After waiting years for my ISP to introduce native IPv6 to his clients, which still hasn't happened, I decided to enable IPv6 in my home LAN via Hurricane Electric's Tunnel Broker service. The setup was quite easy:
First, I registered for their service, which only took a few minutes and then registered a new "regular" tunnel. HE offers you a number of tunnel endpoints in several countries on three continents and you should pay attention to choose the one with the lowest latency to your v4 IP (they offer a check for this).
After you successfully registered your tunnel, the party begins. You are now able to set up the tunnel on your Debian/Ubuntu/Voyage Linux router (you get all the information you need from the tunnel details page at Tunnelbroker). To add the tunnel to your config, add
auto hev6tunnel
iface hev6tunnel inet6 v4tunnel
endpoint 216.66.84.46 # this is the amsterdam endpoint. change it to your endpoint
address 2001:your:tunnel:prefix::2 # beware, you get assigned two prefixes from HE, a tunnel prefix and a route prefix
netmask 64
ttl 255 # this makes traceroute work
up ip -6 route add default dev hev6tunnel
down ip -6 route del default dev hev6tunnel
to your /etc/network/interfaces. If you now ifup hev6tunnel your IPv6 tunnel, you should already be able to ping IPv6 destinations:
ping6 ipv6.google.com -n -c 3 PING ipv6.google.com(2a00:1450:4016:800::1010) 56 data bytes 64 bytes from 2a00:1450:4016:800::1010: icmp_seq=1 ttl=56 time=33.6 ms 64 bytes from 2a00:1450:4016:800::1010: icmp_seq=2 ttl=56 time=33.3 ms 64 bytes from 2a00:1450:4016:800::1010: icmp_seq=3 ttl=56 time=34.1 ms --- ipv6.google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 33.326/33.708/34.110/0.320 ms
If it doesn't work, you may have to register your tunnel endpoint at HE: curl "https://ipv4.tunnelbroker.net/nic/update?username=youruser&password=yourpassword&hostname=yourtunnelid". To persist this, you should add the call to your PPP interface configuration:
auto dsl-provider iface dsl-provider inet ppp pre-up /sbin/ifconfig eth0 up provider dsl-provider post-up curl "https://ipv4.tunnelbroker.net/nic/update?username=youruser&password=yourpassword&hostname=yourtunnelid"
Before bringing up the route to your LAN, it's time to configure your firewall. IPv6 doesn't know NAT, instead all your clients get assigned a routed IP. So to let your experiment not end in a disaster, you should filter all traffic before enabling the routed network. The easiest way is to get Fabio Baltieri's IPv6 Firewall, change WAN to hev6tunnel and adjust LAN and WLAN to whatever matches your configuration.
After that you extend your tunnel config to look like this:
auto hev6tunnel
iface hev6tunnel inet6 v4tunnel
endpoint 216.66.84.46 # this is the amsterdam endpoint. change it to your endpoint
address 2001:your:tunnel:prefix::2 # beware, you get assigned two prefixes from HE, a tunnel prefix and a route prefix
netmask 64
up ip -6 route add default dev hev6tunnel
up ip -6 addr add 2001:your:tunnel:prefix::1/64 dev eth1 # beware, you get assigned two prefixes from HE, a tunnel prefix and a route prefix
down ip -6 route del default dev hev6tunnel
down ip -6 addr del 2001:your:tunnel:prefix::1/64 dev eth1 # beware, you get assigned two prefixes from HE, a tunnel prefix and a route prefix
post-up /etc/init.d/rc.firewall6 start
post-down /etc/init.d/rc.firewall6 stop
You can check if it works by bringing the tunnel down and back up again: ifdown hev6tunnel; ifup hev6tunnel. The output of ip6tables -L -n should look similar to this:
Chain INPUT (policy DROP) target prot opt source destination ACCEPT all ::/0 ::/0 ACCEPT all ::/0 ::/0 ACCEPT tcp ::/0 ::/0 tcp dpt:22 ACCEPT icmpv6 ::/0 ::/0 ACCEPT all ::/0 ::/0 state RELATED,ESTABLISHED Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all ::/0 ::/0 ACCEPT tcp ::/0 ::/0 tcp dpt:22 ACCEPT icmpv6 ::/0 ::/0 ACCEPT all ::/0 ::/0 state RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination
Now you are ready to enable the routed network without harming your unpatched computers, smartphones and tablets. To do this, enable your routed prefix on your internal network interface:
iface eth1 inet6 static
address 2001:your:route:prefix::2
netmask 64
ifdown eth1; ifup eth1 to enable it. To advertise the routes to your clients using NDP install radvd with apt-get install radvd and configure it in /etc/radvd.conf to advertise your route:
interface eth1
{
AdvSendAdvert on;
prefix 2001:your:route:prefix::2/64
{
AdvOnLink on;
AdvAutonomous on;
};
};
A few seconds later, your clients should start bringing up IPv6 addresses on their interfaces. ifconfig | grep inet6 sould output something like this:
inet6 addr: ::1/128 Scope:Host inet6 addr: 2001:your:route:prefix:your:local::address/64 Scope:Global inet6 addr: a::b:c:d:e/64 Scope:Link inet6 addr: 2001:your:route:prefix:your:temporary:local:address/64 Scope:Global
To get to know what this temporary addresses are, please read about the IPv6 Privacy Extension.
