| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
| Who | What | When |
|---|---|---|
| *** | j3m has quit IRC (Read error: Operation timed out) | [02:17] |
| ......................................................... (idle for 4h41mn) | ||
| ziyourenxiang has joined #arpnetworks | [06:58] | |
| .......... (idle for 48mn) | ||
| jdoe | vsftpd, but I'd recommend not using ftp at all if you can avoid it. | [07:46] |
| RandalSchwartz | sftp ftw | [07:46] |
| jdoe | ^^^ | [07:46] |
| RandalSchwartz | ftp wtf. :) | [07:47] |
| jdoe | haha.
^^^ again. | [07:47] |
| RandalSchwartz | and ftp requires complex firewall rules | [07:47] |
| jdoe | hrm... I wonder if a rewrite with POE is a better alternative to Net::Server::Multiplex | [07:48] |
| RandalSchwartz | what protocol? | [07:49] |
| jdoe | tcp | [07:53] |
| RandalSchwartz | yes... above that?
you doing http? | [07:53] |
| jdoe | naw, proprietary protocol
plaintext though, delimited by n | [07:57] |
| ........... (idle for 53mn) | ||
| *** | ziyourenxiang has quit IRC (Quit: ziyourenxiang) | [08:50] |
| ...... (idle for 29mn) | ||
| cedwards has joined #arpnetworks | [09:19] | |
| .............. (idle for 1h5mn) | ||
| viq has joined #arpnetworks | [10:24] | |
| ............ (idle for 58mn) | ||
| cedwards | anyone care to handle an ipv6 question? | [11:22] |
| jdoe | might as well ask, you never know. | [11:23] |
| cedwards | I've only played with ipv6 in a lab environment, and I've not yet done anything with my allotment here. | [11:26] |
| jdoe | so what's the problem? | [11:26] |
| cedwards | sorry, got sidetracked by my kids.
my current ipv6 config for my arp box is: 2607:f2f8:46c0::3 prefixlen 48 what does that translate to? how many addresses is that? or, I guess that is just a single IP/48 (again, really new to ipv6) | [11:27] |
| toddf_ | typical IPV6 allocation goes like this | [11:30] |
| cedwards | so if I wanted to add AAAA records to BIND, I would add '2607:f2f8:46c0::3' | [11:30] |
| toddf_ | /32 = 65535 /48's (allocated to isp's like arpnetworks)
/48 = 65535 /64's (allocated to individual customers, arp is gracious enough to consider a vm customer a `customer') /64 = 2^64 IPv6 IP's on an ethernet subnet (typical allocation for an ethernet subnet) forward/reverse uses the full nibbles in hex | [11:30] |
| cedwards | 18446744073709551616. WAY more than you'll ever use :) | [11:32] |
| toddf_ | 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.6.4.8.f.2.f.7.0.6.2.ip6.arpa IN PTR yourhostname.example.com
there are 128 bits total, so take the cidr bitmask and subtract that from 128 to get the power to raise to 2 for the # of addresses in the allocation so 2^(128-32) = 79228162514264337593543950336 IP's for arp to dish out | [11:33] |
| cedwards | and 2^(128-48) for each of us? | [11:34] |
| dxtr | yep | [11:35] |
| cedwards | cedwards 's mind is blown | [11:35] |
| dxtr | Think of the possibilites!
possibilities! With that many IP addresses I'll never have to use the same IP twice! | [11:36] |
| cedwards | dxtr: it's like the number of excuses you had against actually reading your books for your reports! | [11:36] |
| dxtr | cedwards: I've only done one so far
Just started on the second one :P I intended to do them yesterday. But lots of beer got in my way | [11:37] |
| cedwards | while that is a mind-blowingly large number, what is the practical application to a VPS customer? | [11:38] |
| dxtr | Of all these IPs?
