|
jukie.net /
~bart /
blog [ 20110616180255 ] HDD -> SDD [ 20110517204617 ] how to manually create a 6in4 tunnel [ 20110501202915 ] Presentation slides published! [ 20110320190458 ] What is IPv6, and why should I care? [ 20110309230106 ] Ottawa IPv6 Summit 2011 [ 20110309225149 ] I am now an IPv6 Sage [ 20101214145558 ] It's a Holiday Miracle [ 20101103095130 ] ipv6 on your desktop in 2 steps [ 20101020113026 ] growing a live LVM volume [ 20100915175649 ] distributing DNS list through radvd [ 20100908173402 ] Canadian ipv6 drought [ 20100903190623 ] ipv6 certification [ 20100723192259 ] m4a to mp3 [ 20100723134522 ] git 1.7.2 is out [ 20100523092001 ] console=ttyS0 with grub2 [ 20100426162644 ] How many times is my function used within an executable? [ 20100412100135 ] vmlinux on Ubuntu [ 20100328152951 ] where your WIND coverage ends [ 20100326113354 ] Nexus One live in Ottawa on WIND Mobile [ 20100311133411 ] the WIND excitement [ 20100302160743 ] sata hotswap pico-HOWTO [ 20100227093435 ] serving http content out of a git repo [ 20100225104049 ] pimped out zsh prompt [ 20100221184126 ] live termcasting of your terminal over telnet [ 20100215083725 ] Debian on UBIFS upgrade on SheevaPlug [ 20100214205532 ] nexus one [ 20100130150527 ] skype on Debian Linux (64bit) [ 20100125191021 ] I am so peeved at Rogers [ 20091205130455 ] running really nice [ 20091120225902 ] notmuch for vim [ 20091113102221 ] squid and apt [ 20091104195344 ] using WIP branches to save every edit [ 20091104194146 ] using git workflows to avoid loosing intermediate changes [ 20091019183503 ] reflections on ACM Reflections [ 20091013174248 ] bacula rejected Hello command [ 20091007235046 ] pimping out git log [ 20091002094400 ] virtualization primer [ 20090922110756 ] adding an external encrypted volume under Debian [ 20090905112529 ] the dreaded process of rooting Rogers Dream [ 20090830174551 ] Cyanogen's recipe for Cupcake/Donut-like pastry [ 20090827100232 ] simpler android rooting [ 20090821095427 ] androids don't like water [ 20090820215358 ] prettier function tracing [ 20090816151854 ] Baking a cupcake [ 20090814131559 ] Hello Android! [ 20090813100025 ] sim unlocking a G1 [ 20090731185522 ] rooting the droid [ 20090727210307 ] getting into android [ 20090714094340 ] importing an old project into git [ 20090702113222 ] Why pick Git? [ 20090628131255 ] select loop for X events [ 20090625181315 ] portable printf [ 20090623225800 ] switching to uzbl [ 20090622223147 ] Linux Symposium [ 20090622214023 ] bringing git-format-patch to bzr [ 20090612215638 ] nfs local caching with fscache and cachefilesd on Lenny [ 20090610202041 ] Scott Chacon smacks git around [ 20090610150039 ] how would you read a file into an array of lines [ 20090609215141 ] libguestfs [ 20090609000208 ] tiding up the PATH [ 20090608232531 ] only showing relevant messages in mutt by default [ 20090608010405 ] git-vim hacking [ 20090530223801 ] mark-yank-urls [ 20090509212648 ] wmiirc-lua v0.2.8 release [ 20090509113125 ] wmiirc-lua moving to github [ 20090504101605 ] two terminals one PWD [ 20090501172645 ] splitting files out of a commit [ 20090409155905 ] git workflow [ 20090401112030 ] how old are these files in git? [ 20090330181138 ] sles 11 on kvm [ 20090323194942 ] android true type font [ 20090322203939 ] popen with stdin, stdout, and stderr [ 20090320214228 ] shrinking URLs [ 20090304004744 ] readlater [ 20081112150409 ] splitting patches with git [ 20081011081638 ] creating busybox symlinks [ 20081002215121 ] wmiirc-lua v0.2.5 release [ 20080916155113 ] git-svn strangeness [ 20080915112959 ] installing git man pages quickly [ 20080913112345 ] wmiirc-lua v0.2.4 release [ 20080825100454 ] Kernel Walkthroughs - booting [ 20080813210205 ] Linux Kernel Booting [ 20080719211329 ] printable OLS/2008 schedule [ 20080715214447 ] wmiirc-lua updates [ 20080713194704 ] Git Screencast [ 20080713143429 ] four steps to reproducible Debian installs [ 20080705150651 ] USB2.0 enclosure benchmark [ 20080703230924 ] Linux Kernel Walkthroughs posted [ 20080702113602 ] Introducing the Ottawa Ruby folks to Git [ 20080628160732 ] Authenticating Linux against OSX LDAP directory [ 20080627142123 ] Canada Day Events 2008 [ 20080613162541 ] Linux Kernel Walkthroughs [ 20080510083828 ] is my usb device connected to a fast port? [ 20080509111534 ] show more git info on zsh prompt [ 20080430104202 ] git-vim [ 20080412100337 ] color your word [ 20080404105620 ] show current git branch on zsh prompt (2) [ 20080303200359 ] how to track multiple svn branches in git [ 20080301134220 ] fixing X for GeodeLX [ 20080108002540 ] kvm nfs hang [ 20080107160836 ] screen -c relative path bug [ 20080105132854 ] WeeChat spell suggestions [ 20071219221358 ] show current git branch in zsh [ 20071217141037 ] wmiirc-lua kitchen sink repository [ 20071212100316 ] protecting sshd from OOM killer [ 20071204234232 ] wmiirc-lua v0.2.1 remembers a bit more [ 20071013205336 ] wmiirc-lua v0.2 has suspend and raw modes [ 20070929112345 ] wmiirc-lua debianization [ 20070924104140 ] zsh tip of the day - global aliases [ 20070915094213 ] wmiirc-lua v0.1.1 [ 20070913130838 ] comparing two directories [ 20070909204125 ] git-rebase --interactive [ 20070908115905 ] zsh tab completion awesomeness [ 20070902000736 ] wmiirc in lua [ 20070831150306 ] debugging with -dbg libraries [ 20070831142646 ] svn status like output in git [ 20070829141847 ] Git Cheat Sheet [ 20070821142038 ] switching to abiword [ 20070811105746 ] forwarding ssh and X through screen [ 20070807112531 ] git-svnup [ 20070724082355 ] reducing power consumption [ 20070722123734 ] Makefile template [ 20070722002649 ] less, colourful [ 20070719162359 ] irssi docs [ 20070716114553 ] qemu eats up /dev/shm [ 20070710214512 ] git-clean in svn land [ 20070705113139 ] ipw2200 not working [ 20070627191916 ] git slides updated [ 20070618220649 ] unpopular debian packages on my system [ 20070611125852 ] git-svn with multiple branches [ 20070517085321 ] Linus on Git at Google [ 20070510134551 ] vim modelines insecure [ 20070504205042 ] bios disassembler [ 20070504124124 ] dd hex arguments [ 20070503013555 ] urxvt mouseless url yanking [ 20070502211941 ] gitdiff.vba v2 [ 20070419234350 ] india [ 20070418155857 ] zsh fun [ 20070418143632 ] pipe to pastey.net [ 20070418094151 ] vimgrep alias [ 20070416202545 ] mouse-free [ 20070406141850 ] ATA messages via SCSI layer [ 20070330221019 ] GITDiff vim plugin [ 20070329011735 ] git presentation for OCLUG [ 20070328123631 ] fixing vim's [[ and ]] for bad code [ 20070316092236 ] pxeboot and nfsroot with debian [ 20070312134706 ] etc snapshots with git [ 20070307004041 ] remote power switch [ 20070222215355 ] klips-less openswan git tree [ 20070221041316 ] git caching for v1.5.x [ 20070218002214 ] klips loses zlib [ 20070209172606 ] vim and linux CodingStyle [ 20070207205427 ] my kqemu install [ 20070204100100 ] leaner meaner openswan [ 20070115111917 ] wmii+ruby xlock action [ 20070112131252 ] cloning xterms in wmii+ruby [ 20070102010551 ] wmii+ruby talk for OCLUG [ 20061228220641 ] dump and restore [ 20061218100219 ] C style [ 20061101002027 ] fetching all git branches from remote [ 20061028111607 ] local caching for git repos [ 20061020145437 ] automatic version creation with git [ 20061018213306 ] wmii w/ ruby wmiirc [ 20061018201907 ] small fonts [ 20061007151802 ] google-codesearch from vim [ 20060928020813 ] shell commands [ 20060920093957 ] letting screen apps use the ssh-agent [ 20060908223613 ] mpdscribble stream support [ 