Now you should be able to ping IPv6 destinations from your local machine:
ping6 ipv6.google.com -n -c 3 PING ipv6.google.com(2a00:1450:4016:801::1010) 56 data bytes 64 bytes from 2a00:1450:4016:801::1010: icmp_seq=1 ttl=55 time=31.9 ms 64 bytes from 2a00:1450:4016:801::1010: icmp_seq=2 ttl=55 time=31.3 ms 64 bytes from 2a00:1450:4016:801::1010: icmp_seq=3 ttl=55 time=32.5 ms --- ipv6.google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 31.361/31.955/32.539/0.502 ms
If this also works, you should see the dancing turtle, be able to SSH to your local machine from some remote location etc.
Normally your tunnelled IPv6 connection should not have much less bandwidth than your native IPv4 connection, which you can check for example on http://ipv6-test.com/speedtest/. If you do, you should try lowering the MTU in our tunnel's advanced configuration settings on the Tunnel Broker website.
Update
People were asking me, why I didn't extend my delegation to a /48 and stay with the default /64. Well, the /64 allows me to put 56759212534490928 devices per cubic metre in my flat which should be enough for now).
Posted Oct 20, 2012 by Sebastian Nohn
Tagged as: Internet, IPv6, Linux, Networking
Most ALIX system boards come with onboard i2c temperature sensors. Nagios Plugins come with a check_sensors command.
However, the default lm-sensors configuration that ships with most distributions doesn't know about the ALIX sensors and the default Nagios plugin doesn't report performance data.
Once lm-sensors is installed and you run sensors-detect, the sensors command will output something like this:
root@bnalrr01:~# sensors
lm86-i2c-0-4c
Adapter: CS5536 ACB0
temp1: +30.0 C (low = +0.0 C, high = +70.0 C)
(crit = +85.0 C, hyst = +75.0 C)
temp2: +36.9 C (low = +0.0 C, high = +70.0 C)
(crit = +85.0 C, hyst = +75.0 C)
And the check_sensors probe would output something like this:
root@bnalrr01:~# ./check_sensors sensor ok
To make the senors output more verbose, add this to your /etc/sensors3.conf:
chip "lm90-*" "adm1032-*" "lm86-*" "max6657-*" "adt7461-*" label temp1 "M/B Temp" label temp2 "CPU Temp" label tcrit1 "M/B Crit" label tcrit2 "CPU Crit"
Now the sensors command is a bit more verbose on the sensors:
root@bnalrr01:~# sensors
lm86-i2c-0-4c
Adapter: CS5536 ACB0
M/B Temp: +30.0 C (low = +0.0 C, high = +70.0 C)
(crit = +85.0 C, hyst = +75.0 C)
CPU Temp: +36.6 C (low = +0.0 C, high = +70.0 C)
(crit = +85.0 C, hyst = +75.0 C)
To add performance data to the check_sensors probe, replace the content with
#! /bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
PROGNAME=`basename $0`
PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
REVISION="1.4.15"
. $PROGPATH/utils.sh
print_usage() {
echo "Usage: $PROGNAME"
}
print_help() {
print_revision $PROGNAME $REVISION
echo ""
print_usage
echo ""
echo "This plugin checks hardware status using the lm_sensors package."
echo ""
support
exit 0
}
case "$1" in
--help)
print_help
exit 0
;;
-h)
print_help
exit 0
;;
--version)
print_revision $PROGNAME $REVISION
exit 0
;;
-V)
print_revision $PROGNAME $REVISION
exit 0
;;
*)
sensordata=`sensors 2>&1`
CPUHEAT=`sensors -A | grep CPU | grep Temp | cut -c 15,16`
MOBHEAT=`sensors -A | grep M/B | grep Temp | cut -c 15,16`
PERFDATA="cpu_temp=$CPUHEAT;mob_heat=$MOBHEAT"
status=$?
if test "$1" = "-v" -o "$1" = "--verbose"; then
echo ${sensordata}
fi
if test ${status} -eq 127; then
echo "SENSORS UNKNOWN - command not found (did you install lmsensors?)"
exit -1
elif test ${status} -ne 0 ; then
echo "WARNING - sensors returned state $status |$PERFDATA"
exit 1
fi
if echo ${sensordata} | egrep ALARM > /dev/null; then
echo "SENSOR CRITICAL - Sensor alarm detected! |$PERFDATA"
exit 2
else
echo "sensor ok |$PERFDATA"
exit 0
fi
;;
esac
Now it prints out performance data and can be graphed with pnp4nagios:
root@bnalrr01:~# ./check_temp_sensors sensor ok |cpu_temp=36;mob_heat=30
Posted Mar 05, 2011 by Sebastian Nohn
Tagged as: ALIX, i2c, lm-sensors, Nagios
If you don't know, what I want to tell with this post, just forget it. If you do, press Shift-Scrl-Lock.