Or ipv6 in general? | [11:39] |
| cedwards | ie; I've got two boxes with ARP, and each has a few jails. In that case I'd use, what, a half-dozen of my gazillion IPs? | [11:39] |
| dxtr | Kind of :D
There's no real practical use for all these IPs A /96 would be like... 4294967296 addresses As in todays entire address space :P | [11:39] |
| toddf_ | just keep in mind things like auto configuration (rtadvd/rtsol) work only with /64 on the wire
personally I use one /64 at arpnetworks and plan to tunnel the other 65534 /64's to remote systems | [11:42] |
| dxtr | How do one do that? | [11:43] |
| toddf_ | depends on the os in general | [11:43] |
| dxtr | fbsd..? | [11:43] |
| toddf_ | step 1 involves requesting that arpnetworks presents a /64 to the network and routes the rest of the /48 to your vm
I'm an OpenBSD junkie/dev/etc | [11:43] |
| dxtr | Right
Presents a /64 to the network? | [11:44] |
| toddf_ | aka he needs to do 'ifconfig vlanX inet6 alias delete <yournetwork>' 'ifconfig vlanX inet6 alias <yournetwork> prefixlen 64'
then save that in /etc/hostname.vlanX for your net on his openbsd v6 router *grin* | [11:45] |
| cedwards | so, easing into things here, if I want to assign ipv6 addresses to each of my jails (currently configured on lo1) I'd do:
ifconfig_lo1_alias0="inet6 foo prefixlen bar" ? | [11:47] |
| toddf_ | I'm no freebsd expert but whatever prefixlen arp has for their router you need to match that on your 'prefixlen' option otherwise the default gateway won't be reachable | [11:48] |
| cedwards | my current config is:
ipv6_enable="YES" ipv6_defaultrouter="2607:f2f8:46c0::1" ipv6_ifconfig_em0="2607:f2f8:46c0::3 prefixlen 48" my other box is 2607:f2f8:4603::2 prefixlen 48. I'm assuming at this point I can start assigning ::4, ::5, ::6? | [11:49] |
| toddf_ | you can address 2607:f2f8:f6c0:: , 2607:f2f8:f6c0::2 - 2607:f2f8:f6c0:ffff:ffff:ffff:ffff:ffff on your vm's / jails / etc | [11:50] |
| cedwards | (note: I've not been able to actually test this as I can't get tunneling to work at home) | [11:50] |
| toddf_ | I don't note that either ::2 or ::3 responds to a ping
do you have a 'block all' on your firewall by chance? note that v6 uses multicast which can be blocked by pf for its mac address resolution (called `ndp') | [11:51] |
| cedwards | I have 'block in all log' | [11:52] |
| dxtr | Yay! I got an A in my programming course :) | [11:52] |
| toddf_ | # block in log
# XXX the next 5 lines are required as opposed to the above one # because v6 fragments are not handled by pf block in log inet block in log inet6 proto udp block in log inet6 proto tcp block in log inet6 proto icmp6 block in log inet6 proto esp block in log inet6 proto ipv6 pass in inet6 proto icmp6 from { fe80::/16 (egress:network) } icmp6-type { echorep fqdnrep } pass in inet6 proto icmp6 icmp6-type { neighbradv routeradv neighbrsol } pass in inet6 proto icmp6 icmp6-type { echoreq fqdnreq } that should let v6 work | [11:53] |
| dxtr | toddf_: My home firewall is running openbsd btw +o
o | [11:56] |
| toddf_ | o/
| / [11:57] <cedwards> toddf_: I added those lines. It should be pingable now? bah | [11:57] |
| dxtr | Gaga
Hahah | [11:57] |
| toddf_ | what do you see on pflog0 and on your external interface, I still can't ping6 it
'tcpdump ... -i em0 ip6' saves you the v4 deluge | [11:57] |
| dxtr | I'm thinking about upgrading it to 4.7 | [11:58] |
| toddf_ | this works on many releases not just 4.7 but there are other reasons to upgrade if you can | [11:59] |
| dxtr | "this" as in..? | [11:59] |
| toddf_ | I've got a mailserver with a postgresql database i must upgrade that took 16h to dump and restore last time, will have to halt mail during that time, trying to find a way around that .. ;-)
`this' as in the above v6 stuff, sorry confused you with cedwards momentarily | [11:59] |
| dxtr | I've got v6 up and running on it | [12:00] |
| toddf_ | so I can't just upgrade .. must plan | [12:00] |
| cedwards | toddf_: I see this in tcpdump when I ping from my second box:
13:07:02.154906 IP6 2607:f2f8:46c0::2 > ff02::1:ff00:3: ICMP6, neighbor solicitation, who has 2607:f2f8:46c0::3, length 32 | [12:00] |
| *** | toddf_ is now known as toddf | [12:00] |
| cedwards | the ping doesn't show success on the source | [12:00] |
| viq | viq waves to toddf ;) | [12:01] |
| *** | ChanServ sets mode: +o toddf | [12:01] |
| toddf | toddf waves to viq | [12:01] |
