doing the bare IPv4 inside of IPv6 tunnelling that is required. This will be not much different from say what is happening with the core of ISPs transition from ATM to MPLS that has been happening over the last 5 years or so. This sort of thing has been totally transparent to end users (apart from some marketing from the carriers on their next generation MPLS networks.) But despite my nay-saying I still think we should be encouraging customers and suppliers to examine the future and at least make it available for our evaluation, as Christopher has suggested. It probably is about time I rattled by ISPs chain so I might do that. (Actually an area that I think you should really hassle them about is proper IP multicast and end-to-end quality of service. That way things like IP streaming of multimedia would actually work properly, and without having to either duplicate the same streams a gazillion times. The only problem is that it probably requires your ISP to talk to their upstream provider into providing the same service (and so on). This is probably a difficult thing) Enough musings for now, regards Martin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6
Also for a positive slant on where Australia might be headed for with IPv6 there appears be even a summit - http://www.isoc-au.org.au/ipv6summit/ Papers from last years summit are available here http://www.isoc-au.org.au/ipv6summit05/abstracts.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6
$quoted_author = Howard Lowndes ; I seem to recall reading somewhere that some major US agencies - I think one was DoD - are mandating that their systems change over in 2008, so I think the urgency might be nearer than you predict. i think you will find that they are mandating _support_ for IPv6 which is quite seperate to the _use_ of IPv6. what we need to see is that everything in the core of networks can handle IPv6 by the time everything at the edge can use it. only once people are convinced that services won't be broken will they host them on IPv6 space. this is easier to do within networks where the environment is known. can you imagine how long it's going to take before major public websites are hosted on IPv6 space?!? cheers marty -- IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6
On 08/10/2006, at 06:25 , Howard Lowndes wrote: I seem to recall reading somewhere that some major US agencies - I think one was DoD - are mandating that their systems change over in 2008, so I think the urgency might be nearer than you predict. Well, there was also a mandate to switch from TCP/IP to OSI... http://findarticles.com/p/articles/mi_m0SMG/is_n1_v8/ai_6281886 If there were any remaining doubts about the future success of computer network protocols based on the Open Systems Interconnection model, a 1987 letter from the Department of Defense to all services Perhaps I'm crazy but my money's still on TCP. If the DoD switches all their systems to IPv6 it might make more suppliers support it, but OS/firmware support is not really what's lacking. Linux has had IPv6 for years and how many people use it? -- Martin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6
Howard,While in some respect, I share your sentiments (in wanting to get people to think about the move to IPv6) I still think you are way too early. I have been doing network designs and consulting for a the very biggest corporate and government bodies for the last 18 years or so. I have been watching IPv6 as it began its gestation about 10-12 years ago. But guess what - I see almost *no* interest from even the largest of end-user enterprises. Only large software (read Microsoft) and networking companies (read Cisco) have made any sort of effort to promote. While it is built into the core of most current OSes and the higher-end network equipment - that really is about it. It only will really become meaningful when it becomes the default option from the major ISPs and carriers for the carriage of IP traffic. And even then I would suspect that for the most part, end-users will be able to choose to be shielded from the intricacies of IPv6. Even in the briefest look around, you will realise how far away real-world adoption really is. Most configuration dialogues and web forms today still try to parse/display an IP address as a dotted quad (eg 1.2.3.4). That is, they ignore the IPv6 format of IP addresses. The other simple matter is that I would wager that if you took 