[02:17] *** j3m has quit IRC (Read error: Operation timed out)
[06:58] *** ziyourenxiang has joined #arpnetworks
[07:46] <jdoe> vsftpd, but I'd recommend not using ftp at all if you can avoid it.
[07:46] <RandalSchwartz> sftp ftw
[07:46] <jdoe> ^^^
[07:47] <RandalSchwartz> ftp wtf. :)
[07:47] <jdoe> haha.
[07:47] <jdoe> ^^^ again.
[07:47] <RandalSchwartz> and ftp requires complex firewall rules
[07:48] <jdoe> hrm... I wonder if a rewrite with POE is a better alternative to Net::Server::Multiplex
[07:49] <RandalSchwartz> what protocol?
[07:53] <jdoe> tcp
[07:53] <RandalSchwartz> yes... above that?
[07:53] <RandalSchwartz> you doing http?
[07:57] <jdoe> naw, proprietary protocol
[07:57] <jdoe> plaintext though, delimited by \n
[08:50] *** ziyourenxiang has quit IRC (Quit: ziyourenxiang)
[09:19] *** cedwards has joined #arpnetworks
[10:24] *** viq has joined #arpnetworks
[11:22] <cedwards> anyone care to handle an ipv6 question?
[11:23] <jdoe> might as well ask, you never know.
[11:26] <cedwards> I've only played with ipv6 in a lab environment, and I've not yet done anything with my allotment here.
[11:26] <jdoe> so what's the problem?
[11:27] <cedwards> sorry, got sidetracked by my kids.
[11:28] <cedwards> my current ipv6 config for my arp box is: 2607:f2f8:46c0::3 prefixlen 48
[11:28] <cedwards> what does that translate to? how many addresses is that?
[11:30] <cedwards> or, I guess that is just a single IP/48
[11:30] <cedwards> (again, really new to ipv6)
[11:30] <toddf_> typical IPV6 allocation goes like this
[11:30] <cedwards> so if I wanted to add AAAA records to BIND, I would add '2607:f2f8:46c0::3'
[11:30] <toddf_>  /32 = 65535 /48's (allocated to isp's like arpnetworks)
[11:31] <toddf_>  /48 = 65535 /64's (allocated to individual customers, arp is gracious enough to consider a vm customer a `customer')
[11:31] <toddf_>  /64 = 2^64 IPv6 IP's on an ethernet subnet (typical allocation for an ethernet subnet)
[11:32] <toddf_> forward/reverse uses the full nibbles in hex
[11:32] <cedwards> 18446744073709551616. WAY more than you'll ever use :)
[11:33] <toddf_> 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.6.4.8.f.2.f.7.0.6.2.ip6.arpa IN PTR yourhostname.example.com
[11:33] <toddf_> there are 128 bits total, so take the cidr bitmask and subtract that from 128 to get the power to raise to 2 for the # of addresses in the allocation
[11:34] <toddf_> so 2^(128-32) = 79228162514264337593543950336 IP's for arp to dish out
[11:34] <cedwards> and 2^(128-48) for each of us?
[11:35] <dxtr> yep
[11:35] * cedwards 's mind is blown
[11:36] <dxtr> Think of the possibilites!
[11:36] <dxtr> possibilities!
[11:36] <dxtr> With that many IP addresses I'll never have to use the same IP twice!
[11:36] <cedwards> dxtr: it's like the number of excuses you had against actually reading your books for your reports!
[11:37] <dxtr> cedwards: I've only done one so far
[11:37] <dxtr> Just started on the second one :P
[11:37] <dxtr> I intended to do them yesterday. But lots of beer got in my way
[11:38] <cedwards> while that is a mind-blowingly large number, what is the practical application to a VPS customer?
[11:39] <dxtr> Of all these IPs?
[11:39] <dxtr> Or ipv6 in general?
