Feb 27
TomLinux General, Linux System Administration, Networking
It is often useful to place a Linux system on a specific network cable, to packet sniff or modify the network behaviour. The network setup:
[switch] - ethernet cable - [node]
becomes:
[switch] - ethernet cable - [[Linux Bridge]] - ethernet cable - [node]
The only requirement for the Linux Bridge is two physical network interfaces and root access. As root, setup the bridge with the commands below:
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
echo 1 > /proc/sys/net/ipv4/ip_forward
ifconfig eth0 up
ifconfig eth1 up
ifconfig br0 up
-
The Linux Bridge Interface (br0) does not require an IP address, and no configuration changes are required on the network.
Using tcpdump or wireshark on the Linux Bridge (br0), it is possible to monitor all network traffic going to or from the network node. Using tc and iptables network traffic may be manipulated to facilitate testing.
Feb 27
TomIPv6, Linux System Administration, Networking
When a site is reachable using both IPv4 and IPv6, Linux by default has a preference which is roughly:
- Native IPv6
- Native IPv4
- 6to4 tunnels
To change this preference, edit ‘/etc/gai.conf’
uncomment most of the labels:
label ::1/128 0
label ::/0 1
#label 2002::/16 2
label ::ffff:0:0/96 2
label fec0::/10 3
label fc00::/7 4
label 2001:0::/32 5
label ::/96 6
(note that 2002::/16 [6to4] is left commented out)
and have the precendence configured as:
precedence ::1/128 50
precedence ::/0 40
precedence 2002::/16 30
precedence ::/96 20
precedence ::ffff:0:0/96 10
#
# For sites which prefer IPv4 connections change the last line to
#
#precedence ::ffff:0:0/96 100
For these changes to have effect, restart the appropriate applications eg. Firefox.
Feb 13
TomLinux General, Networking
Often it is necessary for testing purposes to recreate the networking conditions found in a high latency network, such as a satellite link.
Firstly create a network bridge that can be placed inbetween the test network and its router.
To increase network latency use the following command:
tc qdisc add dev eth0 root netem delay 2000ms
which will delay every IP packet going through the bridge by 2 seconds.
To reset this delay and remove the 2 seconds of latency:
tc qdisc del dev eth0 root
Feb 13
TomIPv6, Linux System Administration, Networking
6to4 is a tunneling protocol for using IPv6 over an IPv4 connection, and it’s configuration on Linux is well described.
Note: this can only apply to interfaces which have a public IPv4 address
A 6to4 tunnel can be configured using the following shell script
#/bin/bash
# set the interface name
if=wlan0
# calculate the IPv6 address
ipv4=`/sbin/ifconfig $if | grep "inet addr" | sed -e 's/^. *inet addr://' | sed
-e 's/ .*$//'`
ipv4s=`echo $ipv4 | tr "." " "`
ipv6=`printf "2002:%02x%02x:%02x%02x::1" $ipv4s `
case "$1" in
start)
/sbin/ip tunnel add tun6to4 mode sit ttl 128 remote any local $ipv4
/sbin/ip link set dev tun6to4 up
/sbin/ip -6 addr add $ipv6/16 dev tun6to4
/sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1
# configure firewall
/sbin/ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/ip6tables -A INPUT -j DROP
;;
stop)
/sbin/ip -6 route flush dev tun6to4
/sbin/ip link set dev tun6to4 down
/sbin/ip tunnel del tun6to4
# clear firewall
/sbin/ip6tables -F INPUT
;;
*)
echo "usage: ipv6 {start|stop}"
exit 1
esac
exit 0
This will create a new interface ‘tun6to4′ which will be used for IPv6.
See here for link preference.
Feb 09
TomLinux General, Linux System Administration
When debugging bash scripts use:
set -o xtrace
to print out each line along with the regular output, as it is executed.
Older Entries Newer Entries
RSS