vsftpd, but I'd recommend not using ftp at all if you can avoid it.
sftp ftw
^^^
ftp wtf. :)
haha.
^^^ again.
and ftp requires complex firewall rules
hrm... I wonder if a rewrite with POE is a better alternative to Net::Server::Multiplex
what protocol?
tcp
yes... above that?
you doing http?
naw, proprietary protocol
plaintext though, delimited by \n
anyone care to handle an ipv6 question?
might as well ask, you never know.
I've only played with ipv6 in a lab environment, and I've not yet done anything with my allotment here.
so what's the problem?
sorry, got sidetracked by my kids.
my current ipv6 config for my arp box is: 2607:f2f8:46c0::3 prefixlen 48
what does that translate to? how many addresses is that?
or, I guess that is just a single IP/48
(again, really new to ipv6)
typical IPV6 allocation goes like this
so if I wanted to add AAAA records to BIND, I would add '2607:f2f8:46c0::3'
 /32 = 65535 /48's (allocated to isp's like arpnetworks)
 /48 = 65535 /64's (allocated to individual customers, arp is gracious enough to consider a vm customer a `customer')
 /64 = 2^64 IPv6 IP's on an ethernet subnet (typical allocation for an ethernet subnet)
forward/reverse uses the full nibbles in hex
18446744073709551616. WAY more than you'll ever use :)
3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.6.4.8.f.2.f.7.0.6.2.ip6.arpa IN PTR yourhostname.example.com
there are 128 bits total, so take the cidr bitmask and subtract that from 128 to get the power to raise to 2 for the # of addresses in the allocation
so 2^(128-32) = 79228162514264337593543950336 IP's for arp to dish out
and 2^(128-48) for each of us?
yep
Think of the possibilites!
possibilities!
With that many IP addresses I'll never have to use the same IP twice!
dxtr: it's like the number of excuses you had against actually reading your books for your reports!
cedwards: I've only done one so far
Just started on the second one :P
I intended to do them yesterday. But lots of beer got in my way
while that is a mind-blowingly large number, what is the practical application to a VPS customer?
Of all these IPs?
Or ipv6 in general?
ie; I've got two boxes with ARP, and each has a few jails. In that case I'd use, what, a half-dozen of my gazillion IPs?
Kind of :D
There's no real practical use for all these IPs
A /96 would be like... 4294967296 addresses
As in todays entire address space :P
just keep in mind things like auto configuration (rtadvd/rtsol) work only with /64 on the wire
personally I use one /64 at arpnetworks and plan to tunnel the other 65534 /64's to remote systems
How do one do that?
depends on the os in general
fbsd..?
step 1 involves requesting that arpnetworks presents a /64 to the network and routes the rest of the /48 to your vm
I'm an OpenBSD junkie/dev/etc
Right
Presents a /64 to the network?
aka he needs to do 'ifconfig vlanX inet6 alias delete <yournetwork>' 'ifconfig vlanX inet6 alias <yournetwork> prefixlen 64'
then save that in /etc/hostname.vlanX for your net on his openbsd v6 router *grin*
so, easing into things here, if I want to assign ipv6 addresses to each of my jails (currently configured on lo1) I'd do:
ifconfig_lo1_alias0="inet6 foo prefixlen bar" ?
I'm no freebsd expert but whatever prefixlen arp has for their router you need to match that on your 'prefixlen' option otherwise the default gateway won't be reachable
my current config is:
ipv6_enable="YES"
ipv6_defaultrouter="2607:f2f8:46c0::1"
ipv6_ifconfig_em0="2607:f2f8:46c0::3 prefixlen 48"
my other box is 2607:f2f8:4603::2 prefixlen 48. I'm assuming at this point I can start assigning ::4, ::5, ::6?
you can address 2607:f2f8:f6c0:: , 2607:f2f8:f6c0::2 - 2607:f2f8:f6c0:ffff:ffff:ffff:ffff:ffff on your vm's / jails / etc
(note: I've not been able to actually test this as I can't get tunneling to work at home)
I don't note that either ::2 or ::3 responds to a ping
do you have a 'block all' on your firewall by chance?
note that v6 uses multicast which can be blocked by pf for its mac address resolution (called `ndp')
I have 'block in all log'
Yay! I got an A in my programming course :)
# block in log
# XXX the next 5 lines are required as opposed to the above one
#  because v6 fragments are not handled by pf
block in log inet
block in log inet6 proto udp
block in log inet6 proto tcp
block in log inet6 proto icmp6
block in log inet6 proto esp
block in log inet6 proto ipv6
pass in inet6 proto icmp6 from { fe80::/16 (egress:network) } icmp6-type { echorep fqdnrep }
pass in inet6 proto icmp6 icmp6-type { neighbradv routeradv neighbrsol }
pass in inet6 proto icmp6 icmp6-type { echoreq fqdnreq }
that should let v6 work
toddf_: My home firewall is running openbsd btw +o
\o
\o/
 |
 / \
toddf_: I added those lines. It should be pingable now?