Posted Feb 13, 2011 by Sebastian Nohn
Tagged as: IBM, Lenovo, Numlock, Thinkpad
When asked to review the new edition of Marc Deslisle's book Mastering phpMyAdmin 3.3.X for Effective MySQL Management, I said yes, as I already liked one of the previous editions a lot. Again I was surprised, how good the book is.
In addition to some rewritten chapters and parts, completely new aspects of phpMyAdmin are introduced compared to the 3.1 edition. This includes complete new chapters covering the new data and structure syncronization, replication features and change tracking features of phpMyAdmin 3.3.
Even if you already own a previous edition of this book, you should consider buying the new edition, as it has been improved in many different aspects.
Posted Feb 13, 2011 by Sebastian Nohn
Tagged as: Book, MySQL, PHP, phpMyAdmin, Review
Nov 4 17:32:31 startup archives install Nov 4 17:32:37 install mod-pagespeed-beta0.9.0.0-r128 Nov 4 17:32:37 status half-installed mod-pagespeed-beta 0.9.0.0-r128 Nov 4 17:32:38 configure mod-pagespeed-beta 0.9.0.0-r128 0.9.0.0-r128 Nov 4 17:32:38 status half-configured mod-pagespeed-beta 0.9.0.0-r128 Nov 4 17:32:38 status unpacked mod-pagespeed-beta 0.9.0.0-r128 Nov 4 17:32:38 status unpacked mod-pagespeed-beta 0.9.0.0-r128 Nov 4 17:32:38 status unpacked mod-pagespeed-beta 0.9.0.0-r128 Nov 4 17:32:38 status unpacked mod-pagespeed-beta 0.9.0.0-r128 Nov 4 17:32:38 status unpacked mod-pagespeed-beta 0.9.0.0-r128 Nov 4 17:32:39 status installed mod-pagespeed-beta 0.9.0.0-r128 Nov 4 17:32:54 bnibws02 sudo: sebastian : TTY=pts/1 ; PWD=/home/sebastian ; USER=root ; COMMAND=/etc/init.d/apache2 restart Nov 4 17:35:12 bnibws02 kernel: [ 3839.801359] CPU0: Core temperature above threshold, cpu clock throttled (total events = 1) Nov 4 17:35:15 bnibws02 kernel: [ 3839.801363] Disabling lock debugging due to kernel taint Nov 4 17:35:15 bnibws02 kernel: [ 3839.801724] CPU0: Core temperature/speed normal Nov 4 17:36:08 bnibws02 kernel: [ 3900.000027] Machine check events logged Nov 4 17:40:12 bnibws02 login[5033]: pam_unix(login:session): session opened for user sebastian by LOGIN(uid=0) Nov 4 17:40:58 bnibws02 kernel: [ 4190.528549] possible SYN flooding on port 80. Sending cookies. Nov 4 17:41:41 bnibws02 kernel: [ 4234.950287] CPU0: Core temperature above threshold, cpu clock throttled (total events = 9) Nov 4 17:41:41 bnibws02 kernel: [ 4234.950653] CPU0: Core temperature/speed normal Nov 4 17:41:59 bnibws02 kernel: [ 4252.256557] possible SYN flooding on port 80. Sending cookies. Nov 4 17:43:23 bnibws02 sudo: sebastian : TTY=tty1 ; PWD=/home/sebastian ; USER=root ; COMMAND=/etc/init.d/apache2 stop Nov 4 17:43:36 bnibws02 kernel: [ 4350.000059] Machine check events logged Nov 4 17:46:42 bnibws02 kernel: [ 4534.950368] CPU0: Core temperature above threshold, cpu clock throttled (total events = 55481) Nov 4 17:46:44 bnibws02 kernel: [ 4534.950735] CPU0: Core temperature/speed normal Nov 4 17:47:23 bnibws02 sudo: sebastian : TTY=tty1 ; PWD=/home/sebastian ; USER=root ; COMMAND=/usr/bin/killall -9 apache2 Nov 4 17:47:43 bnibws02 kernel: [ 4596.016227] possible SYN flooding on port 80. Sending cookies. Nov 4 17:48:16 bnibws02 sudo: sebastian : TTY=tty1 ; PWD=/home/sebastian ; USER=root ; COMMAND=/usr/bin/killall -9 apache2 Nov 4 17:49:58 bnibws02 sudo: sebastian : TTY=pts/3 ; PWD=/etc/apache2/mods-enabled ; USER=root ; COMMAND=/bin/mv pagespeed.conf pagespeed.load ../mods-available/ Nov 4 17:50:08 bnibws02 sudo: sebastian : TTY=pts/3 ; PWD=/etc/apache2/mods-enabled ; USER=root ; COMMAND=/bin/rm pagespeed.conf pagespeed.load
Posted Nov 04, 2010 by Sebastian Nohn
Tagged as: Apache, Google, Software Quality
<<< Page 1 of 8 >>>