10 experienced (10+ years) network engineers and ask them about IPv6 and what it is about and have they even played with it, 9 of them would probably have told you about the huge new size of the address space, but the need for it has been pretty well removed with private IP address space ( 10.x.x.x etc) and NAT, and no they haven't played with it. IMHO it really still is only of real interest to propeller heads (myself included).On the other hand I do believe it will come into play at some stage (because as Vint Cerf once said - every light buld will need an IP address in the future) but my current hunch is that it might be at least 5 years before any credible moves need to be made (by us end users). I'm happy to be contradicted.Regards, MartinOn 10/5/06, Howard Lowndes [EMAIL PROTECTED] wrote:I'm thinking that its about time I started thinking about planning for IPv4 to IPv6 transitions for my SMB clients.What knowledge base is there out there, esp. any Been there, Done that,Got the {T shirt|Scars} to prove it.--Howard.LANNet Computing Associates - Your Linux people http://lannetlinux.comWhen you want a computer system that works, just choose Linux;When you want a computer system that works, just, choose Microsoft.--Flatter government, not fatter government; abolish the Australian states. --SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Regards, MartinMartin Visser -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6
Hi Martin, While in some respect, I share your sentiments (in wanting to get people to think about the move to IPv6) I still think you are way too early. I have been doing network designs and consulting for a the very biggest corporate and government bodies for the last 18 years or so. I have been watching IPv6 as it began its gestation about 10-12 years ago. But guess what - I see almost *no* interest from even the largest of end-user enterprises. Only large software (read Microsoft) and networking companies (read Cisco) have made any sort of effort to promote. While it is built into the core of most current OSes and the higher-end network equipment - that really is about it. I did a quick Google in an attempt to find the benefits that IPv6 has over IPv4. There does not seem to be a killer app for IPv6. The thing that impressed me is the ability for a IPv6 node to be mobile and maybe with the prevalence of wireless ISPs IPv6 will become a reality. I also read that IPv6 is more efficient to route, so what does that mean in percentage terms? Do you think it will be a good idea to start IPv6 networks from the ground up, instead of starting with IPv4 and upgrading to IPv6? It only will really become meaningful when it becomes the default option from the major ISPs and carriers for the carriage of IP traffic. And even then I would suspect that for the most part, end-users will be able to choose to be shielded from the intricacies of IPv6. End-users for the most part use domain names so this wouldn't change. Even in the briefest look around, you will realise how far away real-world adoption really is. Most configuration dialogues and web forms today still try to parse/display an IP address as a dotted quad (eg 1.2.3.4). That is, they ignore the IPv6 format of IP addresses. The other simple matter is that I would wager that if you took 10 experienced (10+ years) network engineers and ask them about IPv6 and what it is about and have they even played with it, 9 of them would probably have told you about the huge new size of the address space, but the need for it has been pretty well removed with private IP address space (10.x.x.x etc) and NAT, and no they haven't played with it. IMHO it really still is only of real interest to propeller heads (myself included). From what I read, IPv6 has been rethought and re-engineered so that it just works a lot better. On the other hand I do believe it will come into play at some stage (because as Vint Cerf once said - every light buld will need an IP address in the future) but my current hunch is that it might be at least 5 years before any credible moves need to be made (by us end users). Maybe ubiquitous wireless mesh networks might do the trick... I'm happy to be contradicted. I'm not really contradicting, just wanted some peoples thoughts on the matter, because I have been ignorant. Regards Joseph -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6
