(三) IPv6作業系統與應用服務建置實習 (Linux)

1
IPv6(Linux)

2012 TWNIC
101
3 30
IPv6(Linux)
RHCE/RHCX/RHCI
NCLP/CNI
seansc.hu@xuite.net
2012 TWNIC
IPv6(Linux)
0900
1200
IPV6
1300
1600
2012 TWNIC
BIND DNS
Apache HTTPD
Postfix MTA
Dovecot MRA
Ip addr show
Ip route show
Ip -6 route show
Radvd
IP
IPv6 (Linux)
Linux (RHEL 6.2)

KVM
RHEL 6 IPv6
#lsmod | grep ipv6
2012 TWNIC
IPV6
2001:b02a:0079:1234:5678:9abc:def0:0002/64
NETWORK ID
| HOST ID
128 bit long
NO NAT !!
NO AUTOMATICALLY ASSIGN DEFAULT GATEWAY!!
2012 TWNIC
IPv6 Address Assignment

2001:b02a:0:aaaa:1234:5678:9abc:def0
Assigned by ISP:Subnet :Interface ID
/48 /64 /128

A subnet of 16 bit
2012 TWNIC
Please Remember
/64
2012 TWNIC
Unicast Address Type

Link Local Address
-- locally self-assigned address, not routable
Unique Local Address
-- locally assigned address , routable inside
your own environment,partner network, BUT
NOT GLOBALLY REACHABLE!
Global Unicast Address
-- Can be access by or to Global network.
2012 TWNIC
Link Local Address

FE80::/10
Not Routable
Auto Assigned
Required
The First Address a host to
have after boot up.
2012 TWNIC
Global Address
2000::/3
Globally Routable
Assigned By ISP
2012 TWNIC
Unique Local Address

FC00::/7
Internally Routable
--- like 10.0.0.0/8
Site Local address
2012 TWNIC
Get started on IPv6
Get a global /48 from ISP

2001:0db8:0000::/48
Pick a ULA /48
Fd00:1111:2222::/48
2012 TWNIC
1
3
IPv6
Dual
Stack
IPv6 ,
DHCPv6 IPv6 IP
IPv6
Tunnel
Broker
IPv4 , Tunnel
IPv6
Tunnel Broker Client
2012 TWNIC
Dual Stack IPv6
IPv4/IPv6---
IPv4/IPv6
IPv6
IPv6IPv4
2012 TWNIC
IP4 to IPv6 Tunneling
IPv6 ISP
2012 TWNIC
1
6
()
IPv6
IPv4
NO NAT
Protocol is not compatible
NOT interconnected
NOT to be Deployed As IPv4
By Design, NO Auto assign Default Gateway
Many thing to be discussed..
2012 TWNIC
How To Get A FREE IPv6 Subnet

----through Tunnel Broker
Hinet ADSL IP Hinet Tunnel Service
Hinet xDSL Dual StackIPv6
IP
http://ipv6day.tw/07connect.html
http://www.rd.ipv6.org.tw/?page_id=48
http://newsletter.ascc.sinica.edu.tw/news/read_news.php?nid=1884
**Seednet IP 1234567#
-----...
2012 TWNIC
2012 TWNIC
2012 TWNIC
2012 TWNIC
2012 TWNIC
2
3
IPv6

RA/DHCPv6 IP
Router Advertisement ,
, Router Advertisement
Router Solicitation IPv6
,
DHCPv6 IP
#sysctl -w net.ipv6.conf.all.forwarding = 1
/etc/sysctl.conf
2012 TWNIC
Router Advertisement Protocol