20060907125149 ] glGo on ubuntu/dapper amd64 [ 20060906163240 ] lbdb and mutt [ 20060902145643 ] vim tutorial [ 20060902135722 ] fixing your terminal [ 20060828124713 ] apt-get pdiffs [ 20060824224842 ] 256 colour xterms [ 20060824152658 ] dynamic IPcomp [ 20060824145428 ] inkscape++ [ 20060818150516 ] tags/cscope for system headers [ 20060805131557 ] opteron 170, part 4 [ 20060805101941 ] opteron 170, part 3 [ 20060803233234 ] opteron 170, part 2 [ 20060802210126 ] opteron 170 [ 20060729144129 ] OLS keysigning / 2006 [ 20060728105500 ] git-find findings [ 20060727162941 ] starting on git-find [ 20060727113632 ] git-graft and git-find brainstorm [ 20060726224531 ] pretty function tracing [ 20060713174723 ] uml and multiple network segments [ 20060707182236 ] lastfm artist and title to clipboard [ 20060706162256 ] reverting a git changeset [ 20060629212003 ] user #3 [ 20060628083456 ] firefox crashes with form input [ 20060612222204 ] ldap account management [ 20060612194523 ] stupid ldap [ 20060608092157 ] rpm hell is right [ 20060605095726 ] OpenSSH VPNs [ 20060604114317 ] Lenovo lost a customer [ 20060601234010 ] generating html colourized sourcecode [ 20060601211716 ] ion3 greatness and acting on X selections [ 20060526085644 ] software RAID10 performance [ 20060525234148 ] learning to love git [ 20060524121638 ] recent vim7 articles [ 20060516095748 ] bootstrapping debian on my sbc [ 20060428145140 ] entropy injection [ 20060423140628 ] Adam [ 20060414202507 ] converting mp3s to CD [ 20060413232836 ] secure apt-get [ 20060412194423 ] xen domain0 on debian [ 20060410220525 ] LVM2 on RAID1 mirror [ 20060410102824 ] building a RHEL4 kernel w/ kdb support [ 20060407230939 ] xen on debian [ 20060407230818 ] Upgraded look [ 20060330131334 ] Flattered by a copy [ 20060328165153 ] vim7 from source [ 20060308123539 ] Perl, Catalyst, CPAN, and Debian [ 20060308123302 ] last.fm [ 20060128124841 ] carcassonne and zombies [ 20060120135931 ] Election Humour [ 20050925130002 ] ldap on debian [ 20050528190034 ] Error while mapping shared library sections [ 20050124130158 ] IRC over email gateway [ 20050110225522 ] brute force attacks sshd? [ 20050108095026 ] LDAP authentication (part 1) [ 20041124130146 ] sawfish workspace themes [ 20041113082651 ] Mini-DV to divx using mencoder [ 20041004084525 ] notes on vserver [ 20040922104334 ] fast kernel logging [ 20040803104122 ] Digital Rebel for sale... GONE [ 20040714202912 ] OpenOffice resources [ 20040603175746 ] photo editing [ 20040601082817 ] WRT54G [ 20040503205227 ] Digital Rebel [ 20040420200136 ] Open Office templates [ 20040326082602 ] bash vi editing mode [ 20040315204142 ] debian install CDs [ 20040312155542 ] change of jobs [ 20040308091554 ] spamassasin extras [ 20040305163216 ] cool debian tools [ 20040305155708 ] first post! |
| ||||||||||||||||
|
After reading and hearing everyone raving about SSDs for a couple of years it was hard to resists the upgrade. So I got an [Intel SSD 510 120GB](http://www.techspot.com/review/387-intel-510-ssd/page4.html) to replace my Seagate 2.5" laptop HDD. The prices in the ~120GB SSD category are pretty close. I chose the Intel based on reading that they have a low failure rate (I was unable to find the soruce when writing this up). The Thinkpad X61 only has SATA-II; the drive supposedly has better performance on SATA3. UPDATE: [Samat K Jain](http://samat.org/) points out that "the ThinkPad X61 is limited to 1.5 Gbps, even with SATA-II (Lenovo's excuse: power saving, by keeping bus clocks down)". Lots of discussion about that [on the net](http://www.google.com/search?q=ThinkPad+X61+SATA). My setup... * Thinkpad X61 w/ 4G of RAM * Linux 2.6.39 * XFS on encrypted LVM (default Debian install) Here are the summarized bonie++ results.
