2012-12-25

A quick guide to setting up a IPv6 Tunnel using public 6to4 relays under GNU/Linux

Setting up a 6to4 tunnel will allow IPv6 (or dualstack) hosts on networks that only have Public IPv4 addresses to access sites and services that are available via IPv6. The main steps are calculating the IPv6 version of your Public IPv4 address; establishing a 6to4 tunnel to one of the free IPv6 relays available; and configuring the local network to route IPv6 via the tunnel.


Overview of the Topology

  


  

2012-12-17

Half-arsed Home Cisco Lab


For a little bit of extra practice before the CCNA exam, I hooked up a small lab with a couple switches bridged to emulated routers (running under GNS3 on the laptop). The reason for the multiple trunks between the switches was to test out Spanning Tree. I was going to setup link aggregation as well, but the 3500XL didn't want to play ball. I found out later that it doesn't support PAgP or LACP, so the method for setting up aggregation is different.

VTP and CDP worked properly overly the bridged link - as they should, but I was expecting something to go wrong for some reason (pessimism?). Minicom also played ball with the USB-to-serial adapter (for the console cable), which is always handy too :)

2012-08-25

SNES Nostalgia Trip

AVGN's latest video has made me nostalgic for all things SNES, so I've drawn up a list of games to revisit. First cab off the rank is Final Fantasy VI, which I've never actually completed due to starting over on multiple platforms. I started on the SNES version, switched to the PS1 release at some point and put most of my hours into the GBA remake (which was very nice but loses a little something on the small screen). I wound up losing track of where I was up to at some point and left it for so long that restarting is probably a decent option anyway.


Other games I plan to get to include: Super Mario RPG, Zelda, Super Metroid and Super Mario World.

2012-08-01

Reports of this SSD's death are greatly exaggerated

I thought for a couple days that the shiny new SSD I'd installed would need to be shipped back due to the intermittent controller errors it was reporting. I hadn't had the time to muck around with it until today, when I opened up the case and found the cause was simply the data cable's connector being slightly faulty to the point where it came partially away from the socket due to the cable tension. So, a new cable later and all is well. On the bright side it also reminded me to move it into the SATA3 port and not the SATA2, which would have been a bit of a waste.

SATA Spaghetti
Now, time to clear up the utter mess I made of the cabling while testing...

2012-06-11

Quick GNS3 Configuration Guide


Download and install GNS3 – it has a lot of dependencies but the installer contains of all of them. Accept all the defaults for the programs it installs (essentially just keep clicking next).

Create Project and Image directories using something simple, like G:\Cisco\Projects and G:\Cisco\IOS. Copy the IOS images (ending in .BIN) to the IOS folder.

Open GNS3, cancel the screen asking to open a project and then click Edit then Preferences. Fill in the project and image directory settings by browsing to the folders you just created:

Click OK to save and exit.




2012-06-10

Remote X11 on Windows using SSH Tunneling

I hadn't used remote X11 for so long I'd just about forgotten how to go about setting it up, so I thought I'd knock up a quick guide (nothing seems to cement something in my head quite like doing a short howto).

Firstly, grab the software you'll need:
  1. Download PuTTY and PuTTYGen from the PuTTY Download Page
  2. Download and install XMing 

Run PuTTYGen and generate a new key (SSH-2 RSA)



Save the private key on your client machine and copy the text from public key to ~/.ssh/authorized_keys on the X11 host.


2012-04-14

Adding 802.1Q Trunking to Debian GNU/Linux

Here's a quick guide to setting up 802.1Q trunking for VLANs on a Debian GNU/Linux box connected to one or more Cisco Catalyst switches, which could then be used as a cheap router replacement.


Configuration on the Debian box:

Add 8021q to /etc/modules so 802.1Q support is enabled at startup. To install it immediately:

# modprobe 8021q

Use vconfig to add the VLANs to the interface you'll be using (if vconfig is missing, run apt-get install vlan):

# vconfig add eth0 2

(In the above, eth0 is the physical interface and 2 is the ID of the VLAN)

Give the interface an IP. Choose an address in the range you've set aside for that particular VLAN. In this example, VLAN 2 is using 192.168.2.0/24.

# ifconfig eth0.2 192.168.2.201 netmask 255.255.255.0


2012-04-11

Netfilter long forgotten


I was lamenting that I'd forgotten far too much about netfilter/iptables so, to jog my memory, I sat down to put together a quick network in VirtualBox. I setup a router/NAT box with one card bridged to my physical network and two cards in two separate Virtual Host-only networks. To keep things nice and distinct, the networks chosen used were 10.0.0.0/24, 172.16.0.0/16 and 192.168.0.0/24.

The simple routing script is below (with all firewall rules removed for brevity):


#!/bin/bash

WAN=eth1
LAN1=eth2
LAN2=eth3

echo 1 > /proc/sys/net/ipv4/ip_forward

# flush everything to being with
/sbin/iptables -F

# setup NAT via $WAN for the two LANs
/sbin/iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
/sbin/iptables -A FORWARD -i $WAN -o $LAN1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i $WAN -o $LAN2 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i $LAN1 -o $WAN -j ACCEPT
/sbin/iptables -A FORWARD -i $LAN2 -o $WAN -j ACCEPT

# inter-LAN routing
/sbin/iptables -A FORWARD -i $LAN1 -o $LAN2 -j ACCEPT
/sbin/iptables -A FORWARD -i $LAN2 -o $LAN1 -j ACCEPT

# make it a policy to drop any traffic not specifically accepted
/sbin/iptables -P FORWARD DROP





When client2 (192.168.0.31) pings a host in the 10.0.0.0 network... :
root@client2:~# ping 10.0.0.210
PING 10.0.0.210 (10.0.0.210) 56(84) bytes of data.
64 bytes from 10.0.0.210: icmp_req=1 ttl=127 time=0.724 ms
64 bytes from 10.0.0.210: icmp_req=2 ttl=127 time=1.05 ms
 

... IPTraf (running on the router) shows traffic being sent/received (10.0.0.55 is the router):
ICMP echo req (84 bytes) from 192.168.0.31 to 10.0.0.210 on eth3
ICMP echo req (84 bytes) from 10.0.0.55 to 10.0.0.210 on eth1
ICMP echo rply (84 bytes) from 10.0.0.210 to 10.0.0.55 on eth1
ICMP echo rply (84 bytes) from 10.0.0.210 to 192.168.0.31 on eth3





Removing the NAT section from the script and adding lines for eth1 has the effect of just routing between the three networks if NAT is undesirable:
/sbin/iptables -A FORWARD -i $LAN1 -o $WAN -j ACCEPT
/sbin/iptables -A FORWARD -i $WAN -o $LAN1 -j ACCEPT
/sbin/iptables -A FORWARD -i $LAN2 -o $WAN -j ACCEPT
/sbin/iptables -A FORWARD -i $WAN -o $LAN2 -j ACCEPT
 



As an additional exercise, I setup Squid on the router and changed the maximum_object_size to 1048576 KB then had the two clients and then the router do an apt-get upgrade one after the other. This saves re-downloading packages that have recently been picked up by the other client. Even with just the three boxes it's a decent download saver, but on a larger network it would be essential. I'll probably switch this over to something like app-cacher-ng as it's actually designed with this in mind. Below is the connections shown in IPTraf (top), Squid's access log (left) and the result of running apt-get upgrade (right):