Anand Kumria wrote: On Mon, Dec 19, 2005 at 10:30:43PM +1100, Visser, Martin wrote: Anand Kumria wrote :- The site-local prefix (fe80) has been deprecated (rfc3879), instead you want IPv6 local addresses (rfc4193) which you can self-generate with tools such as: http://www.hznet.de/tools/generate-uniq-local-ipv6-unicast-addr.sh Hmm, I dropped off the IETF announce lists a few years ago so I have missed this fairly significant change. One thing I noticed though was that this script doesn't comply with the mentioned RFC. I am guessing it may have been written against an earlier draft (yep, the script says Sept. 2004). Hmm, I thought I had updated the URL before I sent out my email. Anyway, http://www.hznet.de/tools/generate-rfc4193-addr.sh is one which seems to comply with the RFC. It might be worthwhile checking this as throughly as you have the last one though. While it creates a pseudo-random address, a few problems I see are that it uses FD00::/8 as the prefix (instead of FC00::/7 which means it only tries to use half of the available space) and MD5 instead of SHA1 as the No! This is what RFC 4193 call a locally assigned uniq ipv6 unicast address. In one of the former drafts the addresses with an L bit set to 0 are called globally assigned local ipv6 unicast addresses. Currently these are not defined (See Chapter 3.2). digest/randomizer. I know I am pedantic but one of the assumptions in this RFC (section 3.2.1) is that all generators of locally assigned global IDs use the same algorithm. Holger, it is probably worthwhile if you generate a 303 - See other response if someone tries to access the earlier shell script. Yes, done and thank you for the hint. Regards, Anand Greets Holger -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6
On Mon, Dec 19, 2005 at 10:30:43PM +1100, Visser, Martin wrote: Anand Kumria wrote :- The site-local prefix (fe80) has been deprecated (rfc3879), instead you want IPv6 local addresses (rfc4193) which you can self-generate with tools such as: http://www.hznet.de/tools/generate-uniq-local-ipv6-unicast-addr.sh Hmm, I dropped off the IETF announce lists a few years ago so I have missed this fairly significant change. One thing I noticed though was that this script doesn't comply with the mentioned RFC. I am guessing it may have been written against an earlier draft (yep, the script says Sept. 2004). Hmm, I thought I had updated the URL before I sent out my email. Anyway, http://www.hznet.de/tools/generate-rfc4193-addr.sh is one which seems to comply with the RFC. It might be worthwhile checking this as throughly as you have the last one though. While it creates a pseudo-random address, a few problems I see are that it uses FD00::/8 as the prefix (instead of FC00::/7 which means it only tries to use half of the available space) and MD5 instead of SHA1 as the digest/randomizer. I know I am pedantic but one of the assumptions in this RFC (section 3.2.1) is that all generators of locally assigned global IDs use the same algorithm. Holger, it is probably worthwhile if you generate a 303 - See other response if someone tries to access the earlier shell script. Regards, Anand -- `When any government, or any church for that matter, undertakes to say to its subjects, This you may not read, this you must not see, this you are forbidden to know, the end result is tyranny and oppression no matter how holy the motives' -- Robert A Heinlein, If this goes on -- signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
RE: [SLUG] ipv6
Anand Kumria wrote :- The site-local prefix (fe80) has been deprecated (rfc3879), instead you want IPv6 local addresses (rfc4193) which you can self-generate with tools such as: http://www.hznet.de/tools/generate-uniq-local-ipv6-unicast-addr.sh Hmm, I dropped off the IETF announce lists a few years ago so I have missed this fairly significant change. One thing I noticed though was that this script doesn't comply with the mentioned RFC. I am guessing it may have been written against an earlier draft (yep, the script says Sept. 2004). While it creates a pseudo-random address, a few problems I see are that it uses FD00::/8 as the prefix (instead of FC00::/7 which means it only tries to use half of the available space) and MD5 instead of SHA1 as the digest/randomizer. I know I am pedantic but one of the assumptions in this RFC (section 3.2.1) is that all generators of locally assigned global IDs use the same algorithm. It seems like it might be useful for me (or someone) to create an