[11:39] <cedwards> ie; I've got two boxes with ARP, and each has a few jails. In that case I'd use, what, a half-dozen of my gazillion IPs?
[11:39] <dxtr> Kind of :D
[11:39] <dxtr> There's no real practical use for all these IPs
[11:42] <dxtr> A /96 would be like... 4294967296 addresses
[11:42] <dxtr> As in todays entire address space :P
[11:42] <toddf_> just keep in mind things like auto configuration (rtadvd/rtsol) work only with /64 on the wire
[11:43] <toddf_> personally I use one /64 at arpnetworks and plan to tunnel the other 65534 /64's to remote systems
[11:43] <dxtr> How do one do that?
[11:43] <toddf_> depends on the os in general
[11:43] <dxtr> fbsd..?
[11:43] <toddf_> step 1 involves requesting that arpnetworks presents a /64 to the network and routes the rest of the /48 to your vm
[11:43] <toddf_> I'm an OpenBSD junkie/dev/etc
[11:44] <dxtr> Right
[11:44] <dxtr> Presents a /64 to the network?
[11:45] <toddf_> aka he needs to do 'ifconfig vlanX inet6 alias delete <yournetwork>' 'ifconfig vlanX inet6 alias <yournetwork> prefixlen 64'
[11:45] <toddf_> then save that in /etc/hostname.vlanX for your net on his openbsd v6 router *grin*
[11:47] <cedwards> so, easing into things here, if I want to assign ipv6 addresses to each of my jails (currently configured on lo1) I'd do:
[11:47] <cedwards> ifconfig_lo1_alias0="inet6 foo prefixlen bar" ?
[11:48] <toddf_> I'm no freebsd expert but whatever prefixlen arp has for their router you need to match that on your 'prefixlen' option otherwise the default gateway won't be reachable
[11:49] <cedwards> my current config is:
[11:49] <cedwards> ipv6_enable="YES"
[11:49] <cedwards> ipv6_defaultrouter="2607:f2f8:46c0::1"
[11:49] <cedwards> ipv6_ifconfig_em0="2607:f2f8:46c0::3 prefixlen 48"
[11:49] <cedwards> my other box is 2607:f2f8:4603::2 prefixlen 48. I'm assuming at this point I can start assigning ::4, ::5, ::6?
[11:50] <toddf_> you can address 2607:f2f8:f6c0:: , 2607:f2f8:f6c0::2 - 2607:f2f8:f6c0:ffff:ffff:ffff:ffff:ffff on your vm's / jails / etc
[11:50] <cedwards> (note: I've not been able to actually test this as I can't get tunneling to work at home)
[11:51] <toddf_> I don't note that either ::2 or ::3 responds to a ping
[11:51] <toddf_> do you have a 'block all' on your firewall by chance?
[11:52] <toddf_> note that v6 uses multicast which can be blocked by pf for its mac address resolution (called `ndp')
[11:52] <cedwards> I have 'block in all log'
[11:52] <dxtr> Yay! I got an A in my programming course :)
[11:53] <toddf_> # block in log
[11:53] <toddf_> # XXX the next 5 lines are required as opposed to the above one
[11:53] <toddf_> #  because v6 fragments are not handled by pf
[11:53] <toddf_> block in log inet
[11:53] <toddf_> block in log inet6 proto udp
[11:53] <toddf_> block in log inet6 proto tcp
[11:53] <toddf_> block in log inet6 proto icmp6
[11:53] <toddf_> block in log inet6 proto esp
[11:53] <toddf_> block in log inet6 proto ipv6
[11:53] <toddf_> pass in inet6 proto icmp6 from { fe80::/16 (egress:network) } icmp6-type { echorep fqdnrep }
[11:53] <toddf_> pass in inet6 proto icmp6 icmp6-type { neighbradv routeradv neighbrsol }
[11:53] <toddf_> pass in inet6 proto icmp6 icmp6-type { echoreq fqdnreq }
[11:53] <toddf_> that should let v6 work
[11:56] <dxtr> toddf_: My home firewall is running openbsd btw +o
[11:56] <dxtr> \o
[11:57] <toddf_> \o/
[11:57] <toddf_>  |
[11:57] <toddf_>  / \
[11:57] <cedwards> toddf_: I added those lines. It should be pingable now?