Detailed results follow. ### SATA connected... * HDD (direct, internal SATA) ------Sequential Output------ -Per Chr- --Block-- -Rewrite- K/sec %CP K/sec %CP K/sec %CP 507 96 40777 9 18916 4 21918us 30049ms 4885ms ------Sequential Create------ -Create-- --Read--- -Delete-- /sec %CP /sec %CP /sec %CP 4205 33 +++++ +++ 7906 56 323ms 361us 36194us --Sequential Input- -Per Chr- --Block-- K/sec %CP K/sec %CP 1188 98 50883 6 28682us 427ms --Random- --Seeks-- /sec %CP 115.7 3 1258ms --------Random Create-------- -Create-- --Read--- -Delete-- /sec %CP /sec %CP /sec %CP 4969 41 +++++ +++ 8127 58 33240us 248us 17470us 1.96,1.96,oxygen,1,1308235638,8G,,507,96,40777,9,18916,4,1188,98,50883,6,115.7,3,16,,,,,4205,33,+++++,+++,7906,56,4969,41,+++++,+++,8127,58,21918us,30049ms,4885ms,28682us,427ms,1258ms,323ms,361us,36194us,33240us,248us,17470us * SDD (direct, internal SATA) $ bonnie++ ... ------Sequential Output------ -Per Chr- --Block-- -Rewrite- K/sec %CP K/sec %CP K/sec %CP 699 98 76504 11 33240 5 13000us 138ms 3195ms ------Sequential Create------ -Create-- --Read--- -Delete-- /sec %CP /sec %CP /sec %CP 1685 18 +++++ +++ 1566 15 19248us 347us 16185us --Sequential Input- -Per Chr- --Block-- K/sec %CP K/sec %CP 1766 98 89495 9 9253us 115ms --Random- --Seeks-- /sec %CP 8242 156 18453us --------Random Create-------- -Create-- --Read--- -Delete-- /sec %CP /sec %CP /sec %CP 1442 16 +++++ +++ 1407 14 16373us 1645us 40035us 1.96,1.96,oxygen,1,1308421092,8G,,699,98,76504,11,33240,5,1766,98,89495,9,8242,156,16,,,,,1685,18,+++++,+++,1566,15,1442,16,+++++,+++,1407,14,13000us,138ms,3195ms,9253us,115ms,18453us,19248us,347us,16185us,16373us,1645us,40035us ### USB connected... * HDD (external USB encolosure) $ bonnie++ ... TBD * SDD (external USB encolosure) $ bonnie++ ... ------Sequential Output------ -Per Chr- --Block-- -Rewrite- K/sec %CP K/sec %CP K/sec %CP 236 97 27309 5 14605 4 49235us 6536ms 6152ms ------Sequential Create------ -Create-- --Read--- -Delete-- /sec %CP /sec %CP /sec %CP 9045 58 +++++ +++ 12715 76 181ms 653us 362us --Sequential Input- -Per Chr- --Block-- K/sec %CP K/sec %CP 759 99 39972 4 15913us 17705us --Random- --Seeks-- /sec %CP 1667 36 507ms --------Random Create-------- -Create-- --Read--- -Delete-- /sec %CP /sec %CP /sec %CP 11224 70 +++++ +++ 13911 87 3317us 73us 3122us 1.96,1.96,oxygen,1,1308279549,8G,,236,97,27309,5,14605,4,759,99,39972,4,1667,36,16,,,,,9045,58,+++++,+++,12715,76,11224,70,+++++,+++,13911,87,49235us,6536ms,6152ms,15913us,17705us,507ms,181ms,653us,362us,3317us,73us,3122us |
| ||
|
I'm doing some IPv6 codig for a client and needed to setup a bunch of [6in4](http://en.wikipedia.org/wiki/6in4) tunnels. Thre are many ways to do this through distribution init scripts ([Debian](http://wiki.debian.org/DebianIPv6), [Fedora](http://dice.neko-san.net/2011/03/fedora-sysconfig-for-6in4-tunnel-router/)), but I wanted something less permanent and more dynamic for testing. The procedure can be summarized in these steps: - create a tunnel `mytun` between local `1.1.1.1` and remote `2.2.2.2` ip tunnel add mytun mode sit local 1.1.1.1 \ remote 2.2.2.2 ttl 64 dev eth0 - give the local end an address ip addr add dev mytun f8c0::1.1.1.1/64 - bring up the tunnel ip link set dev mytun up And here is a script that builds both ends of the tunnel: [mk6in4tun](http://git.jukie.net/snippets.git/tree/mk6in4tun/mk6in4tun) ./mk6in4tun 2.2.2.2 ### tunnel topology [f8c0:69bd::1.1.1.1] 1.1.1.1 (eth0) <======> (???) 2.2.2.2 [f8c0:69bd::2.2.2.2] ### local setup ### sudo modprobe ipv6 sudo ip tunnel add tun69bd mode sit local 1.1.1.1 remote 2.2.2.2 ttl 64 dev eth0 sudo ip addr add dev tun69bd f8c0:69bd::1.1.1.1/64 sudo ip link set dev tun69bd up sudo iptables -I INPUT -s 2.2.2.2 -d 1.1.1.1 -p 41 -j ACCEPT ### remote setup ### sudo modprobe ipv6 sudo ip tunnel add tun69bd mode sit local 2.2.2.2 remote 1.1.1.1 ttl 64 sudo ip addr add dev tun69bd f8c0:69bd::2.2.2.2/64 sudo ip link set dev tun69bd up sudo iptables -I INPUT -s 1.1.1.1 -d 2.2.2.2 -p 41 -j ACCEPT ### taredown instructions ### sudo ip tunnel rem tun69bd |