up-to-date version of this script over the Christmas break! Regards, Martin Martin Visser, CISSP Network and Security Consultant Consulting Integration Technology Solutions Group - HP Services 410 Concord Road Rhodes NSW 2138 Australia Mobile: +61-411-254-513 Fax: +61-2-9022-1800 E-mail: martin.visserAThp.com This email (including any attachments) is intended only for the use of the individual or entity named above and may contain information that is confidential, proprietary or privileged. If you are not the intended recipient, please notify HP immediately by return email and then delete the email, destroy any printed copy and do not disclose or use the information in it. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6
On Sun, Dec 18, 2005 at 03:08:14PM +1100, Anand Kumria wrote: On Fri, Dec 16, 2005 at 09:12:26AM +1100, Alexander Samad wrote: On Fri, Dec 16, 2005 at 01:00:32AM +1100, Anand Kumria wrote: On Tue, Dec 13, 2005 at 03:37:09PM +1100, Alexander Samad wrote: I also have 2 internet connections (1 static and 1 dynamic), I onyl use the ip6to4 addressing schema, which is a pain for the dhcp internet address cause I have to make changes to my internet dns, if memory serves me correctly you get a If you have a static IPv4 address you can use either the AARNet IPv6 tunnel broker (reasonably okay) or 6to4 address (tends to have higher latency due to dog-leg routing). If you have a dynamic IPv4 you really want to be using the AARNet IPv6 broker. I have a bunch of script run to update dyndns, ipsec and a few other things, so just tacked on a bit to update the ipv6 address associated with the dynamic Well, that means that your IPv6 prefix is being updated each time you get a new address. There is lots of pain associated with that (renumbering is easier with IPv6 but on-the-fly router renumbering is still being worked out). Yep, but I use it only for out bound, the static is my inbound one, it was a challenge to be done at the time. The site-local prefix (fe80) has been deprecated (rfc3879), instead you want IPv6 local addresses (rfc4193) which you can self-generate with tools such as: http://www.hznet.de/tools/generate-uniq-local-ipv6-unicast-addr.sh So much reading to do and so little time, just to save me time reading the rfc's can I still use those address, i will get around to it, but haven't had a need to follow up in ipv6, but maybe now I do 8) Basically: RFC3330 (or RFC1918) specifies a number of 'private use' IPv4 addresses: 10.0.0.0/8, 172.16.0.0/16 and 192.168.0.0/16 Strangely enough most people and organisations that deploy private-use IPv4 address tend to pick the same ones (so 192.168.0.0/24 and 192.168.1.0/24 are very common). If you then have to connect two 192.168.1.0/24 networks together you end up having to do double-NAT and installing lots of 'funky' routes in various routers. There are a lot of other issues (described in RFC3879) as well, so the solution is to allow people to generate their own prefix but which isn't routed. So long as the generated prefix is unique, you can then connect two (or more) 'private use' IPv6 networks together without having to worry about address collision. The shell script just generates an address prefix for you to use. Understand I routing my encapsulated traffic via ::192.231.212.5 (aus 4to6 gateway) and via the ::192.88.99.1 which is defined as a 4to6 gateway which is mean to be provided by your isp You mean 6to4, however the 6to4 anycast address (::192.88.99.1) is normally provided by the topologically closest network -- at the moment that is switzerland as neither AARNet nor Telstra advertise reachability of their 6to4 service. yep, I found one through japan as well, I use it as a fall back Think about it. The one in Japan (I'm assuming you are talking about kddilab.6to4.jp) _is_ advertising itself via anycast. Sorry I think I have thrown a spanner in here, at some point in time when I was setting this up, the ::192.88.99.1 address resolved to an address in japan, not switzerland. The ping times to swit was around 400ms and the japan one was around 200ms, so right now I have 2 with metrics attached, 1 goes to 192.231.212.5 with is ~12ms and the second goes to ::192.88.99.1. Its been working, haven't bothered to play with it for a while. But looks like there has been some changes worth my time again. The fact that you aren't using it when you use 192.88.99.1 means that it is topologically closer to route via switzerland than japan. Picking that one means you are increasing your own latency. Sounds like you have been playing with it for while ? Yes for work or fun Both What is the work angle, if you can discuss or off line or Just interested to see what is happening in the real work world with ipv6 Regards, Anand signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6