bah
Gaga
Hahah
what do you see on pflog0 and on your external interface, I still can't ping6 it
'tcpdump ... -i em0 ip6' saves you the v4 deluge
I'm thinking about upgrading it to 4.7
this works on many releases not just 4.7 but there are other reasons to upgrade if you can
"this" as in..?
I've got a mailserver with a postgresql database i must upgrade that took 16h to dump and restore last time, will have to halt mail during that time, trying to find a way around that .. ;-)
`this' as in the above v6 stuff, sorry confused you with cedwards momentarily
I've got v6 up and running on it
so I can't just upgrade .. must plan
toddf_: I see this in tcpdump when I ping from my second box:
13:07:02.154906 IP6 2607:f2f8:46c0::2 > ff02::1:ff00:3: ICMP6, neighbor solicitation, who has 2607:f2f8:46c0::3, length 32
the ping doesn't show success on the source
.. the only ipv6 addresses I can ping are my locally assigned ones. I can't even ping the defaultrouter address.
that wuld be a problem
doublecheck your ips are right
unless i'm doing it wrong(tm)
ping6 -n -w ff02::2%em0
that should show your router ip
the %em0 == linklocal
my second box tcpdump shows this when I run that: 13:13:48.580637 IP6 fe80::5054:ff:fe27:2374 > ff02::2: ICMP6, who-are-you request node information query (DNS name, subject=ff02::2), length 32
note routers should be linklocal not global, the global happens to work but is a .. way advocated by vendors who do not know better imho
the ff02::2 should respond with any routers with v6
the ff02::1 should respond with any nodes with v6
take out the -w for all non kame based nodes, aka linux and cisco on the same link
(kame is the group that engineered the bsd v6 stack, basically)
with that I see this on my tcpdump: 13:16:36.984632 IP6 fe80::5054:ff:fe27:2374 > ff02::2: ICMP6, echo request, seq 3, length 16
no response from my vm:
$ ping6 -n -w ff02::1%em0
PING6(72=40+8+24 bytes) fe80::5054:ff:fe27:2122%em0 --> ff02::1%em0
40 bytes from fe80::5054:ff:fe27:2122%em0: 0.v.freedaemon.com.
44 bytes from fe80::5054:ff:fe27:9007%em0: s3.lax.arpnetworks.com.
40 bytes from fe80::5054:ff:fe27:2122%em0: 0.v.freedaemon.com.
44 bytes from fe80::5054:ff:fe27:9007%em0: s3.lax.arpnetworks.com.
^C
--- ff02::1%em0 ping6 statistics ---
2 packets transmitted, 2 packets received, +2 duplicates, 0.0% packet loss
$ ping6 -n -w ff02::2%em0
PING6(72=40+8+24 bytes) fe80::5054:ff:fe27:2122%em0 --> ff02::2%em0
^C
--- ff02::2%em0 ping6 statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
$ on the ff02::2, interesting trick arp is doing
$ netstat -nr -f inet6 | grep default
default                            fe80::5054:ff:fe27:9007%em0    UGS       12  2247695     -     8 em0
do you get anything in pflog0 or on the ff02::1%em0 ping besides your hosts?
[root@stringer ~]# ping6 -n ff02::2%em0
PING6(56=40+8+8 bytes) fe80::5054:ff:fe27:2374%em0 --> ff02::2%em0
^C
nothing ever comes back from that.
::1 responds
what do you get from ::1 ?
I noted above even on my own vm ::2 doesn't respond either
it should, I suspect over zealous firewalling at the router
since routers respond if forwarding is enabled, which it is, i know, my packets get through ;-)
ping responds at ::1 from either host.
using ping6 -n ff02::1%em0
if I add the -w it responds, and with my own hostname.
is ff02::1 equivalent to 127.0.0.1?
and the % specifies the interface to use?
ff02::/8 is multicast
::1 all by itself is equiv of 127.0.0.1
i find i can't ping ipv6.google.com anymore either. i swore i did that before.
% specifies the interface for link localk
beer + study \o
I'm trying to configure my FreeBSD jail to use MSP instead of a full MTA, but it seems to be ignoring my /etc/aliases. Is that to be expected?