XEN 3.4 with ipv6 routing

01 September 2010 By dopefish 0 In Internet Stuff, Tech

Yes, there are a few postings out there about getting ipv6 routing running with XEN. But I’ll throw this online anyway since there are a few changes I had to make for it to work on my server. This text is intended for people who know their way around Linux and XEN so it will be a bit technical and won’t spell out every single step you have to make.

Most of the changes are based off scripts and information from BenV and wnagele (latter is interesting for me since I am also running XEN on a hetzner server). Have a look at the two links if anything is unclear. Now let’s start the fun :-)

First of all we need IPv6 up and running on the host (dom0). Add the IP and gateway to your /etc/network/interfaces
This is what mine looks like:

 Text |  copy code |? 
1
iface eth0 inet6 static
2
  address     2a01:4f8:100:1123::2
3
  netmask     64
4
  gateway     2a01:4f8:100:1120::1
5
  pre-up ip -6 route add 2a01:4f8:100:1120::1 dev eth0

Check if the IP address is responding to the outside world (e.g. with wiberg.nu/iptools.php), if everything looks ok, proceed …
Now we need to enable a few things to get routing and neighbor discovery running on the host (dom0). Edit your /etc/sysctl.conf and add/change these 2 entries (and while you are at it, set them with “sysctl -w” too):
 Text |  copy code |? 
1
net.ipv6.conf.all.forwarding=1
2
net.ipv6.conf.all.proxy_ndp=1

So, your host should by now be online with ipv6 and soon be able to route packets to it’s guests. By default XEN will only take care of IPv4 when a guest is created, so here is a small patchfile that adds support for IPv6: xen-ipv6-vif-route.patch. The patch changes vif-route and vif-common.sh, while these files may be in different places depending on your distribution, /etc/xen/scripts/ is where they can commonly be found. Download the patch to the directory with the scripts to be changed and execute a “patch -p0 < xen-ipv6-vif-route.patch” (vif-common.sh gets a few new IPv6 functions, and iptables now won’t try to change stuff for IPv6 IPs. vif-route changes are: ndp is enabled for the vif device and the route/neighbor IPv6 settings are set)

So, now that the scripts know how to setup all our IPv6 needs, we need to add the IPv6 IP to our guest settings (.cfg file typically found in /etc/xen/). What we want to change is the “vif” setting. Add the IPv6 IP of the guest to the IPv4 IP (just the IP without the trailing /network, space separated form the IPv4 IP):

 Text |  copy code |? 
1
vif = [ 'mac=B1:A3:3F:25:11:B8, ip=2a01:4f8:100:1123::5 188.40.34.101' ]

Now you can create the guest(domU) and add the IPv6 IP to the /etc/network/interfaces of the guest if you haven’t so already (it uses the host (dom0) as the gateway).

 Text |  copy code |? 
1
2
  iface eth0 inet6 static
3
  address     2a01:4f8:100:1123::5
4
  netmask     64
5
  gateway     2a01:4f8:100:1123::2
6


Restart the networking on the guest (or reboot it) and you should now be able to ping the guest from the internet. See, easy wasn’t it :-) 

					
					
Continue reading

		
					
, , , , 

					
				

				
				

				

				
			

			
						
				
			

				
				
Script of the day – clean up stale .ssh/known_hosts

				
				

					19 August 2010
					By dopefish
					0
					In Internet Stuff, Tech
									

				
				

				
					
This little script takes an IP or hostname as a parameter, and if there is an offending key in the .ssh/known_hosts it removes it and replaces it with the current valid one useful if you are moving/reinstalling a large amount of servers …


 Bash |  copy code |? 
01
02
#!/bin/bash
03
#===============================================================================
04
#          FILE:  ssh-cleankey.sh
05
#         USAGE:  ./ssh-cleankey.sh <ip|hostname>
06
# 
07
#   DESCRIPTION:  deletes stale ssh known_hosts entries
08
#===============================================================================
09
 
10
# true or fasle
11
VERBOSE=false
12
 
13
#=== Exit codes ================================================================
14
# 1 - Not a valid IP or not reachable
15
#===============================================================================
16
 
17
#===  FUNCTION  ================================================================
18
#          NAME:  print_help
19
#   DESCRIPTION:  Prints help and exits
20
#===============================================================================
21
print_help() { #{{{
22
	echo "Usage: `basename $0` <ip|hostname>"
23
	echo ""
24
	echo "e.g. ./`basename $0` 1.2.3.4"
25
	echo ""
26
	exit 0
27
} #}}}
28
 