On Fri, Dec 16, 2005 at 09:12:26AM +1100, Alexander Samad wrote: On Fri, Dec 16, 2005 at 01:00:32AM +1100, Anand Kumria wrote: On Tue, Dec 13, 2005 at 03:37:09PM +1100, Alexander Samad wrote: I also have 2 internet connections (1 static and 1 dynamic), I onyl use the ip6to4 addressing schema, which is a pain for the dhcp internet address cause I have to make changes to my internet dns, if memory serves me correctly you get a If you have a static IPv4 address you can use either the AARNet IPv6 tunnel broker (reasonably okay) or 6to4 address (tends to have higher latency due to dog-leg routing). If you have a dynamic IPv4 you really want to be using the AARNet IPv6 broker. I have a bunch of script run to update dyndns, ipsec and a few other things, so just tacked on a bit to update the ipv6 address associated with the dynamic Well, that means that your IPv6 prefix is being updated each time you get a new address. There is lots of pain associated with that (renumbering is easier with IPv6 but on-the-fly router renumbering is still being worked out). The site-local prefix (fe80) has been deprecated (rfc3879), instead you want IPv6 local addresses (rfc4193) which you can self-generate with tools such as: http://www.hznet.de/tools/generate-uniq-local-ipv6-unicast-addr.sh So much reading to do and so little time, just to save me time reading the rfc's can I still use those address, i will get around to it, but haven't had a need to follow up in ipv6, but maybe now I do 8) Basically: RFC3330 (or RFC1918) specifies a number of 'private use' IPv4 addresses: 10.0.0.0/8, 172.16.0.0/16 and 192.168.0.0/16 Strangely enough most people and organisations that deploy private-use IPv4 address tend to pick the same ones (so 192.168.0.0/24 and 192.168.1.0/24 are very common). If you then have to connect two 192.168.1.0/24 networks together you end up having to do double-NAT and installing lots of 'funky' routes in various routers. There are a lot of other issues (described in RFC3879) as well, so the solution is to allow people to generate their own prefix but which isn't routed. So long as the generated prefix is unique, you can then connect two (or more) 'private use' IPv6 networks together without having to worry about address collision. The shell script just generates an address prefix for you to use. I routing my encapsulated traffic via ::192.231.212.5 (aus 4to6 gateway) and via the ::192.88.99.1 which is defined as a 4to6 gateway which is mean to be provided by your isp You mean 6to4, however the 6to4 anycast address (::192.88.99.1) is normally provided by the topologically closest network -- at the moment that is switzerland as neither AARNet nor Telstra advertise reachability of their 6to4 service. yep, I found one through japan as well, I use it as a fall back Think about it. The one in Japan (I'm assuming you are talking about kddilab.6to4.jp) _is_ advertising itself via anycast. The fact that you aren't using it when you use 192.88.99.1 means that it is topologically closer to route via switzerland than japan. Picking that one means you are increasing your own latency. Sounds like you have been playing with it for while ? Yes for work or fun Both Regards, Anand -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6
On Tue, Dec 13, 2005 at 02:03:29PM +1100, Dean Hamstead wrote: im not sure if this is a chat topic or not nah but anyway, is anyone here using ipv6? yes, in fact progsoc -- where slug.org.au is hosted -- is also using IP6. While you can ping6 the slug box on 2001:388:c152:7::4 alas the webserver is not listening via IPv6. i can just about guarentee that the linksys router, belkin and apple waps are also not ipv6 compatable Some linksys routers are, for example, http://www.research.earthlink.net/ipv6/ have an image for a WRT54G router that basically autoconfigures everything. so, like i was saying. id like to hear from anyone running it at home or work etc (or using ?6bone?) especially with off the shelf appliance style hardware. Since my work is my home, I'm running it at both places. Anand -- `When any government, or any church for that matter, undertakes to say to its subjects, This you may not read, this you must not see, this you are forbidden to know, the end result is tyranny and oppression no matter how holy the motives' -- Robert A Heinlein, If this goes on -- -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6