| ||
|
What a busy week! As the dust of the (extremely) well attended [Ottawa IPv6 Summit](http://ipv6summit.ca) settles, we are working through some post conference tasks. I've just updated the presentation page on the site to include the slide decks of most of the presentations. I am still waiting for files from few speakers. You view the ones which are available on [the presentation page](http://ipv6summit.ca/index.php/v6/2011/schedConf/presentations). As you may have noticed -- if you were lucky to get in before we sold out -- the talks were recorded. The results of the recordings will go up on our website within a few weeks.  [Summit photos](http://tricolour.net/photos/2011/04/29/ipv6_summit.html) courtesy of [RGB](http://tricolour.net) |
| ||
|
[ NOTE: this article began as the front page of the [IPv6 Summit.ca](http://ipv6summit.ca) website ] Whenever you use the Internet, you are using an Internet Protocol (IP) - a set of rules for communication between computers. Internet Protocol Version 6 (or IPv6 for short) is an upgrade to the most widely available Internet Protocol (version 4, or IPv4). These Internet Protocols are used to assign each computer with an address (called an IP address) that uniquely identifies it on the Web and allows other computers to communicate with it. IPv6 has arrived. Are you prepared? But IPv4 was designed in 1980, before the explosion of the Internet and the advent of Internet-connected portable devices like cell phones, tablets, e-book readers, etc. It only has enough addresses for about 4 billion devices. The population of our planet well exceeds 6 billion, and with more people getting connected to the Internet every day, IPv4 simply cannot keep up. At the current rate of consumption of IPv4 addresses, we will run out in mid-2011. Currently, due to this shortage, any organization building a large new network has no option but to use IPv6. Soon, newcomers will likewise face a choice between IPv6 or no internet connection at all. Moving to IPv6 now will: - Avoid substantial cost increases for IPv4 addresses as they become increasingly unavailable - Avert expensive last-minute IPv6 deployment, costly in terms of time, energy, wages, and potential errors or security risks; it has been demonstrated that conversion costs are minimal when a planned and careful migration is phased in over an extended period of time - Maintain your organization's competitive edge by ensuring interoperability with the latest technologies IPv6 also holds some distinct advantages over IPv4. It: - Provides plentiful addresses, enough so that one need not worry about running out (over 340 trillion trillion trillion!) - Allows for more flexible network design, potentially translating into savings in design, deployment and operational costs - Eliminates the need for network address translation (NAT) - Improves quality of service - Adds support for address mobility - an address follows a device wherever it goes - Makes small network setups a breeze - Improves support for mobile IP and mobile computing devices To find out more, join us at the Ottawa IPv6 Summit 2011.  |
| ||
|
In the summer of 2010 a half dozen [OCLUG](http://oclug.on.ca) members decided it would be a good idea to put on an IPv6 conference for Ottawa. I was one of those people! At the time IANA still had lots of IPv4 addresses, but it was projected to run out in May of 2011. It seemed that no one in Canada was doing anything about it, and people needed to be educated. And so, the [IPv6summit.ca](http://ipv6summit.ca) was born. Here is the official description from our webiste...
