Mar 15
adminIPv6, Linux System Administration, Networking
Using ‘ifconfig’ on Debian Lenny, multiple IPv6 addresses can be added using entries in ‘/etc/network/interfaces’ with the ‘up’ and ‘down’ options. For example:
iface eth0 inet6 static
address 2001:41c8:1:5568::100
netmask 64
gateway fe80::1
pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf
up /sbin/ifconfig eth0 inet6 add 2001:41c8:1:5568::1:100/64
up /sbin/ifconfig eth0 inet6 add 2001:41c8:1:5568::2:100/64
down /sbin/ifconfig eth0 inet6 del 2001:41c8:1:5568::1:100/64
down /sbin/ifconfig eth0 inet6 del 2001:41c8:1:5568::2:100/64
Feb 27
adminLinux General, Networking
IP packet drop can be easily emulated on any section of network using a Linux Bridge and a single iptables command:
iptables -t mangle -A FORWARD -m statistic --mode random --probability 0.01 -j DROP
(where probability is expressed as a value between 0 and 1)
If the intention is to emulate packet drop to the local Linux system not using a bridge, use the INPUT chain:
iptables -t mangle -A INPUT -m statistic --mode random --probability 0.01 -j DROP
To remove the random packet drop and restore the connection to normal operation either change -A to -D in the above commands, or flush the iptables with:
iptables -t mangle -F FORWARD or iptables -t mangle -F INPUT
Feb 27
adminLinux General, Linux System Administration, Networking
It is often useful to place a Linux system on a specific network cable, to packet sniff or modify the network behaviour. The network setup:
[switch] - ethernet cable - [node]
becomes:
[switch] - ethernet cable - [[Linux Bridge]] - ethernet cable - [node]
The only requirement for the Linux Bridge is two physical network interfaces and root access. As root, setup the bridge with the commands below:
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
echo 1 > /proc/sys/net/ipv4/ip_forward
ifconfig eth0 up
ifconfig eth1 up
ifconfig br0 up
optionally use:
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
to also enable IPv6 bridging.
-
The Linux Bridge Interface (br0) does not require an IP address, and no configuration changes are required on the network.
Using tcpdump or wireshark on the Linux Bridge (br0), it is possible to monitor all network traffic going to or from the network node. Using tc and iptables network traffic may be manipulated to facilitate testing.
Feb 27
adminIPv6, Linux System Administration, Networking
When a site is reachable using both IPv4 and IPv6, Linux by default has a preference which is roughly:
- Native IPv6
- Native IPv4
- 6to4 tunnels
To change this preference, edit ‘/etc/gai.conf’
uncomment most of the labels:
label ::1/128 0
label ::/0 1
#label 2002::/16 2
label ::ffff:0:0/96 2
label fec0::/10 3
label fc00::/7 4
label 2001:0::/32 5
label ::/96 6
(note that 2002::/16 [6to4] is left commented out)
and have the precendence configured as:
precedence ::1/128 50
precedence ::/0 40
precedence 2002::/16 30
precedence ::/96 20
precedence ::ffff:0:0/96 10
#
# For sites which prefer IPv4 connections change the last line to
#
#precedence ::ffff:0:0/96 100
For these changes to have effect, restart the appropriate applications eg. Firefox.
Feb 13
adminLinux General, Networking
Often it is necessary for testing purposes to recreate the networking conditions found in a high latency network, such as a satellite link.
Firstly create a network bridge that can be placed inbetween the test network and its router.
To increase network latency use the following command:
tc qdisc add dev eth0 root netem delay 2000ms
which will delay every IP packet going through the bridge by 2 seconds.
To reset this delay and remove the 2 seconds of latency:
tc qdisc del dev eth0 root
Older Entries
RSS