That's a serious issue I have -- since port forwarding is a subfunction of NAT, and since there's no NAT module for ipv6 in linux, there's no way to port forward for ipv6 in linux.
Ok, I will grant you that HE is awesome. The other tunnel broker, sixxs, took about 2 days. (And I am probably getting my tunnel disconnected by reviewing them on slashdot. They're... draconian. Cruise their forums and decide for yourself.)
It works through NAT, which actually makes it even easier to use than 6to4. Thanks for pointing it out! 6to4 is more of a site tool, and Teredo is a client tool.
if [ "$2" = "delete" ] then/sbin/ip link set dev tun6to4 down/sbin/ip -6 route flush dev tun6to4/sbin/ip tunnel del tun6to4
echo "IPv6 tunnel has been deleted."
exit fi;/sbin/ip tunnel add tun6to4 mode sit ttl 255 remote any local ${ipv4};/sbin/ip link set dev tun6to4 up;/sbin/ip -6 addr add ${ipv6}/16 dev tun6to4;/sbin/ip -6 route add 2000::/3 via::192.88.99.1 dev tun6to4 metric 1;
if ping6 -c 1 he.net 2>&1 1>/dev/null then
echo "Verified IPv6 connectivity."; else
echo "Can't ping IPv6 network."; fi;
Ok kids. Go home tonight and turn ipv6 on. I know you're all running homebrew linux nat routers.
Here's all you gotta do.
Install radvd. It's a Router Advertisement server. Router Advertisements are how your LAN clients learn what the hell their IPv6 "prefix" is. You're going to use something clever called 6to4, which basically converts your public ipv4 address into the first half of your ipv6 address. You plug that information into your radvd configuration, and voila, all your LAN clients can learn their unique global ipv6 address. Then you just run a little script, which turns up the 6to4 tunnel on your linux nat, and all of a sudden, all your LAN clients have globally routable ipv6 addresses! And once the v6 stack fires up, your computers will try resolving AAAA records, so you might even get to visit some v6 websites!
You're not strictly running native ipv6, since 6to4 is a tunnel to an anycast server (dont worry, there's plenty of them sharing the same address). It emulates pretty damned close though. Enough for you to try it out!
Here's the thing that keeps blowing my mind. Remember back before NAT? The Internet was actually symmetrical back then. Any host could contact any host. Well, it's restored. I keep forgetting I can literally contact ANY lan host from remotely, using its v6 address. Security nightmare? You betcha. Restored services? Makes up for it! Maybe I can figure out what a firewall is, after all!
Sure, there's tunnel brokers out there too... don't waste your time with all that. 6to4 is quick and easy, and it works fairly faithfully. By the time a tunnel broker OKs your info, you could be pinging already with 6to4.
Oh yeah. That malarkey about "ooh my address is so long, it's just not worth it" -- My address is 2002:xxxx:xxxx::1 through::5. Also, a few weeks ago they released an interesting workaround to memorizing ip addresses, called "The DNS". As ominous as that sounds, it's actually pretty clever and I've been enjoying it for a while.
And yes,::1 is easily guessable and that makes it hackable. So please, no nmapping the 2002:xxxx/32 subnet tonight. (At the rate of 2^96 pings per second, it should be done by next century)
what's the use in worrying? half a world away, people are working on tablets to drop in your city's drinking water to kill everyone you know. just relax and hope for the best. maybe we'll learn something there on the moon. hell, i heard people still read books on the moon. must be a reason to go there.
(in the $1200-or-slightly-more range, as I won the extended-service-plan lottery and have a Sears store credit
Why does everyone write in this weenie, preemptive retort blocking way around here? Same thing as "I know this is going to burn my karma" clauses. Grow a spine. Just say what you think. You have 1200 bucks. Cool. I don't have an issue with you buying a TV with it. You don't have to ask it like you'd ask your boss for a day off. "Boss, I would like to take a day off in four months, as my girlfriend booked a long weekend at a get away resort and have an obligation to go with her". Just say "I'm taking this day off", or "I have about 1200 bucks for a tv". Everything else is just showing you're intimidated by possible responses by people that don't even matter.