[11:57] <toddf_> bah
[11:57] <dxtr> Gaga
[11:57] <dxtr> Hahah
[11:57] <toddf_> what do you see on pflog0 and on your external interface, I still can't ping6 it
[11:58] <toddf_> 'tcpdump ... -i em0 ip6' saves you the v4 deluge
[11:58] <dxtr> I'm thinking about upgrading it to 4.7
[11:59] <toddf_> this works on many releases not just 4.7 but there are other reasons to upgrade if you can
[11:59] <dxtr> "this" as in..?
[11:59] <toddf_> I've got a mailserver with a postgresql database i must upgrade that took 16h to dump and restore last time, will have to halt mail during that time, trying to find a way around that .. ;-)
[11:59] <toddf_> `this' as in the above v6 stuff, sorry confused you with cedwards momentarily
[12:00] <dxtr> I've got v6 up and running on it
[12:00] <toddf_> so I can't just upgrade .. must plan
[12:00] <cedwards> toddf_: I see this in tcpdump when I ping from my second box:
[12:00] <cedwards> 13:07:02.154906 IP6 2607:f2f8:46c0::2 > ff02::1:ff00:3: ICMP6, neighbor solicitation, who has 2607:f2f8:46c0::3, length 32
[12:00] *** toddf_ is now known as toddf
[12:00] <cedwards> the ping doesn't show success on the source
[12:01] * viq waves to toddf  ;)
[12:01] *** ChanServ sets mode: +o toddf
[12:01] * toddf waves to viq
[12:03] <cedwards> .. the only ipv6 addresses I can ping are my locally assigned ones. I can't even ping the defaultrouter address.
[12:05] <toddf> that wuld be a problem
[12:05] <toddf> doublecheck your ips are right
[12:05] <cedwards> unless i'm doing it wrong(tm)
[12:05] <toddf> ping6 -n -w ff02::2%em0
[12:05] <toddf> that should show your router ip
[12:06] <toddf> the %em0 == linklocal
[12:07] <cedwards> my second box tcpdump shows this when I run that: 13:13:48.580637 IP6 fe80::5054:ff:fe27:2374 > ff02::2: ICMP6, who-are-you request node information query (DNS name, subject=ff02::2), length 32
[12:07] <toddf> note routers should be linklocal not global, the global happens to work but is a .. way advocated by vendors who do not know better imho
[12:08] <toddf> the ff02::2 should respond with any routers with v6
[12:08] <toddf> the ff02::1 should respond with any nodes with v6
[12:09] <toddf> take out the -w for all non kame based nodes, aka linux and cisco on the same link
[12:09] <toddf> (kame is the group that engineered the bsd v6 stack, basically)
[12:09] <cedwards> with that I see this on my tcpdump: 13:16:36.984632 IP6 fe80::5054:ff:fe27:2374 > ff02::2: ICMP6, echo request, seq 3, length 16
[12:10] <toddf> no response from my vm:
[12:10] <toddf> $ ping6 -n -w ff02::1%em0
[12:10] <toddf> PING6(72=40+8+24 bytes) fe80::5054:ff:fe27:2122%em0 --> ff02::1%em0
[12:10] <toddf> 40 bytes from fe80::5054:ff:fe27:2122%em0: 0.v.freedaemon.com.
[12:10] <toddf> 44 bytes from fe80::5054:ff:fe27:9007%em0: s3.lax.arpnetworks.com.
[12:10] <toddf> 40 bytes from fe80::5054:ff:fe27:2122%em0: 0.v.freedaemon.com.