On Tue, Dec 13, 2005 at 03:37:09PM +1100, Alexander Samad wrote: I also have 2 internet connections (1 static and 1 dynamic), I onyl use the ip6to4 addressing schema, which is a pain for the dhcp internet address cause I have to make changes to my internet dns, if memory serves me correctly you get a If you have a static IPv4 address you can use either the AARNet IPv6 tunnel broker (reasonably okay) or 6to4 address (tends to have higher latency due to dog-leg routing). If you have a dynamic IPv4 you really want to be using the AARNet IPv6 broker. One advantage 6to4 address has is that you can get your reverse DNS setup (http://6to4.nro.net). /64 on the 6to4 address space to chop up how you want internally, also using fe80 for site addressing so I can use these addresses with out worring about the changing dhcp address and therefor a changing 6to4 address The site-local prefix (fe80) has been deprecated (rfc3879), instead you want IPv6 local addresses (rfc4193) which you can self-generate with tools such as: http://www.hznet.de/tools/generate-uniq-local-ipv6-unicast-addr.sh I routing my encapsulated traffic via ::192.231.212.5 (aus 4to6 gateway) and via the ::192.88.99.1 which is defined as a 4to6 gateway which is mean to be provided by your isp You mean 6to4, however the 6to4 anycast address (::192.88.99.1) is normally provided by the topologically closest network -- at the moment that is switzerland as neither AARNet nor Telstra advertise reachability of their 6to4 service. had some fun setting it up and ip6tables, but now I have it running haven't played with it in a while. Setup my proxy pack to try ipv6 addresses first for some sites Which proxy are you using? I was under the impression that Squid was fundamentally broken w.r.t IPv6 -- I'm been meaning to look at Apache2 mod_proxy but, on my laptop, I'm using polipo with some success. Anand -- `When any government, or any church for that matter, undertakes to say to its subjects, This you may not read, this you must not see, this you are forbidden to know, the end result is tyranny and oppression no matter how holy the motives' -- Robert A Heinlein, If this goes on -- signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6
On Fri, Dec 16, 2005 at 01:00:32AM +1100, Anand Kumria wrote: On Tue, Dec 13, 2005 at 03:37:09PM +1100, Alexander Samad wrote: I also have 2 internet connections (1 static and 1 dynamic), I onyl use the ip6to4 addressing schema, which is a pain for the dhcp internet address cause I have to make changes to my internet dns, if memory serves me correctly you get a If you have a static IPv4 address you can use either the AARNet IPv6 tunnel broker (reasonably okay) or 6to4 address (tends to have higher latency due to dog-leg routing). If you have a dynamic IPv4 you really want to be using the AARNet IPv6 broker. I have a bunch of script run to update dyndns, ipsec and a few other things, so just tacked on a bit to update the ipv6 address associated with the dynamic One advantage 6to4 address has is that you can get your reverse DNS setup (http://6to4.nro.net). /64 on the 6to4 address space to chop up how you want internally, also using fe80 for site addressing so I can use these addresses with out worring about the changing dhcp address and therefor a changing 6to4 address The site-local prefix (fe80) has been deprecated (rfc3879), instead you want IPv6 local addresses (rfc4193) which you can self-generate with tools such as: http://www.hznet.de/tools/generate-uniq-local-ipv6-unicast-addr.sh So much reading to do and so little time, just to save me time reading the rfc's can I still use those address, i will get around to it, but haven't had a need to follow up in ipv6, but maybe now I do 8) I routing my encapsulated traffic via ::192.231.212.5 (aus 4to6 gateway) and via the ::192.88.99.1 which is defined as a 4to6 gateway which is mean to be provided by your isp You mean 6to4, however the 6to4 anycast address (::192.88.99.1) is normally provided by the topologically closest network -- at the moment that is switzerland as neither AARNet nor Telstra advertise reachability of their 