While I was at University, there was often someone broadcasting the SSID "UNH-Wireless" in their Memorial Building. The official SSID was just unhwireless. UNH required you to register your MAC before they would forward your packets to the Internet, but the rogue SSID was open. Since the Memorial Building was where all the visitors ended up for lunch after tours, I wonder how many delicious things were intercepted.
(New Hampshire is the one that touches the ocean. The other one is Vermont, which is the one that touches Canadia.)
I HATE it when you type a lengthy reply into a web forum, only to have "awaiting moderation". I'm sure they will spend 8 seconds glancing at my 10 minute's worth of work, before chucking it into the digital trash bin. Yay, oppression. I realize I don't have any right to free speech in their house, but it's still RUDE.
Somehow, and I don't understand this, but if you asked everyone if they have above or below average abilities on any random topic, people always partition themselves into two groups, almost exactly evenly. It seems completely unfathomable that people do not artificially inflate their own assessment of self, yet every single time, people objectively rate their abilities in these personal assessment surveys. How weird is that?
i think a lot of kids like violent games because it's a projection of the self they cannot be. they want to be menacing to their peers, and if they act like murdering a character is hilarious, maybe their peers will pause a moment while they wonder if he or she is a closet psycho... cause that would feel AWESOME if they were feared like that
Your last sentence claims that we'll never have to upgrade from v4 since we can use address translation, because it's a flexible approach. Yet these techniques fall apart when a remote destination wishes to establish communication with a translated address. Horrible technologies like STUN enter the picture, requiring a third node with a public address to establish the network parameters for translated hosts. What would occur when we can no longer even provide addresses to these intermediaries? This is to say nothing of the knowledge higher-level protocols must have of those layers beneath, which is unwholesome and breaks the abstract nature that once facilitated development. Metaphorically, your postman has to know what's inside the box in order to deliver it. Is this the flexibility you laud? This is why I don't like it. Am I misinformed?
To me, I mean, a car accident comes and goes in 1 second. I don't so much have an issue with being dead as I do spending 3 minutes falling from the sky knowing I'm about to be dead. Cause I bet that would be a bummer.
"You could try it with the Live CD, but let's face it, that's little more than interactive screenshots. Without installing and running software natively, you really can't give it a fair shake. "
Interactive screenshots? Does he mean like a running software program? Barring saved preferences, how is software run from a CD different than a hard drive? Is it somehow translated when run from the CD? It's too foreign to be assessed?
This is the sort of rubbish that occurs when people publish first drafts; when their syntax may be correct but their ideas unfinished. This author should find a buddy who can proofread his articles. He might sound more professional during rounds two, or even three.
when i worked for the 10 gigabit ethernet consortium at the UNH IOL (www.iol.unh.edu), i had to do a 10 gig demo once. not naming vendors, i wasn't able to get it above 1.1 gigabit/second with commodity pc hardware. we had pattern generators, but those don't count in the real world.
for 1 gigabit, the best line utilization i ever got was about 97%, using two linux boxes, netcat, and piping/dev/random into/dev/null across it. i'm not a math guy so i can't say what the theoretical max is.
Slashdot Mirror
Yes, this is why we put the liberal art majors in their own building.
That's a serious issue I have -- since port forwarding is a subfunction of NAT, and since there's no NAT module for ipv6 in linux, there's no way to port forward for ipv6 in linux.
Ok, I will grant you that HE is awesome. The other tunnel broker, sixxs, took about 2 days. (And I am probably getting my tunnel disconnected by reviewing them on slashdot. They're... draconian. Cruise their forums and decide for yourself.)
Teredo isn't 6to4.
It works through NAT, which actually makes it even easier to use than 6to4. Thanks for pointing it out! 6to4 is more of a site tool, and Teredo is a client tool.
here's one way of setting a 6to4 tunnel up. i squished some semicolons in cause it's pasting funny.