We knew that managers didn't like talks about packets, and developers didn't want to hear about the fiscal plan. To prevent people from falling asleep we split the conference into a couple of streams: - Technical: come here if you like packets and config files, - Management/Business: come here if you don't. - Demos/Tutorials: come here if you want to show things off. Around December we were graciously offered to use the new [Telfer](http://www.telfer.uottawa.ca) facilities ([The Desmarais Building](http://www.telfer.uottawa.ca/en/the-desmarais-building)) at the University of Ottawa.  We still have a few spots for speakers, and our [Call For Presentations](http://ipv6summit.ca/index.php/v6/2011/schedConf/cfp) is open. If you know anyone that you'd like to hear speak about IPv6 [let us know](mailto:info@ipv6summit.ca). The final speaker list is not yet public, but we have talks being given by some very prominent figures from important Internet agencies (ARIN, CIRA, HE.net, and more). Registration will likely open this week. Please stay tunned. In the meantime you can sign up for updates on our media sites...     Hope to see you at the conference in April! |
| ||
|
Long time no blog... I've been realy busy getting the [Ottawa IPv6 Summit](http://ipv6summit.ca) off the ground (along with [several other people](http://ipv6summit.ca/index.php/v6/2011/about/organizingTeam) from [OCLUG](http://oclug.on.ca)). I'll have to blog about that soon. Anyway... I've also been learning a lot more about IPv6. Which reminded me that I never finished my [IPv6 Certification](http://ipv6.he.net/certification/cert-main.php) from [Hurricane Electric](http://he.net/). I stopped at the Guri level because getting Sage (the top level) meant that I would have had to have a [sane domain name registrar](http://www.jukie.net/~bart/blog/20100908173402). I actually registered *ipv6summit.ca* with [BareMetal.com](http://BareMetal.com), and so I already had an [IPv6 Glue record](http://www.sixxs.net/faq/dns/?faq=ipv6glue) for this domain. # whois ipv6summit.ca Domain name: ipv6summit.ca ... Name servers: ns.ipv6summit.ca 70.38.99.170 2001:470:1c:1cb::6:0 Anyway, long story short... I am now a *Sage*! Woot! |
| ||
|
I just switched to the *Holiday Miracle Plan* from [WindMobile.ca](http://windmobile.ca). I thought I'd mention it since it's not advertised, but a fantastic deal. You have to sign up by December 26th, but you get to keep this rate for as long as you are a customer. In short: it's unlimited-everything for $40/month. It's Wind, so there are no contracts, hidden fees, or strings attached. Here are the details... * Unlimited Canada-wide calling * Unlimited US Long Distance * Unlimited Canada/US Text messaging * Unlimited Canada/US MMS (picture messaging) * Unlimited Global Text Messaging * Caller ID * Unlimited WIND to WIND calling * Call Waiting, Call Forwarding, 3-Way calling * Voicemail * Infinite BlackBerry or Infinite Mobile (depending on the device) |
| ||
|
Some people have been telling me that they "have no time" or "are too lazy" to setup IPv6 on their desktop, but would like to. Below are 2 easy steps to get IPv6 running on your Debian Linux sytem (shoudl be identical on Ubuntu, and similar distros). If you're not running Linux, check out these pages instead: [MacOS X](http://www.deepdarc.com/miredo-osx/), [Windows](http://pugio.net/2007/07/howto-enable-ipv6-the-teredo-w.html). ### 1 - security At present, most of the home users use NAT. This means that connections from outside to your network are mostly impossible. This provides some sense of pseudo-security. With IPv6, you get full connectivity between all systems on the network. Do you really want everyone in the world to be able to ssh to your sytem? Mabye not. Here is a simple way to add *stateful firewalling* to your IPv6 setup. This setup will permit connections you initiate, but drop connections from outside. * Put [this script](http://git.jukie.net/snippets.git/plain/ultra-simple-stateful-firewall/etc/network/if-pre-up.d/iptables) in `/etc/network/if-pre-up.d/iptables` and make it executable: `chmod +x /etc/network/if-pre-up.d/iptables` * Put [the IPv6 firewall