[12:10] <toddf> 44 bytes from fe80::5054:ff:fe27:9007%em0: s3.lax.arpnetworks.com.
[12:11] <toddf> ^C
[12:11] <toddf> --- ff02::1%em0 ping6 statistics ---
[12:11] <toddf> 2 packets transmitted, 2 packets received, +2 duplicates, 0.0% packet loss
[12:11] <toddf> $ ping6 -n -w ff02::2%em0
[12:11] <toddf> PING6(72=40+8+24 bytes) fe80::5054:ff:fe27:2122%em0 --> ff02::2%em0
[12:11] <toddf> ^C
[12:11] <toddf> --- ff02::2%em0 ping6 statistics ---
[12:11] <toddf> 5 packets transmitted, 0 packets received, 100.0% packet loss
[12:11] <toddf> $ on the ff02::2, interesting trick arp is doing
[12:11] <toddf> $ netstat -nr -f inet6 | grep default
[12:11] <toddf> default                            fe80::5054:ff:fe27:9007%em0    UGS       12  2247695     -     8 em0
[12:12] <toddf> do you get anything in pflog0 or on the ff02::1%em0 ping besides your hosts?
[12:13] <cedwards> [root@stringer ~]# ping6 -n ff02::2%em0
[12:13] <cedwards> PING6(56=40+8+8 bytes) fe80::5054:ff:fe27:2374%em0 --> ff02::2%em0
[12:13] <cedwards> ^C
[12:13] <cedwards> nothing ever comes back from that.
[12:14] <cedwards> ::1 responds
[12:15] * cedwards is thinking he doesn't have things configured properly, but it might have to wait.
[12:17] <toddf> what do you get from ::1 ?
[12:17] <toddf> I noted above even on my own vm ::2 doesn't respond either
[12:17] <toddf> it should, I suspect over zealous firewalling at the router
[12:18] <toddf> since routers respond if forwarding is enabled, which it is, i know, my packets get through ;-)
[12:23] <cedwards> ping responds at ::1 from either host.
[12:23] <cedwards> using ping6 -n ff02::1%em0
[12:24] <cedwards> if I add the -w it responds, and with my own hostname.
[12:25] <cedwards> is ff02::1 equivalent to 127.0.0.1?
[12:25] <cedwards> and the % specifies the interface to use?
[12:36] <toddf> ff02::/8 is multicast
[12:37] <toddf> ::1 all by itself is equiv of 127.0.0.1
[12:37] <cedwards> i find i can't ping ipv6.google.com anymore either. i swore i did that before.
[12:37] <toddf> % specifies the interface for link localk
[13:16] <dxtr> beer + study \o
[13:19] *** nerdd has joined #arpnetworks
[13:21] *** nerdd_ has quit IRC (Ping timeout: 264 seconds)
[16:13] <cedwards> I'm trying to configure my FreeBSD jail to use MSP instead of a full MTA, but it seems to be ignoring my /etc/aliases. Is that to be expected?
[16:16] *** cedwards has quit IRC (Changing host)
[16:16] *** cedwards has joined #arpnetworks
[17:02] *** AndrewBC has quit IRC (Ping timeout: 240 seconds)
[17:06] *** AndrewBC has joined #arpnetworks
[18:30] *** ziyourenxiang has joined #arpnetworks
[19:22] *** cmeiklejohn has joined #arpnetworks
[19:22] *** cmeiklejohn has quit IRC (Changing host)
[19:22] *** cmeiklejohn has joined #arpnetworks
[19:24] *** heavysixer has quit IRC (Quit: heavysixer)
[19:55] *** ziyourenxiang has quit IRC (Quit: ziyourenxiang)
[20:56] *** boogeyman has joined #arpnetworks
[21:06] *** hsbt has quit IRC (Ping timeout: 248 seconds)
[22:19] *** hsbt has joined #arpnetworks
[22:47] *** boogeyman has quit IRC (Ping timeout: 265 seconds)