#!/bin/bash
# Create a 6to4 tunnel in linux.
if [ $# -eq 0 ]
then
echo "Usage: $0 [delete]";
exit;
fi;
ipv4=$(ifconfig $1|grep "inet addr:"|awk '{print $2}'|awk -F: '{print $2}');
ipv6=$(printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "`);
echo "ipv4 address: ${ipv4}";
echo "ipv6 address: $ipv6";
if [ "$2" = "delete" ] /sbin/ip link set dev tun6to4 down /sbin/ip -6 route flush dev tun6to4 /sbin/ip tunnel del tun6to4 /sbin/ip tunnel add tun6to4 mode sit ttl 255 remote any local ${ipv4}; /sbin/ip link set dev tun6to4 up; /sbin/ip -6 addr add ${ipv6}/16 dev tun6to4; /sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1;
then
echo "IPv6 tunnel has been deleted."
exit
fi;
if ping6 -c 1 he.net 2>&1 1>/dev/null
then
echo "Verified IPv6 connectivity.";
else
echo "Can't ping IPv6 network.";
fi;
Ok kids. Go home tonight and turn ipv6 on. I know you're all running homebrew linux nat routers.
Here's all you gotta do.
Install radvd. It's a Router Advertisement server. Router Advertisements are how your LAN clients learn what the hell their IPv6 "prefix" is. You're going to use something clever called 6to4, which basically converts your public ipv4 address into the first half of your ipv6 address. You plug that information into your radvd configuration, and voila, all your LAN clients can learn their unique global ipv6 address. Then you just run a little script, which turns up the 6to4 tunnel on your linux nat, and all of a sudden, all your LAN clients have globally routable ipv6 addresses! And once the v6 stack fires up, your computers will try resolving AAAA records, so you might even get to visit some v6 websites!
You're not strictly running native ipv6, since 6to4 is a tunnel to an anycast server (dont worry, there's plenty of them sharing the same address). It emulates pretty damned close though. Enough for you to try it out!
Here's the thing that keeps blowing my mind. Remember back before NAT? The Internet was actually symmetrical back then. Any host could contact any host. Well, it's restored. I keep forgetting I can literally contact ANY lan host from remotely, using its v6 address. Security nightmare? You betcha. Restored services? Makes up for it! Maybe I can figure out what a firewall is, after all!
Sure, there's tunnel brokers out there too... don't waste your time with all that. 6to4 is quick and easy, and it works fairly faithfully. By the time a tunnel broker OKs your info, you could be pinging already with 6to4.
Oh yeah. That malarkey about "ooh my address is so long, it's just not worth it" -- My address is 2002:xxxx:xxxx::1 through ::5. Also, a few weeks ago they released an interesting workaround to memorizing ip addresses, called "The DNS". As ominous as that sounds, it's actually pretty clever and I've been enjoying it for a while.
And yes, ::1 is easily guessable and that makes it hackable. So please, no nmapping the 2002:xxxx/32 subnet tonight. (At the rate of 2^96 pings per second, it should be done by next century)
what's the use in worrying? half a world away, people are working on tablets to drop in your city's drinking water to kill everyone you know. just relax and hope for the best. maybe we'll learn something there on the moon. hell, i heard people still read books on the moon. must be a reason to go there.
it depends on whether you count the brain as the whole, or the brain plus the augment as the whole.
(in the $1200-or-slightly-more range, as I won the extended-service-plan lottery and have a Sears store credit
Why does everyone write in this weenie, preemptive retort blocking way around here? Same thing as "I know this is going to burn my karma" clauses. Grow a spine. Just say what you think. You have 1200 bucks. Cool. I don't have an issue with you buying a TV with it. You don't have to ask it like you'd ask your boss for a day off. "Boss, I would like to take a day off in four months, as my girlfriend booked a long weekend at a get away resort and have an obligation to go with her". Just say "I'm taking this day off", or "I have about 1200 bucks for a tv". Everything else is just showing you're intimidated by possible responses by people that don't even matter.