6to4 service. yep, I found one through japan as well, I use it as a fall back had some fun setting it up and ip6tables, but now I have it running haven't played with it in a while. Setup my proxy pack to try ipv6 addresses first for some sites Which proxy are you using? I was under the impression that Squid was fundamentally broken w.r.t IPv6 -- I'm been meaning to look at Apache2 mod_proxy but, on my laptop, I'm using polipo with some success. Proxy pac tell my browser to by pass for certain ipv6 address, just to make sure it was working and all that Anand Sounds like you have been playing with it for while ? for work or fun -- `When any government, or any church for that matter, undertakes to say to its subjects, This you may not read, this you must not see, this you are forbidden to know, the end result is tyranny and oppression no matter how holy the motives' -- Robert A Heinlein, If this goes on -- -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6
On Tue, Dec 13, 2005 at 04:25:15PM +1100, Dean Hamstead wrote: how do applications seem to react? most programs seem very 'ipv4' hardcoded. especially in windows, but in general to programs seem to accept ip6 addresses? I just use names and let dns handle it, if its a ipv6 aware app, then it will make a ipv6 connection first then fall back to ipv4. lot of the main tools are aware, X ssh exim apache like I said I did it for a bit of interest but now its in place its just there Dean Alexander Samad wrote: On Tue, Dec 13, 2005 at 02:03:29PM +1100, Dean Hamstead wrote: im not sure if this is a chat topic or not but anyway, is anyone here using ipv6? im thinking of using it here at home for curiosities sake. im running debian and freebsd so they are ready. macosx and xp (for the parents and kids etc) are also ipv6 ready. i can just about guarentee that the linksys router, belkin and apple waps are also not ipv6 compatable so, like i was saying. id like to hear from anyone running it at home or work etc (or using ?6bone?) especially with off the shelf appliance style hardware. I am running at home just to play with, but I have 3 networks hanging off the firewall, lan, wan and a firewire (again more playing), I run ipv6 on all of them. I also have 2 internet connections (1 static and 1 dynamic), I onyl use the ip6to4 addressing schema, which is a pain for the dhcp internet address cause I have to make changes to my internet dns, if memory serves me correctly you get a /64 on the 6to4 address space to chop up how you want internally, also using fe80 for site addressing so I can use these addresses with out worring about the changing dhcp address and therefor a changing 6to4 address I routing my encapsulated traffic via ::192.231.212.5 (aus 4to6 gateway) and via the ::192.88.99.1 which is defined as a 4to6 gateway which is mean to be provided by your isp had some fun setting it up and ip6tables, but now I have it running haven't played with it in a while. Setup my proxy pack to try ipv6 addresses first for some sites Dean -- WWW: http://deanpatrick.tk LAN: http://www.bong.com.au EMAIL: [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- WWW: http://deanpatrick.tk LAN: http://www.bong.com.au EMAIL: [EMAIL PROTECTED] signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6
Dean == Dean Hamstead [EMAIL PROTECTED] writes: Dean im not sure if this is a chat topic or not but anyway, is anyone Dean here using ipv6? im thinking of using it here at home for Dean curiosities sake. im running debian and freebsd so they are Dean ready. macosx and xp (for the parents and kids etc) are also Dean ipv6 ready. I'm using it, using the AARNET tunnel broker ... providing your firewall/router can be made to pass protocol 41, you can use the IPv4 connectivity to the ourtside world, and everything is fine. The WAPs I've used are fine --- they just act as ethernet bridges (I'm using one from Linksys; it doesn't talk IPv6 but bridges it in ethernet packets just fine). Dean i can just about guarentee that the linksys router, belkin and Dean apple waps are also not ipv6 compatable -- Dr Peter Chubb http://www.gelato.unsw.edu.au peterc AT gelato.unsw.edu.au http://www.ertos.nicta.com.au ERTOS within National ICT Australia -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6