29
if [[ $# -eq 1 ]]
30
then
31
	HOST="${1}"
32
else
33
	print_help
34
fi
35
 
36
ping -w1 -c1 $HOST >/dev/null 2>&1
37
if [[ $? != 0 ]]
38
then
39
	$VERBOSE && echo "ERROR: $HOST is either not a valid IP/hostname, or is not reachable via ping"
40
	exit 1
41
fi
42
 
43
Check=$(ssh -o connecttimeout=10 -o stricthostkeychecking=no $HOST true 2>&1|grep -c "Offending key")
44
if [[ $Check -gt 0 ]]
45
then
46
	$VERBOSE && echo "$HOST is stale, updating known_hosts"
47
	ssh-keygen -R $HOST >/dev/null 2>&1
48
	ssh -o connecttimeout=10 -o stricthostkeychecking=no $HOST true >/dev/null 2>&1
49
else
50
	$VERBOSE && echo "$HOST is OK"
51
fi
52
 
53
exit 0
54

					
					
Continue reading

		
					


					
				

				
				

				

				
			

			
						
				
			

				
				
Checking a list of IPs against RBL

				
				

					10 August 2010
					By dopefish
					0
					In Tech
									

				
				

				
					
This is more a reminder to myself than anything else … this is small snippet that takes a list of IPs and does a whois on all that aren’t in a RBL


Lets say we have al list of IPs in a file “iplist.txt”:


 Text |  copy code |? 
1
12.172.121.171
2
24.149.208.68
3
38.105.100.9
4
58.185.207.86
5
61.201.51.66
6
64.78.164.169


Snippet that checks the IPs (can of course be easily changed to check IPs that are IN a RBL)


 Bash |  copy code |? 
1
for ip in $(cat iplist.txt)
2
do 
3
  test $(/usr/bin/rblcheck -qm ${ip}) && continue || clear 
4
  whois $ip 
5
  printf "###########################\n##### %15s #####\n###########################\n" "${ip}"
6
  read
7
done

					
					
Continue reading

		
					


					
				

				
				

				

				
			

			
						
				
			

				
				
Hiking & castle ruins

				
				

					08 August 2010
					By dopefish
					0
					In Me
									

				
				

				
					
We did a bit of hiking through the forest to castle ruins yesterday, here are the pictures …



         

					
					
Continue reading

		
					
, , 

					
				

				
				

				

				
			

			
						
				
			

				
				
bash: using the content of a variable as variable name

				
				

					05 August 2010
					By dopefish
					0
					In Programming
									

				
				

				
					
Since the implementation of Arrays in Bash is somewhat lacking compared to higher level programming languages (only one-dimensional), and hash lists require a bit of work to set up, you may run into a situation where you have a small list of key/value pairs that are both variable and you need to store.

There are various solutions for the problem, e.g. creating two arrays (one for the keys, one for the values, and combining them by using the same index values for the entries), or using the functions from the link above to build a hash list. For me the easiest way to solve the problem, if I only have a few variables and don’t want to bloat the code, is to (mis)use declare. declare is intended for setting the type of a variable (constant, array, integer,…), but has the nice side affect that you can use variables in the key name, and you can set the value of the variable.


usage:


 Bash |  copy code |? 
1
declare ${Key}=${Value}


Example:

$File_Config is variable holding the name of a configfile, the content of the file could look like this:


 Text |  copy code |? 
1
foo:one
2
bar:three
3
foobar:bignumber


Snippet:


 Bash |  copy code |? 
01
if [[ -e "${File_Config}" ]]
02
then
03
  while read line
04
  do
05
    Key="${line%%:*}" # chop off everything after the first :
06
    Value="${line#*:}" # chop off everything before the first : 
07
    Value="$(echo ${Value}|sed 's#^ +##g;s# +$##g')" # chop off any excess whitespace
08
    if [[ "${Key}" != "" && "${Value}" != "" ]] # only continue if we have something to do
09
    then
10
      declare Configuration_${Key}="${Value}"
11
    fi
12
  done < "${File_Config}"
13
fi


after the snippet has read the configfile, you can use $Configuration_foo, $Configuration_bar and $Configuration_foobar in your script. The keynames could also have came from a mysql query, array, command line args, …

					
					
Continue reading

		
					


					
				

				
				

				

				
			

			
						
		
		 
						
			

				
				prev posts							

			
		
	
			
		

		
		
	



	




	
Performance Optimization WordPress Plugins by W3 EDGE