Archive for August 2010
As blogged before I had my first IPv6 visitor, but of course the first IPv6
type that tried to enter my network could not be far of. Yep and there he/she
is.
It's IP address 2002:4e6d:8112::1 and that does not resolve to something
useful, yet, because it's a 6to4 network address.
Recalculating to an IPv4 address this gives me: 78.109.129.18 and digging
that results in
; <<>> DiG 9.6.0-APPLE-P2 <<>> -x 78.109.129.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31228
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;18.129.109.78.in-addr.arpa. IN PTR
;; ANSWER SECTION:
18.129.109.78.in-addr.arpa. 3600 IN PTR 18.static.ppp.dianet.info.
;; AUTHORITY SECTION:
129.109.78.in-addr.arpa. 172799 IN NS ns3.netcorp.ru.
129.109.78.in-addr.arpa. 172799 IN NS ns1.netcorp.ru.
;; Query time: 694 msec
;; SERVER: 192.168.63.4#53(192.168.63.4)
;; WHEN: Mon Aug 30 21:06:50 2010
;; MSG SIZE rcvd: 129</pre>
So: From Russia with love! 
This dude or dudette tried to connect to port 51777 (μTorrent
I guess) for a meager 21514 times. I would guess you should know there's
nothing to get after couple of times (say 10). I do not run torrents and
even if I did, you wouldn't get anything.
I, for some time now, created RPM's for git. I will not
do that anymore, because Dag Wieers RPMForge now has them and
even up-to-date ones as well.
I also removed the git archive RPM's.
Last night I had my first genuine visitor with IPv6. It seems it's a webcrawler
from the Erlangen University in Germany.
The IPv6 address is 2001:638:a00:4f::83bc:4e1e and this results in
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33203
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;e.1.e.4.c.b.3.8.0.0.0.0.0.0.0.0.f.4.0.0.0.0.a.0.8.3.6.0.1.0.0.2.ip6.arpa. IN PTR
;; ANSWER SECTION:
e.1.e.4.c.b.3.8.0.0.0.0.0.0.0.0.f.4.0.0.0.0.a.0.8.3.6.0.1.0.0.2.ip6.arpa. 86291 IN PTR legolas.rrze.uni-erlangen.de.
;; AUTHORITY SECTION:
0.0.a.0.8.3.6.0.1.0.0.2.ip6.arpa. 86291 IN NS faui45.informatik.uni-erlangen.de.
0.0.a.0.8.3.6.0.1.0.0.2.ip6.arpa. 86291 IN NS ns.rrze.uni-erlangen.de.
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug 30 09:07:47 2010
;; MSG SIZE rcvd: 181
To the Erlangen University: Congratulations!!
I've been running this blog for some time now and for the IPv6 certificate I
needed this site to be IPv6 capable. Therefore I had to run my own nameserver
and stuff like that and so I decided that it would be nice if you could reach
me at http://pa1ton.nl as well.
Well, you can. Just click here.
Some URL's need some tweaking, but the first hurdles have been taken.
It took me some time and some tweaking of nameservers, webservers and
mailservers, but I finally got it.
I got the Hurricane Electric IPv6 Certification nailed for the "Sage" level.
This is the highest level, so only a simple test to go and a daily submission
of some logs for maximum points. the maximum points you can get is 1500, so I'm
well on my way.
As an extra HE gives you a nice, nerdy T-Shirt, stating that
you are an IPv6 guru. I can't wait to put it on
This is the certificate.
Last night (Aug. 22 2010 at 00:25:47) SIDN signed the Dutch .nl zone and made it public.
This is, of course, reason for a party and calls for the signing of my own
zones. Unfortunately it's not possible to use secure delegation, but that's
something for the future.
I do have two domains up and running and I signed them both.
Read more »
It took me some time, but now I have it up and running. My home network runs
IPv6 and my server can be reached on an IPv6 address.
Unfortunately I don't have a native IPv6 address and my provider (UPC/Chello)
will not supply one. So I had to use a tunnel broker. After experimenting a bit
I got stuck on the tunnelbroker of Hurricane Electric.
My m0n0wall firewall supports the Tunnelbroker IPv6/IPv4 tunnels and after
configuring some firewall rules everything is up and running.
Have to grab some screenshots and after that I'll post how I did it.
My server at home runs CentOS 5 and this has OpenSSH version 4.3. Running
updates doesn't update this version, because RedHat keeps the version number
stable.
But I wanted a newer OpenSSH because of some nice new
features. But when I do compile a new version I'm still stuck with old OpenSSL,
and that's not what I want.
Well, you can guess it by now, this is what I did.
Read more »
Some time ago I switch from m0n0wall to
pfSense and I did like it a lot.
But a problem with PPTP tunneling made me think again. Was pfSense the way to
go?
Well, it wasn't. When I was trying to get IPv6 up and running it turned out
that pfSense doesn't support IPv6 out of the box. And m0n0wall does. There
where some answers on the internet, but I was not willing to hack the pfSense
box if that was not needed. And the pfSense website states that IPv6 support
will come after the release of 2.0. I'm not going to hold my breath that long.
And the PPTP tunneling problem can only be solved when you have a dual external
IP address. My provider won't give me a static one, so two statics is
completely out of the question.
So, here is what I did. I took my old firewall and installed m0n0wall (version
1.32, the latest stable) on it. After that I implemented all the firewall
thingies I had in the pfSense box and put all the stuff in to make it work.
Then I switched firewalls to test it for a couple of days and see if everything
works. And it did. So, I installed m0n0wall on the primary firewall and left
it running for some time.
OK, time to implement IPv6, but that is a different story. When I have it
completely up and running, you are the first to here it.
About a month or two ago I was contacted by my ISP asking if I would like a lot
faster internet connection and a lower price. Well, you have to be nuts to deny
such an offer, so I decided to comply.
About a week later the new internet modem showed up and I connected everything
up.
Running speedtest made me very happy.
Not bad at all 
