On 12/7/2019 9:51 PM, Bruce Dubbs via lfs-dev wrote:
On 12/7/19 9:11 PM, Joel Bion via lfs-dev wrote:
Hi -
This concerns adding static IPv6 support to Linux From Scratch.
I worked on this a bit a few years ago, but life got in the way, and
I paused all work on this, but over the Thanksgiving break, I
finished things up and and have things working. My LFS machine is now
working fine being a 'partially' statically-configured device.
"Partially" means the machine is still learning its MTU, Default
Gateway, etc. via the IPv6 router it is attached to using IPv6-RA.
The caveats and limitations are as follows:
1) Technically, it would be possible to make a machine that ONLY
speaks IPv6, but that doesn't interest me, so I didn't modify the
scripts to support that possibility.
2) I didn't add (let alone test) the ability to learn your IPv6
address dynamically via IPv6 RA. I assume 'static' addressing is wanted.
3) If someone has done their package and application configuration
work properly, (such as not using hard-coded addresses in
configurations), then there should be very little configuration
changes that would need to be made to make the vast majority of their
programs and packages work with IPv6. I am not including any
documentation on how to do this; that would be beyond LFS, and extend
into BLFS.
4) It's simple: a statically configured address that works with the
ifconfig.eth0 file, and with ifup and ifdown. It doesn't do anything
fancy - but it DOES allow for the configuration of the address and
"prefix" length, with auto-learning of other parameters, such as
default gateway.
5) I don't believe in teaching people what IPv6 is. If they are going
to use it, there's plenty available on the web to teach them.
I've modified a number of files to make this work:
/etc/resolv.conf - Shows example of using a Google IPv6 DNS resolver.
/etc/sysconfig/ifconfig.eth0 - Shows example of configuring both IPv4
& IPv6
/sbin/ifup & /sbin/ifdown - Obvious changes
/lib/services/ipv46-static - An extended form of ipv4-static, which
adds in support for IPv6
/etc/hosts - Added in IPv6 addresses
Here is a brief description of how, with these changed files, things
work:
Preparing:
1) created /lib/services/ipv46-static
2) edited /sbin/ifup to handle v6 gateway
3) edited /sbin/ifdown to fix a minor bug
Enabling IPv6:
1) edit /etc/sysctl.conf to enable ipv6, and also make it so an
address isn't learned with router discovery, making the one
statically configured be the only one learned:
net.ipv6.conf.eth0.disable_ipv6=0
net.ipv6.conf.eth0.autoconf=0
2) edit /etc/sysconfig/ifconfig.eth0 to use ipv46-static as the file.
3) remove "#" prefix from IP6 and PREFIX6 lines in
/etc/sysconfig/ifconfig.eth0 and set them appropriately.
4) For compatibility with some software (I've forgotten which!), also
specify NETWORKING_IPV6=yes in /etc/sysconfig/network.
5) Reboot. If upon reboot, you don't get proper IPv6 connectivity,
you may need to uncomment and set the GATEWAY6 value. If you do that,
reboot again.
6) Optional: Put IPv6 DNS server addresses in /etc/resolv.conf
Disabling IPv6:
1) edit /etc/sysctl.conf to disable ipv6 (turn on disabling, really).
For good measure, I also restore 'autoconf' to its default.
net.ipv6.conf.eth0.disable_ipv6=1
net.ipv6.conf.eth0.autoconf=1
2) edit /etc/sysconfig/ifconfig.eth0 to use ipv4-static
3) add "#" prefix to the start of the IP6 and PREFIX6 lines in
/etc/sysconfig/ifconfig.eth0
4) For compatibility with some software (I've forgotten which!), also
specify NETWORKING_IPV6=no in /etc/sysconfig/network.
5) If they exist, disable IPv6 DNS server addresses in /etc/resolv.conf
6) Remove any other IPv6-specific configuration you have for various
packages and applications (these should be VERY few in number!)
7) Reboot.
Monitoring IPv6:
1) Regular 'ipaddr' commands do not work. Use 'ip'. Examples:
ip address: returns list of interface addresses
ip route: returns IPv4 routing table
ip -6 route: returns IPv6 routing table
2) Sometimes firewalls from our ISP can be set with IPv6 filtering.
Since I use shorewall6, I disable the ISP firewall altogether.
MY BIG QUESTION IS: What is the easiest way to add this back into
LFS? Provide the changes and required edits to the pages to reference
this? Pull down a copy via SVN and make changes? There are a few
places that need editing to tell people about IPv6.
I do believe, it DOES make sense to have the 'stock' LFS show how
IPv6 can be enabled in an LFS system, and further, that this ability
be added as part of the 'core' setup (in LFS instead of BLFS, etc.)
This sounds interesting. The best way to start is to write a hint
that describes the process in detail. From that, we can determine the
best way to roll it into LFS. It doesn't have to be a formal hint
http://www.linuxfromscratch.org/hints/howtowrite.html
but you can do that if you want. The minimum I need is to have enough
info to set things up and test. Once that's done, inserting it into
the book will be relatively easy.
Replying to both here, so addressing both issues with the implementation
and how to add it to the book...
Step 1: Correct.
Step 2: While you can use a separate service for dual stack, it is my
opinion that /lib/services/ipv46-static is not really appropriate, just
handle the IPv6 configuration separately using an interface alias such
as /etc/sysconfig/ifconfig.eth0:0 and a separate
/lib/services/ipv6-static service. In fact, the following should
probably work for the service file:
sed -e 's@IPV4@IPV6@g' -e 'S@24@64@g' /lib/services/ipv4-static >
/lib/services/ipv6-static
For static v6, however, you still need to address the route, and I'd
suggest just adding a ROUTE_FLAGS variable to the configuration file
with a value of "-6". Set the value to "-4" by default in /sbin/ifup and
let it get overwritten if the config pulls in something different, then
you just add ${ROUTE_FLAGS} between 'ip' and 'route' in the gateway
setup code block in ifup. I can't see anything that needs to change in
ifdown. Give me a hint?
Step 3: No file is installed in LFS. We create the file in the book, so
just use the private range "fd00::2" for the interface IP and
"fe00::ffff" for the gateway in the example configuration in the book,
use 8 for the prefix length (fd - though 64 is most common for live
connections from ISPs). Also, why do we prefer Google over OpenDNS or
CloudFlare for public DNS servers?
Step 4: We do not use /etc/sysconfig/networking. This is for RedHat and
is not necessary. If some software package really does need it, that
package is broken. File a bug report with the maintainer. We can address
it in the wiki if important (but I doubt it being that I haven't run
across this issue in the past 8 years that I've had v6 internal off and on).
Step 5: Why? This works just fine despite vim's broken highlighting - I
need to fix that too. Can copy the expressions from the bind syntax
files and upstream.
Step 6: Again, this is not in LFS.
Step 7: /etc/rc.d/init.d/network stop && /etc/rc.d/init.d/network start
would work on a live system, but is not necessary in LFS, you are going
to reboot when done anyway.
Want to give the alias method a try and see if it works for you?
For me, it will take a bit of research into how to get ipv6 on to my
network. Right now I only have a single ipv4 address that is
multiplexed into a 192.168 network via masquerading. I'm pretty sure
my ISP also offers ipv6, but I don't know if a range of addresses is
offered or not. Then I will have to get my dd-wrt based router set up
properly. Only after that can I test things out.
-- Bruce
It's pretty easy to setup DD-WRT if you ISP has DHCPv6, however, on
DD-WRT tutorial for v6, it says it does not have ip6tables which hasn't
been true in a long time, just make sure you are up to date. You also
need to allow ICMP to your internal hosts - this is not just ping and
you aren't using NAT anymore, but actually routing again. :-) I have
been using IPv6 internally for some time, though I don't have it in
external DNS. I personally use stateless RA (so that I can assign an
internal DNS server and suffix search list), but it shouldn't be a big
deal to assign a static address to my LFS hosts for testing.
--DJ
--
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
