Hi -
How you want to incorporate IPv6 into LFS is your choice, of course - my
goal was to provide a 'nudge' to actually incorporating it, as I think
it needs to be included. For example, I agree that the
/etc/sysconfig/network file is annoying and can be easily ignored. If
someone runs into that need (which is highly unlikely) they can deal
with it. I also agree that no specific DNS provider should be mentioned
in any reference to resolv.conf - my note I emailed indicated what I, in
particular, did. I also agree that, as far as LFS is concerned, reboots
are not generally needed. However, again my notes indicated what I did -
and I run many, many applications not covered in LFS (some not even
covered in BLFS) and they need to be either refreshed/reloaded, or
outright stopped then restarted, when the network configuration changes
(this is a deficiency in them.) It's just *simpler* to reboot.
Having said that, I admit to confusion as to the suggestion to use an
interface alias for the IPv6 configuration, because the concept no
longer exists in iproute2. Interface aliases are a concept from
net-tools, last updated (outside of BSD) in 2011, and the new Linux
package, iproute2 (which is what LFS uses) doesn't provide such
functionality, because it natively allows multiple addresses on a single
interface, without needing the interface alias concept. In fact,
supporting IPv6 requires this. (Yes, ipconfig is still used in BSD - but
not Linux.)
So, the creation of 'ipv46-static' followed from a chain of
requirements. There could definitely be a flaw in the chain of reasoning
shown below, but I don't see that.
a) We use iproute2, not net-tools.
b) iproute2 doesn't have interface aliases - and the use of 'labels' to
try to 'feel like it' is a very ugly concept and doesn't mesh well with
the needs of /sbin/if[up,down] etc.
c) the network configuration model of LFS is a directory of
per-interface files named "ifconfig.<interfacename>' that are referenced
by the 'network' script in /etc/init.d
d) (b) and (c) combine to make it necessary that all of an interface's
network configuration be in one file, such as ifconfig.eth0
e) The "networks" script used by 'ifup' and 'ifdown' reference a
*single* service script.
f) (d) and (e) combine to require a script combining both IPv4&IPv6 -
ipv46-static.
I'll add one other reason: Some other packages that reference netfilter
The reason for changes in "/sbin/ifdown" can now be understood:
/sbin/ifdown will bring the interface *down* if no
non-local/non-link-local addresses exist on it after at the end of
running the "service" script. I did this because this (in my mind) most
approximates what a user would want to see if they type "ifdown eth0"
I hope this note better explains why I created ipv46-static.
-Joel
On 2019-12-08 15:11, DJ Lucas via lfs-dev wrote:
On 12/7/2019 9:51 PM, Bruce Dubbs via lfs-dev wrote:
On 12/7/19 9:11 PM, Joel Bion via lfs-dev wrote:
Hi -
This concerns adding static IPv6 support to Linux From Scratch.
I worked on this a bit a few years ago, but life got in the way, and
I paused all work on this, but over the Thanksgiving break, I
finished things up and and have things working. My LFS machine is now
working fine being a 'partially' statically-configured device.
"Partially" means the machine is still learning its MTU, Default
Gateway, etc. via the IPv6 router it is attached to using IPv6-RA.
The caveats and limitations are as follows:
1) Technically, it would be possible to make a machine that ONLY
speaks IPv6, but that doesn't interest me, so I didn't modify the
scripts to support that possibility.
2) I didn't add (let alone test) the ability to learn your IPv6
address dynamically via IPv6 RA. I assume 'static' addressing is
wanted.
3) If someone has done their package and application configuration
work properly, (such as not using hard-coded addresses in
configurations), then there should be very little configuration
changes that would need to be made to make the vast majority of their
programs and packages work with IPv6. I am not including any
documentation on how to do this; that would be beyond LFS, and extend
into BLFS.
4) It's simple: a statically configured address that works with the
ifconfig.eth0 file, and with ifup and ifdown. It doesn't do anything
fancy - but it DOES allow for the configuration of the address and
"prefix" length, with auto-learning of other parameters, such as
default gateway.
5) I don't believe in teaching people what IPv6 is. If they are going
to use it, there's plenty available on the web to teach them.
I've modified a number of files to make this work:
/etc/resolv.conf - Shows example of using a Google IPv6 DNS resolver.
/etc/sysconfig/ifconfig.eth0 - Shows example of configuring both IPv4
& IPv6
/sbin/ifup & /sbin/ifdown - Obvious changes
/lib/services/ipv46-static - An extended form of ipv4-static, which
adds in support for IPv6
/etc/hosts - Added in IPv6 addresses
Here is a brief description of how, with these changed files, things
work:
Preparing:
1) created /lib/services/ipv46-static
2) edited /sbin/ifup to handle v6 gateway
3) edited /sbin/ifdown to fix a minor bug
Enabling IPv6:
1) edit /etc/sysctl.conf to enable ipv6, and also make it so an
address isn't learned with router discovery, making the one
statically configured be the only one learned:
net.ipv6.conf.eth0.disable_ipv6=0
net.ipv6.conf.eth0.autoconf=0
2) edit /etc/sysconfig/ifconfig.eth0 to use ipv46-static as the file.
3) remove "#" prefix from IP6 and PREFIX6 lines in
/etc/sysconfig/ifconfig.eth0 and set them appropriately.
4) For compatibility with some software (I've forgotten which!), also
specify NETWORKING_IPV6=yes in /etc/sysconfig/network.
5) Reboot. If upon reboot, you don't get proper IPv6 connectivity,
you may need to uncomment and set the GATEWAY6 value. If you do that,
reboot again.
6) Optional: Put IPv6 DNS server addresses in /etc/resolv.conf
Disabling IPv6:
1) edit /etc/sysctl.conf to disable ipv6 (turn on disabling, really).
For good measure, I also restore 'autoconf' to its default.
net.ipv6.conf.eth0.disable_ipv6=1
net.ipv6.conf.eth0.autoconf=1
2) edit /etc/sysconfig/ifconfig.eth0 to use ipv4-static
3) add "#" prefix to the start of the IP6 and PREFIX6 lines in
/etc/sysconfig/ifconfig.eth0
4) For compatibility with some software (I've forgotten which!), also
specify NETWORKING_IPV6=no in /etc/sysconfig/network.
5) If they exist, disable IPv6 DNS server addresses in
/etc/resolv.conf
6) Remove any other IPv6-specific configuration you have for various
packages and applications (these should be VERY few in number!)
7) Reboot.
Monitoring IPv6:
1) Regular 'ipaddr' commands do not work. Use 'ip'. Examples:
ip address: returns list of interface addresses
ip route: returns IPv4 routing table
ip -6 route: returns IPv6 routing table
2) Sometimes firewalls from our ISP can be set with IPv6 filtering.
Since I use shorewall6, I disable the ISP firewall altogether.
MY BIG QUESTION IS: What is the easiest way to add this back into
LFS? Provide the changes and required edits to the pages to reference
this? Pull down a copy via SVN and make changes? There are a few
places that need editing to tell people about IPv6.
I do believe, it DOES make sense to have the 'stock' LFS show how
IPv6 can be enabled in an LFS system, and further, that this ability
be added as part of the 'core' setup (in LFS instead of BLFS, etc.)
This sounds interesting. The best way to start is to write a hint
that describes the process in detail. From that, we can determine the
best way to roll it into LFS. It doesn't have to be a formal hint
http://www.linuxfromscratch.org/hints/howtowrite.html
but you can do that if you want. The minimum I need is to have enough
info to set things up and test. Once that's done, inserting it into
the book will be relatively easy.
Replying to both here, so addressing both issues with the
implementation and how to add it to the book...
Step 1: Correct.
Step 2: While you can use a separate service for dual stack, it is my
opinion that /lib/services/ipv46-static is not really appropriate,
just handle the IPv6 configuration separately using an interface alias
such as /etc/sysconfig/ifconfig.eth0:0 and a separate
/lib/services/ipv6-static service. In fact, the following should
probably work for the service file:
sed -e 's@IPV4@IPV6@g' -e 'S@24@64@g' /lib/services/ipv4-static >
/lib/services/ipv6-static
For static v6, however, you still need to address the route, and I'd
suggest just adding a ROUTE_FLAGS variable to the configuration file
with a value of "-6". Set the value to "-4" by default in /sbin/ifup
and let it get overwritten if the config pulls in something different,
then you just add ${ROUTE_FLAGS} between 'ip' and 'route' in the
gateway setup code block in ifup. I can't see anything that needs to
change in ifdown. Give me a hint?
Step 3: No file is installed in LFS. We create the file in the book,
so just use the private range "fd00::2" for the interface IP and
"fe00::ffff" for the gateway in the example configuration in the book,
use 8 for the prefix length (fd - though 64 is most common for live
connections from ISPs). Also, why do we prefer Google over OpenDNS or
CloudFlare for public DNS servers?
Step 4: We do not use /etc/sysconfig/networking. This is for RedHat
and is not necessary. If some software package really does need it,
that package is broken. File a bug report with the maintainer. We can
address it in the wiki if important (but I doubt it being that I
haven't run across this issue in the past 8 years that I've had v6
internal off and on).
Step 5: Why? This works just fine despite vim's broken highlighting -
I need to fix that too. Can copy the expressions from the bind syntax
files and upstream.
Step 6: Again, this is not in LFS.
Step 7: /etc/rc.d/init.d/network stop && /etc/rc.d/init.d/network
start would work on a live system, but is not necessary in LFS, you
are going to reboot when done anyway.
Want to give the alias method a try and see if it works for you?
For me, it will take a bit of research into how to get ipv6 on to my
network. Right now I only have a single ipv4 address that is
multiplexed into a 192.168 network via masquerading. I'm pretty sure
my ISP also offers ipv6, but I don't know if a range of addresses is
offered or not. Then I will have to get my dd-wrt based router set up
properly. Only after that can I test things out.
-- Bruce
It's pretty easy to setup DD-WRT if you ISP has DHCPv6, however, on
DD-WRT tutorial for v6, it says it does not have ip6tables which
hasn't been true in a long time, just make sure you are up to date.
You also need to allow ICMP to your internal hosts - this is not just
ping and you aren't using NAT anymore, but actually routing again. :-)
I have been using IPv6 internally for some time, though I don't have
it in external DNS. I personally use stateless RA (so that I can
assign an internal DNS server and suffix search list), but it
shouldn't be a big deal to assign a static address to my LFS hosts for
testing.
--DJ
--
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