IPv6 Router
1.
2.Router
1.Router Solicitation Packet

---router .......
2.Router RSRA
2012 TWNIC
LINUXIPv6 /
2: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:14:22:5b:a4:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.1/24 brd 192.168.10.255 scope global eth2
inet 192.168.0.1/24 brd 192.168.0.255 scope global eth2:1
inet6 2001:b021:64:1::3/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::214:22ff:fe5b:a446/64 scope link
7: lc-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc
noqueue
link/sit 60.248.0.252 peer 210.65.1.26
inet6 2001:b02a:0:79::2/64 scope global
inet6 fe80::3cf8:fc/128 scope link
2012 TWNIC
radvdIPv6
#yum install radvd
#vim /etc/radvd.conf
#service radvd start
#chkconfig radvd on
2012 TWNIC
/etc/radvd.conf
interface eth0 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix 2001:0db8:0100:f101::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
2012 TWNIC
IPv6
# ip -6 addr show eth0
3: eth0: <BROADCAST,MULTICAST,UP>
mtu 1500 qdisc pfifo_fast qlen 100
inet6
2001:0db8:100:f101:2e0:12ff:fe34:1234/64
scope global dynamic
valid_lft 2591992sec preferred_lft
604792sec
inet6 fe80::2e0:12ff:fe34:1234/10 scope

link
2012 TWNIC
2
9
IPv6
Kame
IPv6 Ready Logo
http://www.ipv6ready.org/
IPv6
http://www.kame.net
http://interop.ipv6.org.tw/
IPv6 (HiNet)
http://ipv6.taco.hinet.net/taco_ipv6/index.jsp
2012 TWNIC
3
0
LINUX IPV6
2012 TWNIC
3
1
IPv6 on Linux
Linux Kernel 2.1.8 IPv6

Linux Kernel 2.6.x IPv6
2008121Linux
Foundation(Linux)IPv6Linux
Distribution()
()
Distribution
IPv6 RHEL/CentOS
6.x
2012 TWNIC
3
2
IPv6 on Linux
IPv6
2012 TWNIC
3
3
IPv6 on Linux
# ip addr show
root@lucy-desktop:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:48:54:57:34:be brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global eth31
inet6 fe80::248:54ff:fe57:34be/64 scope link
2012 TWNIC
Does My Linux System Support IPv6?
$ cat /proc/net/if_inet6
000000000000000000000000000000 01
01 80 10 80
lo
fe80000000000000020b6afffeef7e 8d 02 40
20 80 eth0
ipv6 crash course
2012 TWNIC
IPv6
/etc/sysconfig/network-scripts/
ifcfg-eth*
#service network restart
OR Use NetworkManager GUI
#service NetworkManager start
#chkconfig NetworkManager on
2012 TWNIC
3
6
Linux Ping()
/etc/sysconfig/network-scripts/ifcfg-eth0
#vim /etc/sysconfig/network-scripts/ifcfg-eth0
2012 TWNIC
3
7
Linux Ping()
Host1
ifconfigHost1IPv6
IPv6IPv6
2012 TWNIC
3
8
Linux Ping()
IPv6
IPv6
2012 TWNIC
Check Kernel Route Table
#ip route show

#ip route add default via 192.168.0.254
#ip -6 route show
#ip -6 route add default via 2001:b0a1::2
Default gateway of Global IPv6 address
has to be set MANUALLY.
RA did not provide Global address as
default Gateway.
2012 TWNIC
4
0
Linux Ping()
network
/etc/init.d/network restart
ip aeth0Host1
2012 TWNIC
4
1
Linux Ping()
Host2
2012 TWNIC
4
2
Linux Ping()
network
ip aeth0Host2
2012 TWNIC
4
3
Linux Ping()
#vim /etc/sysconfig/network-scripts/ifcfg-eth0
IPv6
IPv6
2012 TWNIC
Find out if you have IPv6 neighbors on your LAN?
$ ping6 -c4 -I eth0 ff02::1
PING FF02:0:0:0:0:0:0:1(ff02::1) from

fe80::20d:b9ff:fe05:25b4 eth0: 56 data
bytes
64 bytes from fe80::20d:b9ff:fe05:25b4:
icmp_seq=1 ttl=64 time=0.301 ms
64 bytes from fe80::20b:6aff:feef:7e8d:
icmp_seq=1 ttl=64 time=3.69 ms (DUP!)
64 bytes from fe80::221:97ff:feed:ef01:

icmp_seq=1 ttl=64 time=8.91 ms (DUP!)
2012 TWNIC
Show the MAC of your neighbor
$ ip -6 neigh show
fe80::221:97ff:feed:ef01 dev eth0 lladdr