| cedwards | .. the only ipv6 addresses I can ping are my locally assigned ones. I can't even ping the defaultrouter address. | [12:03] |
| toddf | that wuld be a problem
doublecheck your ips are right | [12:05] |
| cedwards | unless i'm doing it wrong(tm) | [12:05] |
| toddf | ping6 -n -w ff02::2%em0
that should show your router ip the %em0 == linklocal | [12:05] |
| cedwards | my second box tcpdump shows this when I run that: 13:13:48.580637 IP6 fe80::5054:ff:fe27:2374 > ff02::2: ICMP6, who-are-you request node information query (DNS name, subject=ff02::2), length 32 | [12:07] |
| toddf | note routers should be linklocal not global, the global happens to work but is a .. way advocated by vendors who do not know better imho
the ff02::2 should respond with any routers with v6 the ff02::1 should respond with any nodes with v6 take out the -w for all non kame based nodes, aka linux and cisco on the same link (kame is the group that engineered the bsd v6 stack, basically) | [12:07] |
| cedwards | with that I see this on my tcpdump: 13:16:36.984632 IP6 fe80::5054:ff:fe27:2374 > ff02::2: ICMP6, echo request, seq 3, length 16 | [12:09] |
| toddf | no response from my vm:
$ ping6 -n -w ff02::1%em0 PING6(72=40+8+24 bytes) fe80::5054:ff:fe27:2122%em0 --> ff02::1%em0 40 bytes from fe80::5054:ff:fe27:2122%em0: 0.v.freedaemon.com. 44 bytes from fe80::5054:ff:fe27:9007%em0: s3.lax.arpnetworks.com. 40 bytes from fe80::5054:ff:fe27:2122%em0: 0.v.freedaemon.com. 44 bytes from fe80::5054:ff:fe27:9007%em0: s3.lax.arpnetworks.com. ^C --- ff02::1%em0 ping6 statistics --- 2 packets transmitted, 2 packets received, +2 duplicates, 0.0% packet loss $ ping6 -n -w ff02::2%em0 PING6(72=40+8+24 bytes) fe80::5054:ff:fe27:2122%em0 --> ff02::2%em0 ^C --- ff02::2%em0 ping6 statistics --- 5 packets transmitted, 0 packets received, 100.0% packet loss $ on the ff02::2, interesting trick arp is doing $ netstat -nr -f inet6 | grep default default fe80::5054:ff:fe27:9007%em0 UGS 12 2247695 - 8 em0 do you get anything in pflog0 or on the ff02::1%em0 ping besides your hosts? | [12:10] |
| cedwards | [root@stringer ~]# ping6 -n ff02::2%em0
PING6(56=40+8+8 bytes) fe80::5054:ff:fe27:2374%em0 --> ff02::2%em0 ^C nothing ever comes back from that. ::1 responds cedwards is thinking he doesn't have things configured properly, but it might have to wait. | [12:13] |
| toddf | what do you get from ::1 ?
I noted above even on my own vm ::2 doesn't respond either it should, I suspect over zealous firewalling at the router since routers respond if forwarding is enabled, which it is, i know, my packets get through ;-) | [12:17] |
| cedwards | ping responds at ::1 from either host.
using ping6 -n ff02::1%em0 if I add the -w it responds, and with my own hostname. is ff02::1 equivalent to 127.0.0.1? and the % specifies the interface to use? | [12:23] |
| toddf | ff02::/8 is multicast
::1 all by itself is equiv of 127.0.0.1 | [12:36] |
| cedwards | i find i can't ping ipv6.google.com anymore either. i swore i did that before. | [12:37] |
| toddf | % specifies the interface for link localk | [12:37] |
| ........ (idle for 39mn) | ||
| dxtr | beer + study o | [13:16] |
| *** | nerdd has joined #arpnetworks
nerdd_ has quit IRC (Ping timeout: 264 seconds) | [13:19] |
| ................................... (idle for 2h52mn) | ||
| cedwards | I'm trying to configure my FreeBSD jail to use MSP instead of a full MTA, but it seems to be ignoring my /etc/aliases. Is that to be expected? | [16:13] |
| *** | cedwards has quit IRC (Changing host)
cedwards has joined #arpnetworks | [16:16] |
| .......... (idle for 46mn) | ||
| AndrewBC has quit IRC (Ping timeout: 240 seconds)
AndrewBC has joined #arpnetworks | [17:02] | |
| ................. (idle for 1h24mn) | ||
| ziyourenxiang has joined #arpnetworks | [18:30] | |
| ........... (idle for 52mn) | ||
| cmeiklejohn has joined #arpnetworks
cmeiklejohn has quit IRC (Changing host) cmeiklejohn has joined #arpnetworks heavysixer has quit IRC (Quit: heavysixer) | [19:22] | |
| ....... (idle for 31mn) | ||
| ziyourenxiang has quit IRC (Quit: ziyourenxiang) | [19:55] | |
| ............. (idle for 1h1mn) | ||
| boogeyman has joined #arpnetworks | [20:56] | |
| hsbt has quit IRC (Ping timeout: 248 seconds) | [21:06] | |
| ............... (idle for 1h13mn) | ||
| hsbt has joined #arpnetworks | [22:19] | |
| ...... (idle for 28mn) | ||
| boogeyman has quit IRC (Ping timeout: 265 seconds) | [22:47] | |
| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |