[opensuse] ipv6 and routing
Hi, Are there any ipv6 guru's here on the list ? My service provider gave me a /56 prefix. My modem picks up everything fine. The next step is configuring my Linux-box as a router between my internal home-network and the modem, so creating a DMZ. My big stumbling point is routing. I can't setup static routes on my modem, so how can I tell it to forward packets destined for the internal network to the linux-box ? I did setup radvd, but AFAIK there is no means to announce where to route packets that are on "internal prefixes". AFAIK radvd just announces that it's a router, not what destinations it handles. Another question is dhcpv6. I got the address of my "external" NIC of the linux-box and prefix for the internal NIC ( = IA_NA and IA_PD) from the modem with dhcpv6-client. But the modem only announces a /62 prefix (not configurable). Is this customary to do ? I mean, I got a /56 prefix but the modem discards 252 prefixes. Or do I have to "recover" these myself, manually, by setting up radvd and/or dhcpv6-server to the internal side ? Pointers to documentation are appreciated. Thanks for your help. Koenraad Lelong -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Koenraad Lelong wrote:
Hi,
Are there any ipv6 guru's here on the list ?
My service provider gave me a /56 prefix. My modem picks up everything fine. The next step is configuring my Linux-box as a router between my internal home-network and the modem, so creating a DMZ. My big stumbling point is routing. I can't setup static routes on my modem, so how can I tell it to forward packets destined for the internal network to the linux-box ? I did setup radvd, but AFAIK there is no means to announce where to route packets that are on "internal prefixes". AFAIK radvd just announces that it's a router, not what destinations it handles.
Does your ISP provide the subnet directly on your modem connection or is it sent to a router? It could be that you just need a switch to connect all your computers with IPv6. RADVD won't do much, unless your Linux box is acting as a router. In my case, I obtain IPv6 via a tunnel, with it's own IPv6 end points. The end point addresses are not within my subnet. Traffic for my subnet is sent to my end point address and then routed to my network. I had to manually set up rules in /etc/sysconfig SuSEfirewall to route and filter traffic for my subnet. RADVD announces the router address for outgoing traffic. Incoming is routed according to interface address, as usual.
Another question is dhcpv6. I got the address of my "external" NIC of the linux-box and prefix for the internal NIC ( = IA_NA and IA_PD) from the modem with dhcpv6-client. But the modem only announces a /62 prefix (not configurable). Is this customary to do ? I mean, I got a /56 prefix but the modem discards 252 prefixes. Or do I have to "recover" these myself, manually, by setting up radvd and/or dhcpv6-server to the internal side ?
The basic user subnet is a /64. Like you, I have a /56 subnet, but that is intended to be split into 256 /64 subnets. Have you asked your ISP's support about this? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 25-04-13 16:07, James Knott wrote:
Koenraad Lelong wrote:
Hi,
Are there any ipv6 guru's here on the list ?
My service provider gave me a /56 prefix. My modem picks up everything fine. The next step is configuring my Linux-box as a router between my internal home-network and the modem, so creating a DMZ. My big stumbling point is routing. I can't setup static routes on my modem, so how can I tell it to forward packets destined for the internal network to the linux-box ? I did setup radvd, but AFAIK there is no means to announce where to route packets that are on "internal prefixes". AFAIK radvd just announces that it's a router, not what destinations it handles.
Does your ISP provide the subnet directly on your modem connection or is it sent to a router? It could be that you just need a switch to connect all your computers with IPv6. RADVD won't do much, unless your Linux box is acting as a router. In my case, I obtain IPv6 via a tunnel, with it's own IPv6 end points. The end point addresses are not within my subnet. Traffic for my subnet is sent to my end point address and then routed to my network. I had to manually set up rules in /etc/sysconfig SuSEfirewall to route and filter traffic for my subnet. RADVD announces the router address for outgoing traffic. Incoming is routed according to interface address, as usual.
Another question is dhcpv6. I got the address of my "external" NIC of the linux-box and prefix for the internal NIC ( = IA_NA and IA_PD) from the modem with dhcpv6-client. But the modem only announces a /62 prefix (not configurable). Is this customary to do ? I mean, I got a /56 prefix but the modem discards 252 prefixes. Or do I have to "recover" these myself, manually, by setting up radvd and/or dhcpv6-server to the internal side ?
The basic user subnet is a /64. Like you, I have a /56 subnet, but that is intended to be split into 256 /64 subnets. Have you asked your ISP's support about this?
Hi, Actually my modem is also a router. It's a "xDSL-router". I also set up a tunnel on my main linux-box, because I don't know how to successfully place a router after a router with ipv6. The tunnel works fine but it's only serving a single subnet/prefix. Now I'm trying to get it working natively, first using another linux-machine so I don't disrupt my working setup. I'll ask my ISP if they can advise. Thanks for your reply. Koenraad -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Koenraad Lelong wrote:
Actually my modem is also a router. It's a "xDSL-router". I also set up a tunnel on my main linux-box, because I don't know how to successfully place a router after a router with ipv6. The tunnel works fine but it's only serving a single subnet/prefix. Now I'm trying to get it working natively, first using another linux-machine so I don't disrupt my working setup.
OK, so they're using a tunnel, not native IPv6. Linux can handle various tunnel types. In addition to installing RADVD, I had to manually add a forwarding rule to /etc/sysconfig/SuSEfirewall2 to forward the subnet to my local network. Here's that line: FW_FORWARD="2001:x:y:z::/56,2000::/3 \ 2000::/3,2001:x:y:z::/56,tcp,imaps \ 2000::/3,2001:x:y:z::/56,tcp,ssh" This is line 592 in that file. As shown, it forwards to and from my subnet and also allows only ssh and imaps incoming. I replaced part of my actual address with x:y:z. If you don't want to filter any protocols, delete everything after /56 on the second line. If you want to filter more, just create additional lines as shown. The usual Yast Firewall filters work fine for traffic destined for the firewall/router computer, but not routing IPv6 traffic to your network. BTW, why are you using dhcp6 for addresses? That's normally not necessary. The router advertises the local network and the computers combine that with their MAC address and/or random number to create a valid IPv6 address. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
BTW, why are you using dhcp6 for addresses? That's normally not necessary. The router advertises the local network and the computers combine that with their MAC address and/or random number to create a valid IPv6 address.
I don't know about Koenraad's situation, but using dhcpv6 is good for allocating static addresses that aren't tied to the NIC. -- Per Jessen, Zürich (21.1°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
James Knott wrote:
BTW, why are you using dhcp6 for addresses? That's normally not necessary. The router advertises the local network and the computers combine that with their MAC address and/or random number to create a valid IPv6 address. I don't know about Koenraad's situation, but using dhcpv6 is good for allocating static addresses that aren't tied to the NIC.
Of course, static configuration will also do that, without going to the trouble of setting up a dhcp6 server. A dhcp6 server is useful for setting up other things, such as pointing to servers for DNS, NTP etc. On my network, I have my own NTP caching DNS servers. On my main computer, I use static configuration, using IPv6 addresses for them. For any computer that uses DHCP to obtain an IPv4 address, also gets the IPv4 addresses for those servers via DHCP4. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
Per Jessen wrote:
James Knott wrote:
BTW, why are you using dhcp6 for addresses? That's normally not necessary. The router advertises the local network and the computers combine that with their MAC address and/or random number to create a valid IPv6 address. I don't know about Koenraad's situation, but using dhcpv6 is good for allocating static addresses that aren't tied to the NIC.
Of course, static configuration will also do that, without going to the trouble of setting up a dhcp6 server.
Setting up a dhcpx server is no trouble, especially if you already have a -4 ditto :-) Managing static allocations is just a lot easier when done from a central place rather than on each individual box.
A dhcp6 server is useful for setting up other things, such as pointing to servers for DNS, NTP etc.
Exactly. -- Per Jessen, Zürich (21.9°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
Managing static allocations is just a lot easier when done from a central place rather than on each individual box.
That's certainly appropriate on a business network, but if at home with only a couple of computers...? Many don't even bother with a DNS server for IPv4, let alone IPv6. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2013-04-26 at 11:03 -0400, James Knott wrote:
Per Jessen wrote:
Managing static allocations is just a lot easier when done from a central place rather than on each individual box.
That's certainly appropriate on a business network, but if at home with only a couple of computers...? Many don't even bother with a DNS server for IPv4, let alone IPv6.
I have seen a home router from a cable ISP (obtained free of charge) with a dhcp4 server that can tie IPs to MACs. But then, it has no DNS server, and the interface is cumbersome: IIRC, it reboots on each entry you add. Those things are only practical with dedicated computers for sites. Although I saw somewhere that you can buy small embedded machines for doing dhcp only. An old PC with Linux is more flexible, but uses more electricity and space. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlF7xEUACgkQtTMYHG2NR9VJbQCfUev7U0dEbpofuEQC0kQc12wi j5QAn3rpSUESwnaZby3MZjXJ6jZITET3 =gnFU -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
An old PC with Linux is more flexible, but uses more electricity and space.
That's what I have here. It's my firewall, router, IPv6 tunnel end point, dhcp and caching dns. I'm thinking of moving my imap server to it too. It's also a great point for running Wireshark, when I want to see what's happening over my Internet connection. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 4/27/2013 5:27 AM, Carlos E. R. wrote:
I have seen a home router from a cable ISP (obtained free of charge) with a dhcp4 server that can tie IPs to MACs. But then, it has no DNS server, and the interface is cumbersome: IIRC, it reboots on each entry you add.
Every router I have purchases or randomly bumped into over the last many years has a DHCP server built in with mac-address reservations. Its not rare, its the norm, even with Cable ISP supplied routers. Most of them supply WINS services too. As for a Router with built in DNS servers, that too is becoming the norm in recent years. But unless you are going to be setting up some sort of split horizon DNS scheme, its seldom really necessary to have an in-house DNS server. When running windows, its never really necessary. When running linux you might have a problem finding other local linux machines by name (rather than IP) but running something like ddclient on each will allow you to resolve local names via Dyndns.org (or equivalent). -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
John Andersen wrote:
But unless you are going to be setting up some sort of split horizon DNS scheme, its seldom really necessary to have an in-house DNS server. When running windows, its never really necessary. When running linux you might have a problem finding other local linux machines by name (rather than IP) but running something like ddclient on each will allow you to resolve local names via Dyndns.org (or equivalent).
I use it primarily for IPv4 stuff with RFC1918 addresses. I could use any public DNS to find the IPv6 addresses on my local network. I installed dnsmasq, which is a caching dns server. It reads the hosts file for host names on my local network. The IPv6 addresses their are the same as on the outside DNS server. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2013-04-27 at 13:03 -0700, John Andersen wrote:
On 4/27/2013 5:27 AM, Carlos E. R. wrote:
I have seen a home router from a cable ISP (obtained free of charge) with a dhcp4 server that can tie IPs to MACs. But then, it has no DNS server, and the interface is cumbersome: IIRC, it reboots on each entry you add.
Every router I have purchases or randomly bumped into over the last many years has a DHCP server built in with mac-address reservations. Its not rare, its the norm, even with Cable ISP supplied routers. Most of them supply WINS services too.
Not the norm. The one I'm using right now has DHCP server, yes, but I can not link macs to IPs. The only adjustement I can make is the start and end address of the lease range, and for how long is the lease. Or disable dhcp entirely. It is a Comtrend CT536+
As for a Router with built in DNS servers, that too is becoming the norm in recent years.
The above model has a DNS server with no configuration posssible.
But unless you are going to be setting up some sort of split horizon DNS scheme, its seldom really necessary to have an in-house DNS server.
I do run a DNS server, simply because I want to. I have it since the times that I used a V90 modem, because lookups were faster. With the bonus of having local names accessible. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlF9g0wACgkQtTMYHG2NR9XkrwCgju6Q3dLJERKoj9iBYhVFTtQZ 1A8AoIgBIn0y92bUmV6nJ0wXzNMyFlqp =YVaz -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, 28 Apr 2013 22:15:08 +0200 (CEST) Carlos E. R. wrote:
The one I'm using right now has DHCP server, yes, but I can not link macs to IPs. The only adjustement I can make is the start and end address of the lease range, and for how long is the lease. Or disable dhcp entirely.
It is a Comtrend CT536+
If it's a "CT5361T," it supports MAC "filtering" (restricted access.) See section 7.1.2, "MAC Filter" on page 93 of the manual: http://www.mtangel.net/docs/CT5361T_A3.3.pdf hth & regards, Carl -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 4/28/2013 2:39 PM, Carl Hartung wrote:
On Sun, 28 Apr 2013 22:15:08 +0200 (CEST) Carlos E. R. wrote:
The one I'm using right now has DHCP server, yes, but I can not link macs to IPs. The only adjustement I can make is the start and end address of the lease range, and for how long is the lease. Or disable dhcp entirely.
It is a Comtrend CT536+
If it's a "CT5361T," it supports MAC "filtering" (restricted access.) See section 7.1.2, "MAC Filter" on page 93 of the manual: http://www.mtangel.net/docs/CT5361T_A3.3.pdf
hth & regards,
Carl
Well, Carl, that's not exactly the same thing as making sure your printer or NAS always gets assigned the same IP by setting up IP reservation based on MAC address in the DHCP server. I made the statement up-thread that there is no valid reason for assigning IPs to each workstation manually any more. But sure enough, Carlos managed to come up with a 6 year old router that STILL does not support this functionality. So I stand corrected. I've replaced routers for less flagrant omissions. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2013-04-28 at 14:57 -0700, John Andersen wrote:
Well, Carl, that's not exactly the same thing as making sure your printer or NAS always gets assigned the same IP by setting up IP reservation based on MAC address in the DHCP server.
I made the statement up-thread that there is no valid reason for assigning IPs to each workstation manually any more.
But sure enough, Carlos managed to come up with a 6 year old router that STILL does not support this functionality.
:-)
So I stand corrected. I've replaced routers for less flagrant omissions.
Well, it works otherwise, and I got it free. I may get another one for free, but it is at a friend's house 500 km away. It will have to wait. I don't like getting separated from my money if I can avoid it, you know ;-) - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlF92NwACgkQtTMYHG2NR9UqPwCfYgt8lx/Wg1KY166oiN8nFmSZ uLIAn3qdEqJIwKKw9smXMq1lIIwsxwLt =PRyH -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carl Hartung wrote:
If it's a "CT5361T," it supports MAC "filtering"
MAC filtering is not the same thing as reserving an IP address for a device. MAC filtering is a method of determinine what devices are allowed to connect. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, 28 Apr 2013 19:14:13 -0400 James Knott wrote:
Carl Hartung wrote:
If it's a "CT5361T," it supports MAC "filtering"
MAC filtering is not the same thing as reserving an IP address for a device. MAC filtering is a method of determinine what devices are allowed to connect.
This is obvious. What wasn't/isn't clear is if the device name can be addressed like a hostname. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carl Hartung wrote:
This is obvious. What wasn't/isn't clear is if the device name can be addressed like a hostname.
Again, MAC filtering has nothing to do with it. With DHCP servers, you can assign an IP address to a specific MAC address and then use DNS to provide the host name to that device, just as you would with a static IP address. The only instance I can think of where a host name is directly tied to a MAC address is the situation I have with my Internet connection. I have a cable modem. The ISP uses DHCP to assign IP addresses, but the host name is based on the cable modem and router MAC addresses, so even if the IP changes, the host name remains constant. Also, it's been a long time since I looked at this, but IBM OS/2 Warp Server had a Dynamic DNS function, tied to the DHCP server, but it required DDNS software running on the client computers, along with DHCP. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, 28 Apr 2013 22:08:24 -0400 James Knott wrote:
Carl Hartung wrote:
This is obvious. What wasn't/isn't clear is if the device name can be addressed like a hostname.
Again, MAC filtering has nothing to do with it. With DHCP servers, you can assign an IP address to a specific MAC address and then use DNS to provide the host name to that device, just as you would with a static IP address. The only instance I can think of where a host name is directly tied to a MAC address is the situation I have with my Internet connection. I have a cable modem. The ISP uses DHCP to assign IP addresses, but the host name is based on the cable modem and router MAC addresses, so even if the IP changes, the host name remains constant. Also, it's been a long time since I looked at this, but IBM OS/2 Warp Server had a Dynamic DNS function, tied to the DHCP server, but it required DDNS software running on the client computers, along with DHCP.
The question I asked was straightforward, James. With this particular router, if you specify a 'filter' enabling access, like so (real life example)... Device Name: HP098E07 MAC Address: 00:1F:33:3E:18:DA ... such that, when the device connects and is dynamically assigned a local IP address, can it then be addressed by other clients on the network by 'Device Name'? It isn't clear from the documentation whether or not this is supported. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2013-04-28 at 22:37 -0400, Carl Hartung wrote:
The question I asked was straightforward, James. With this particular router, if you specify a 'filter' enabling access, like so (real life example)...
Device Name: HP098E07 MAC Address: 00:1F:33:3E:18:DA
... such that, when the device connects and is dynamically assigned a local IP address, can it then be addressed by other clients on the network by 'Device Name'? It isn't clear from the documentation whether or not this is supported.
Not mine. MAC filtering is only for wireless access, and has no name entries. It is this one: <http://www.seattlewireless.net/ComtrendCT-536+> However, mine does not give access to the shell console to issue Linux commands, like shown on that page. The firmware is customized for the Telefonica ISP. The documentation PDF is this one (Spanish): <http://www.movistar.es/rpmm/estaticos/residencial/fijo/banda-ancha-adsl/manuales/modem-router-inalambricos-adsl/manual-fabricante-comtrend-ct536+.pdf> I do have the English PDF, but I can't find a link to it at Comtrend. If you are that interested I can email it to you. However, some of the features described in the English manual do not exist in mine. For example it is already customized for my ISP, and thus you can not enter the ADSL config data. But is is not the only missing feature. I understand that I might flash it with alternate firmware, but that's not something I'll try unless I have a spare router in case I brick this one. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlF96ewACgkQtTMYHG2NR9W2VACfR+jsG+hbU3abY4nQd+3qkzkY m98An3hIEXti1RzWiGoN/9njRqAAlfgr =U5AT -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
MAC filtering is only for wireless access
It's also used in managed switches to control access to a network. For example with Cisco switches, you can limit which and how many devices can connect through a switch port. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2013-04-29 at 07:46 -0400, James Knott wrote:
Carlos E. R. wrote:
MAC filtering is only for wireless access
It's also used in managed switches to control access to a network.
Er... no, not in this model. I'm talking of that model only, what features it has or not. Other machines may have different possibilities, obviously. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlF+eekACgkQtTMYHG2NR9VzagCeNAT8PX+C1K0r3hu72Bn9UzeA LUgAnjjaH3naV2ujcEJeZGgM5kn4GYfl =tN0O -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carl Hartung wrote:
The question I asked was straightforward, James. With this particular router, if you specify a 'filter' enabling access, like so (real life example)...
Device Name: HP098E07 MAC Address: 00:1F:33:3E:18:DA
That's not my understanding of MAC filtering and not Cisco's either. In addition to the WiFi use, MAC filtering can be used on managed switches, such as those from Cisco, to control access to the network. There is no other use for it that I'm aware of. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, 29 Apr 2013 07:44:50 -0400 James Knott wrote:
Carl Hartung wrote:
The question I asked was straightforward, James. With this particular router, if you specify a 'filter' enabling access, like so (real life example)...
Device Name: HP098E07 MAC Address: 00:1F:33:3E:18:DA
That's not my understanding of MAC filtering and not Cisco's either.
What isn't? Please elucidate.
In addition to the WiFi use, MAC filtering can be used on managed switches, such as those from Cisco, to control access to the network. There is no other use for it that I'm aware of.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carl Hartung wrote:
That's not my understanding of MAC filtering and not Cisco's either. What isn't? Please elucidate.
Use of MAC filtering for other than restricting access to a network. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, 29 Apr 2013 09:56:44 -0400 James Knott wrote:
Carl Hartung wrote:
That's not my understanding of MAC filtering and not Cisco's either. What isn't? Please elucidate.
Use of MAC filtering for other than restricting access to a network.
Did I assert something to this effect? I think not. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
constant. Also, it's been a long time since I looked at this, but IBM OS/2 Warp Server had a Dynamic DNS function, tied to the DHCP server, but it required DDNS software running on the client computers, along with DHCP.
dhcpd supports this too - see option "ddns-updates". I think I played with it once a few years ago, it wasn't too difficult to get going. -- Per Jessen, Zürich (8.8°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
dhcpd supports this too - see option "ddns-updates". I think I played with it once a few years ago, it wasn't too difficult to get going.
I don't see that. Usage: dhcpd [-p <UDP port #>] [-f] [-d] [-q] [-t|-T] [-4|-6] [-cf config-file] [-lf lease-file] [-user user] [-group group] [-chroot dir] [-tf trace-output-file] [-play trace-input-file] [-pf pid-file] [--no-pid] [-s server] [if0 [...ifN]] I also checked the dhcp rfc and didn't see anything about that. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
Per Jessen wrote:
dhcpd supports this too - see option "ddns-updates". I think I played with it once a few years ago, it wasn't too difficult to get going.
I don't see that.
Usage: dhcpd [-p <UDP port #>] [-f] [-d] [-q] [-t|-T] [-4|-6] [-cf config-file] [-lf lease-file] [-user user] [-group group] [-chroot dir] [-tf trace-output-file] [-play trace-input-file] [-pf pid-file] [--no-pid] [-s server] [if0 [...ifN]]
I also checked the dhcp rfc and didn't see anything about that.
man dhcpd.conf RFC4701,-02,-03 (according to the man page). -- Per Jessen, Zürich (11.8°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
man dhcpd.conf
KDE Man Viewer Error
No man page matching to dhcpd.conf found.
Check that you have not mistyped the name of the page that you want. Check that you have typed the name using the correct upper and lower case characters. If everything looks correct, then you may need to improve the search path for man pages; either using the environment variable MANPATH or using a matching file in the /etc directory.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
Per Jessen wrote:
man dhcpd.conf
KDE Man Viewer Error
No man page matching to dhcpd.conf found.
Check that you have not mistyped the name of the page that you want. Check that you have typed the name using the correct upper and lower case characters. If everything looks correct, then you may need to improve the search path for man pages; either using the environment variable MANPATH or using a matching file in the /etc directory.
I guess you don't have dhcpd installed. Try this one instead: http://linux.die.net/man/5/dhcpd.conf -- Per Jessen, Zürich (12.1°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
I guess you don't have dhcpd installed. Try this one instead:
I took that from my firewall computer, which does have a dhcp server running. # rpm -qa|grep dhcp dhcpcd-3.2.3-66.69.1.i586 dhcp-client-4.2.4.P2-0.34.1.i586 dhcp-server-4.2.4.P2-0.34.1.i586 dhcp-4.2.4.P2-0.34.1.i586 yast2-dhcp-server-2.19.0-7.2.noarch dhcpv6-1.0.22-13.1.i586 # man dhchd.conf No manual entry for dhchd.conf That computer is running openSUSE 11.4. My comment was: "With DHCP servers, you can assign an IP address to a specific MAC address and then use DNS to provide the host name to that device, just as you would with a static IP address." That dchpd.conf you linked to mentions getting the host name from the client, which is not what I was referring to. It also mentions assigning a name to a computer, but no mention of MAC address in that context. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2013-04-29 at 10:11 -0400, James Knott wrote:
# man dhchd.conf No manual entry for dhchd.conf
It is "man dhcpd.conf", not "man dhchd.conf" :-)
That computer is running openSUSE 11.4.
My comment was: "With DHCP servers, you can assign an IP address to a specific MAC address and then use DNS to provide the host name to that device, just as you would with a static IP address."
I use this in the dhcpd server used by vmware player: host oS-12.2 { hardware ethernet 00:0C:29:97:EA:50; fixed-address 192.168.74.125; } I see this in the manual: An option host-name statement within a host dec- laration will override the use of the name in the host declaration. It should be noted here that most DHCP clients completely ignore the host-name option sent by the DHCP server, and there is no way to configure them not to do this. So you generally have a choice of either not having any hostname to client IP address mapping that the client will recognize, or doing DNS updates. It is beyond the scope of this document to describe how to make this determination. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlF+iQMACgkQtTMYHG2NR9WI2wCfYK0KLDuYxIS2Gg160Z8Zu8i8 0+MAn3sM51xdLCn+wH4wAnLkZEr+Y4Al =dj2C -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, 29 Apr 2013 10:11:05 -0400 James Knott wrote:
Per Jessen wrote:
I guess you don't have dhcpd installed. Try this one instead:
I took that from my firewall computer, which does have a dhcp server running.
# rpm -qa|grep dhcp dhcpcd-3.2.3-66.69.1.i586 dhcp-client-4.2.4.P2-0.34.1.i586 dhcp-server-4.2.4.P2-0.34.1.i586 dhcp-4.2.4.P2-0.34.1.i586 yast2-dhcp-server-2.19.0-7.2.noarch dhcpv6-1.0.22-13.1.i586
# man dhchd.conf No manual entry for dhchd.conf
That computer is running openSUSE 11.4.
My comment was: "With DHCP servers, you can assign an IP address to a specific MAC address and then use DNS to provide the host name to that device, just as you would with a static IP address."
That dchpd.conf you linked to mentions getting the host name from the client, which is not what I was referring to. It also mentions assigning a name to a computer, but no mention of MAC address in that context.
This discussion is somewhat tangential to the original scenario I described. My old wireless router had 'filtering' even though it wasn't labeled as such. It had an 'access list' that you could enable by clicking a check box. Doing so would reveal a blank table with three columns, 'device', 'description' and 'MAC Address.' I often retrieved new device information (visitors, etc.) by turning off that 'access list,' establishing the connection at the device(*) and then viewing the 'connected devices' list in the router. I would then copy and paste that information into the 'access list' before turning it back on. In the case of my printer, and this is how it relates to Carlos' original problem, I distinctly recall that after I completed this procedure, it became 'visible' and available for configuration and use on the network. Was this "filtering?" Yes. Was this also a convenient, one-step method for configuring a new service/client? I would say it was. It probably 'just worked' because I let the device pick it's own name. (*) i.e. 'select' from the list of 'available networks' and click 'connect' then enter password/key/passphrase. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2013-04-29 at 11:18 -0400, Carl Hartung wrote:
In the case of my printer, and this is how it relates to Carlos' original problem,
I believe that it is Koenraad who had the problem that originated the tread :-) I only intervened to mention that not every router has all the features one would expect. Some do not have DNS server, some can not assign names or IPs to fixed MACs, whatever. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlF+mxcACgkQtTMYHG2NR9Ui/wCdGGYR0oZMuqP/N5bVvlIiYbEl 5JIAnR1VOFloZk2LhwfrEH8wErJnDygV =HarX -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
In the case of my printer, and this is how it relates to Carlos' original problem, ...
I believe that it is Koenraad who had the problem that originated the tread :-)
Hi, If you read the title of the thread, and the original post, you'll find out what my problem was ;-). In fact, the routing problem seems solved. I can surf the Internet from behind my "second" router. An external tool recognized the ipv6 address of the surfing PC. There remain some minor problems though. Regards, Koenraad -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
Per Jessen wrote:
I guess you don't have dhcpd installed. Try this one instead:
I took that from my firewall computer, which does have a dhcp server running.
# rpm -qa|grep dhcp dhcpcd-3.2.3-66.69.1.i586 dhcp-client-4.2.4.P2-0.34.1.i586 dhcp-server-4.2.4.P2-0.34.1.i586 dhcp-4.2.4.P2-0.34.1.i586 yast2-dhcp-server-2.19.0-7.2.noarch dhcpv6-1.0.22-13.1.i586
# man dhchd.conf No manual entry for dhchd.conf
Try "man dhcpd.conf".
My comment was: "With DHCP servers, you can assign an IP address to a specific MAC address and then use DNS to provide the host name to that device, just as you would with a static IP address."
That dchpd.conf you linked to mentions getting the host name from the client, which is not what I was referring to. It also mentions assigning a name to a computer, but no mention of MAC address in that context.
I thought this part of the thread was about dynamically updating DNS, which is supported by the dhcp server. If you wish to assign an IP-address (and optionally a hostname) based on the MAC-address of the client: host jknott { hardware ethernet aa:bb:cc:dd:ee:ff; fixed-address 1.2.3.4; } -- Per Jessen, Zürich (12.6°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 4/29/2013 9:23 AM, Per Jessen wrote:
I thought this part of the thread was about dynamically updating DNS, which is supported by the dhcp server.
If you wish to assign an IP-address (and optionally a hostname) based on the MAC-address of the client:
host jknott { hardware ethernet aa:bb:cc:dd:ee:ff; fixed-address 1.2.3.4; }
Per, the thread is hopelessly confused at this point, but your recommendation is exactly what those of us running our own DHCP server do to avoid configuring devices for static IPs. (I made the RASH assertion that there is no valid use case for manually configured static IPs in the modern world. This is easy for me to say, because I've ran DHCP from my Linux server for years). We got side tracked on ways to do this via routers for those people NOT wanting to run their own DHCP server, and who therefore resort to statics IPs simply to be able to find things like printers or such. Most (but not all) modern off the shelf routers do allow such reservations, although the find-by-name capability is still not always found in off the shelf routers. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott said the following on 04/29/2013 08:01 AM:
Per Jessen wrote:
dhcpd supports this too - see option "ddns-updates". I think I played with it once a few years ago, it wasn't too difficult to get going.
I don't see that.
Usage: dhcpd [-p <UDP port #>] [-f] [-d] [-q] [-t|-T] [-4|-6] [-cf config-file] [-lf lease-file] [-user user] [-group group] [-chroot dir] [-tf trace-output-file] [-play trace-input-file] [-pf pid-file] [--no-pid] [-s server] [if0 [...ifN]]
I also checked the dhcp rfc and didn't see anything about that.