config](http://git.jukie.net/snippets.git/plain/ultra-simple-stateful-firewall/etc/default/ip6tables) in `/etc/default/ip6tables`. (lines that start with a *#* are comments... read them) * Load the firewall rules: `sudo ip6tables-restore < /etc/default/ip6tables` (it will start up on the next boot automatically) You don't have connectivity yet, but the firewall is now configured. If you like the idea of a stateful firewall for your IPv4, grab the [the IPv4 firewall config](http://git.jukie.net/snippets.git/plain/ultra-simple-stateful-firewall/etc/default/iptables) and put it in `/etc/default/iptables`. this may break your connectivity since it's very restrictive... read the file before you decide to use it. ### 2 - miredo [Miredo](http://www.remlab.net/miredo/) is a program that implements [Teredo tunneling](http://en.wikipedia.org/wiki/Teredo_tunneling) for UNIX systems. Toredo is by far the easiest way to get IPv6 on your system, and Miredo is the easiest way to do that on Debian. sudo apt-get install miredo sudo /etc/init.d/miredo restart In seconds you'll be connected and you'll be able to verify your IPv6 connectivity. ping6 ipv6.google.com If you want to know what dynamic IPv6 address miredo gave you, you can run this: ip -6 ad show dev teredo | awk '/^ *inet6 / { print $2 }' The address that starts with `2` is your public address. The address started with `fe80::` is [Link-local address](http://en.wikipedia.org/wiki/Link-local_address#IPv6) and is not used for communicating with hosts on the internet, but rather to talk to routers. |
| ||
|
I have an LVM volume, with xfs on it, that is almost full: $ df /scratch -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/vg-scratch 180G 175G 5.4G 98% /scratch $ sudo lvdisplay /dev/mapper/vg-scratch ... LV Size 180.00 GB ... But I have some more space in the physical volume. Let's grow the logical volume. First, let's grow the volume by 20G... $ sudo lvresize -L +20G /dev/mapper/vg-scratch Extending logical volume scratch to 200.00 GB Logical volume scratch successfully resized $ sudo lvdisplay /dev/mapper/vg-scratch ... LV Size 200.00 GB ... Next, let's tell the XFS file system to fill in the space... $ sudo xfs_growfs /scratch ... data blocks changed from 47185920 to 52428800 $ df /scratch -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/vg-scratch 200G 175G 26G 88% /scratch |
| ||
|
If you have an IPv6 Linux network at home, you probably have a Linux host on the perimeter that's running [radvd](http://www.litech.org/radvd/) -- this is the server that responds to IPv6 neighbour discovery (ND) requests, distributes the *default route* to all your hosts, and tells your hosts how to auto configure themselves. All these tasks were handled by the *DHCP* server, albeit a lot differently, in the good old days. The one other thing that `dhcpd` did for us was to tell all the hosts where the DNS servers were. So, do I need to run the IPv6 version of `dhcpd` AND `radvd`? It turns out that `radvd` can perform the task of domain name server distribution. [RFC 5006](http://tools.ietf.org/html/rfc5006) extends the features of the ND protocol to also send out *RDNSS* (or "*recursive DNS server*" info). Say, I have a simple ipv6 router with `eth0` pointing out, and `eth1` pointing in. Here is an example configuration for `radvd` (*/etc/radvd.conf*). interface eth1 { AdvSendAdvert on; prefix 2001:470:ffff::/64 { # this is my internal network prefix AdvOnLink on; AdvAutonomous on; AdvRouterAddr on; }; RDNSS 2001:470:ffff::1 2001:470:ffff::2 { # I have 2 DNS servers # I have no options to add here }; }; Most of the things that `radvd` sends out is consumed by the Linux kernel. But domain name resolution happens in user space. The kernel just ignores the *RDNSS* stuff. What you need to install is a daemon that listens for this info and updates your `/etc/resolv.conf` files. That daemon is [rdnssd](http://rdnssd.linkfanel.net/). # apt-get install rdnssd ... It may take a while, but as soon as the `radvd` server sends out it's broadcast, all systems running `rdnssd` will learn of the new DNS hosts. The `/etc/rdnssd/merge-hook` script will be called to update `/etc/resolv.conf`. |
[ next ]