While I was at University, there was often someone broadcasting the SSID "UNH-Wireless" in their Memorial Building. The official SSID was just unhwireless. UNH required you to register your MAC before they would forward your packets to the Internet, but the rogue SSID was open. Since the Memorial Building was where all the visitors ended up for lunch after tours, I wonder how many delicious things were intercepted.
(New Hampshire is the one that touches the ocean. The other one is Vermont, which is the one that touches Canadia.)
I HATE it when you type a lengthy reply into a web forum, only to have "awaiting moderation". I'm sure they will spend 8 seconds glancing at my 10 minute's worth of work, before chucking it into the digital trash bin. Yay, oppression. I realize I don't have any right to free speech in their house, but it's still RUDE.
i actually completely made this up so that someone would do the harder work of proving me wrong. they deserve some credit.
Somehow, and I don't understand this, but if you asked everyone if they have above or below average abilities on any random topic, people always partition themselves into two groups, almost exactly evenly. It seems completely unfathomable that people do not artificially inflate their own assessment of self, yet every single time, people objectively rate their abilities in these personal assessment surveys. How weird is that?
For some fresh drama on an aging "House, MD"
i think a lot of kids like violent games because it's a projection of the self they cannot be. they want to be menacing to their peers, and if they act like murdering a character is hilarious, maybe their peers will pause a moment while they wonder if he or she is a closet psycho... cause that would feel AWESOME if they were feared like that
Nintendo commited the fallacy of assuming that people have different levels of patience and ability.
Your last sentence claims that we'll never have to upgrade from v4 since we can use address translation, because it's a flexible approach. Yet these techniques fall apart when a remote destination wishes to establish communication with a translated address. Horrible technologies like STUN enter the picture, requiring a third node with a public address to establish the network parameters for translated hosts. What would occur when we can no longer even provide addresses to these intermediaries? This is to say nothing of the knowledge higher-level protocols must have of those layers beneath, which is unwholesome and breaks the abstract nature that once facilitated development. Metaphorically, your postman has to know what's inside the box in order to deliver it. Is this the flexibility you laud? This is why I don't like it. Am I misinformed?
I think the US (and a good portion of the rest of the planet) would need a few leaders like the founding fathers of the US.
The founding fathers of the USA would be locked up if they could tour today.
I run public dns on a comcast dynamic ip. I can usually go about 8 months without a re-lease giving me a new IP, so it's always been very acceptable.
To me, I mean, a car accident comes and goes in 1 second. I don't so much have an issue with being dead as I do spending 3 minutes falling from the sky knowing I'm about to be dead. Cause I bet that would be a bummer.
Why would a spam filter be lame? It's quite elegant compared to the canonical "old P3 in the closet" that people use.
That would be almost as fast as my Pentium 4 was!
"You could try it with the Live CD, but let's face it, that's little more than interactive screenshots. Without installing and running software natively, you really can't give it a fair shake. "
Interactive screenshots? Does he mean like a running software program? Barring saved preferences, how is software run from a CD different than a hard drive? Is it somehow translated when run from the CD? It's too foreign to be assessed?
This is the sort of rubbish that occurs when people publish first drafts; when their syntax may be correct but their ideas unfinished. This author should find a buddy who can proofread his articles. He might sound more professional during rounds two, or even three.
You can take the glasses off, but you can't undo the relay hack they did on your brain from the glasses.
when i worked for the 10 gigabit ethernet consortium at the UNH IOL (www.iol.unh.edu), i had to do a 10 gig demo once. not naming vendors, i wasn't able to get it above 1.1 gigabit/second with commodity pc hardware. we had pattern generators, but those don't count in the real world.
for 1 gigabit, the best line utilization i ever got was about 97%, using two linux boxes, netcat, and piping /dev/random into /dev/null across it. i'm not a math guy so i can't say what the theoretical max is.