WHAT?!?! No mention in RFC 2136? http://tools.ietf.org/html/rfc2136 I also see in the man page for dhcpd.conf on my server box ... <quote> DYNAMIC DNS UPDATES The DHCP server has the ability to dynamically update the Domain Name System. Within the configuration files, you can define how you want the Domain Name System to be updated. These updates are RFC 2136 compliant so any DNS server supporting RFC 2136 should be able to accept updates from the DHCP server. </quote> YMMV. -- "The number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op 26-04-13 14:08, James Knott schreef: ...
OK, so they're using a tunnel, not native IPv6. Linux can handle various tunnel types. In addition to installing RADVD, I had to manually add a forwarding rule to /etc/sysconfig/SuSEfirewall2 to forward the subnet to my local network. Here's that line:
FW_FORWARD="2001:x:y:z::/56,2000::/3 \ 2000::/3,2001:x:y:z::/56,tcp,imaps \ 2000::/3,2001:x:y:z::/56,tcp,ssh"
This is line 592 in that file. As shown, it forwards to and from my subnet and also allows only ssh and imaps incoming. I replaced part of my actual address with x:y:z. If you don't want to filter any protocols, delete everything after /56 on the second line. If you want to filter more, just create additional lines as shown. The usual Yast Firewall filters work fine for traffic destined for the firewall/router computer, but not routing IPv6 traffic to your network.
BTW, why are you using dhcp6 for addresses? That's normally not necessary. The router advertises the local network and the computers combine that with their MAC address and/or random number to create a valid IPv6 address.
No, I don't think they are using a tunnel. My prefix starts with 2a02: AFAIK not a tunneled prefix. When I asked the xDSL-router's manufacturer for support how to configure static ipv6-routes they said I could not, but I should use dhcpv6-client. Schematic situation : xDSL-router-----NIC1:router2:NIC2---internal network router2 is a linux-box After investigating found I can automatically assign prefixes to NIC2 of router2. The dhcpv6-client of router2 asks for a IA_PD via NIC1. It then receives a prefix and a prefix-length from the dhcpv6 server, my xDSL-router. A script in router2 then assigns an address to NIC2 in the received prefix-range. radvd should pick this up and announce the prefix of NIC2 via that NIC. Of course there remains the problem how the xDSL-router knows where to route packets for the prefixes it just gave to router2. And why does the xDSL-router only gives a prefix-length of 2, i.e. a /62 prefix. Maybe it's because it's only a SOHO-router (Fritzbox 7390) so it's not configurable ? I should study dhcpv6-server configuration. I'm absolutely not certain but I think routing should not be done by modifying the firewall. The book I studied (IPv6 in Practice) says everyting should be automatic, when configured right. And when the prefix changes, it should propagate automatically. Modifying a firewall can hardly be called automatically. Maybe I misunderstand ? The network is for my home, but it serves also as a testbed for my company's network. Playground/exercise-field ;-) It has a dhcpv4 server, dns-server, mail-server, ... Thanks for your comments. B.T.W. by no means I pretend to know all about ipv6, on the contrary. I just hope someone gives me the final hint so I can have a sound ipv6 inter-network. I still have to learn very much. Koenraad -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Koenraad Lelong wrote:
No, I don't think they are using a tunnel. My prefix starts with 2a02: AFAIK not a tunneled prefix.
Actually, that depends on the tunnel method. 6to4 and Teredo have assigned address blocks, but 6rd and the method I use, 6in4 do not. They use blocks that are assigned to the provider. Perhaps you should find out what tunnel method, if any is used by your provider, or if they provide the entire subnet at the modem.
I'm absolutely not certain but I think routing should not be done by modifying the firewall. The book I studied (IPv6 in Practice) says everyting should be automatic, when configured right. And when the prefix changes, it should propagate automatically. Modifying a firewall can hardly be called automatically. Maybe I misunderstand ?
Yes, the changes are automatically passed by the router. The only "modifications" I did was to set up the firewall forwarding rules. My reference book for IPv6 is "IPv6 Essentials" by Silvia Hagen, published by O'Reilly. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (7)
-
Anton Aylward -
Carl Hartung -
Carlos E. R. -
James Knott -
John Andersen -
Koenraad Lelong -
Per Jessen