what have you done in terms of ip addressing? Dean Peter Chubb wrote: Dean == Dean Hamstead [EMAIL PROTECTED] writes: Dean im not sure if this is a chat topic or not but anyway, is anyone Dean here using ipv6? im thinking of using it here at home for Dean curiosities sake. im running debian and freebsd so they are Dean ready. macosx and xp (for the parents and kids etc) are also Dean ipv6 ready. I'm using it, using the AARNET tunnel broker ... providing your firewall/router can be made to pass protocol 41, you can use the IPv4 connectivity to the ourtside world, and everything is fine. The WAPs I've used are fine --- they just act as ethernet bridges (I'm using one from Linksys; it doesn't talk IPv6 but bridges it in ethernet packets just fine). Dean i can just about guarentee that the linksys router, belkin and Dean apple waps are also not ipv6 compatable -- WWW: http://deanpatrick.tk LAN: http://www.bong.com.au EMAIL: [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6
On Tue, Dec 13, 2005 at 02:03:29PM +1100, Dean Hamstead wrote: im not sure if this is a chat topic or not but anyway, is anyone here using ipv6? im thinking of using it here at home for curiosities sake. im running debian and freebsd so they are ready. macosx and xp (for the parents and kids etc) are also ipv6 ready. i can just about guarentee that the linksys router, belkin and apple waps are also not ipv6 compatable so, like i was saying. id like to hear from anyone running it at home or work etc (or using ?6bone?) especially with off the shelf appliance style hardware. I am running at home just to play with, but I have 3 networks hanging off the firewall, lan, wan and a firewire (again more playing), I run ipv6 on all of them. I also have 2 internet connections (1 static and 1 dynamic), I onyl use the ip6to4 addressing schema, which is a pain for the dhcp internet address cause I have to make changes to my internet dns, if memory serves me correctly you get a /64 on the 6to4 address space to chop up how you want internally, also using fe80 for site addressing so I can use these addresses with out worring about the changing dhcp address and therefor a changing 6to4 address I routing my encapsulated traffic via ::192.231.212.5 (aus 4to6 gateway) and via the ::192.88.99.1 which is defined as a 4to6 gateway which is mean to be provided by your isp had some fun setting it up and ip6tables, but now I have it running haven't played with it in a while. Setup my proxy pack to try ipv6 addresses first for some sites Dean -- WWW: http://deanpatrick.tk LAN: http://www.bong.com.au EMAIL: [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ipv6
how do applications seem to react? most programs seem very 'ipv4' hardcoded. especially in windows, but in general to programs seem to accept ip6 addresses? Dean Alexander Samad wrote: On Tue, Dec 13, 2005 at 02:03:29PM +1100, Dean Hamstead wrote: im not sure if this is a chat topic or not but anyway, is anyone here using ipv6? im thinking of using it here at home for curiosities sake. im running debian and freebsd so they are ready. macosx and xp (for the parents and kids etc) are also ipv6 ready. i can just about guarentee that the linksys router, belkin and apple waps are also not ipv6 compatable so, like i was saying. id like to hear from anyone running it at home or work etc (or using ?6bone?) especially with off the shelf appliance style hardware. I am running at home just to play with, but I have 3 networks hanging off the firewall, lan, wan and a firewire (again more playing), I run ipv6 on all of them. I also have 2 internet connections (1 static and 1 dynamic), I onyl use the ip6to4 addressing schema, which is a pain for the dhcp internet address cause I have to make changes to my internet dns, if memory serves me correctly you get a /64 on the 6to4 address space to chop up how you want internally, also using fe80 for site addressing so I can use these addresses with out worring about the changing dhcp address and therefor a changing 6to4 address I routing my encapsulated traffic via ::192.231.212.5 (aus 4to6 gateway) and via the ::192.88.99.1 which is defined as a 4to6 gateway which is mean to be provided by your isp had some fun setting it up and ip6tables, but now I have it running haven't played with it in a while. Setup my proxy pack to try ipv6 addresses first for some sites Dean -- WWW: http://deanpatrick.tk LAN: http://www.bong.com.au EMAIL: [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- WWW: http://deanpatrick.tk LAN: http://www.bong.com.au EMAIL: [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html