00:21:97:ed:ef:01 nud reachable
fe80::20b:6aff:feef:7e8d dev eth0 lladdr
00:0b:6a:ef:7e:8d nud reachable
Here, nud reachable means the network
unreachability detection status is reachable; the
node(s) have been contacted and cached in the
neighbor table. The neighbor table is temporary and
2012 TWNIC
entries disappear in a few minutes when there is no
/etc/hosts
fe80::20b:6aff:feef:7e8d fatfreddy
fe80::221:97ff:feed:ef01 phineas
fe80::3f1:4baf:a7dd:ba4f franklin
ping6 -I eth0 phineas
2012 TWNIC
Trick to Use SSH and SCP
scp in IPv4
scp filename user@remotehost:/home/username/directory/
Scp in IPv6
$ scp test.txt phineas@\[fe80::221:97ff:feed:ef01%eth0\]:
phineas@fe80::221:97ff:feed: ef01%eth0's password:

test.txt 100% 19
0.0KB/s 00:00
ssh in IPv6
ssh phineas@fe80::221:97ff:feed:ef01%eth0
2012 TWNIC
4
8
Chapter 02
DNS SERVER (BIND)
2012 TWNIC
4
9

Bind
Bind
Bind IPv6

Bind
2012 TWNIC
5
0
Bind
DNS Server
IPv6
CentOS DNS Server
IPv6
Bind
2012 TWNIC
5
1
IPv6 DNS Server: CentOS 6.x

IPv6 Host: Windows XP/7
SwitchD-Link DES-1005D
2012 TWNIC
5
2
Bind

yum Bind
#yum install bind system-config-bind bind-chroot
2012 TWNIC
5
3
Bind
/var/named/chroot/
bind-chroot bind
/var/named/chroot
system-config-bind bind
/usr/share/system-config-bind/profiles/default
1./var/named/chroot /etc/named.conf
2./var/named/chroot/var/named
yum
#yum install bind bind-chroot
2012 TWNIC
5
4
Bind
2.
/usr/share/system-config-bind/profiles/default/named
(zone)
# cd /usr/share/system-config-bind/profiles/default/named
# cp *.* /var/named/chroot/var/named/
2012 TWNIC
5
5
Bind
3. named.root
/usr/share/doc/bind-9.3.4/sample/var/named named.root
/var/named/chroot/var/named/
# cd /usr/share/doc/bind-9.3.4/sample/var/named
# cp named.root /var/named/chroot/var/named/
bind
/etc/init.d/named start
2012 TWNIC
5
6
Bind

AAAA
IPv4 -> A
IPv6 -> AAAA

2012 TWNIC
5
7
Bind IPv6
netstat
Bind IPv4
IPv6 53 port
#netstat -antlp | grep ':53'
IPv4 IPv6
v6 port
/var/named/chroot/etc/named.conf options Bind
listen-on-v6 { any; };
2012 TWNIC
5
8
Bind IPv6
DNS
2012 TWNIC
5
9
Bind IPv6

2012 TWNIC
6
0
Chapter 03
MAIL SERVER(POSTFIX)
2012 TWNIC
6
1

Postfix
Postfix

Postfix IPv6

Postfix
2012 TWNIC
6
2
Postfix
Unix-like Sendmail
Mail Server
Postfix
Sendmail
Mail Server
Postfix IPv6
Mail Server
2012 TWNIC
6
3
IPv6 Mail Server: CentOS 6.x

IPv6 Host: Windows XP
2012 TWNIC
6
4
Postfix
yumPostfix
#yum install postfix
SendmailPostfix
#yum remove sendmail
2012 TWNIC
6
5
Postfix
2012 TWNIC
6
6
Postfix
/etc/postfix/main.cf

#vim /etc/postfix/main.cf
#inet_interfacesall #
inet_interfaces=localhost
inet_protocols=all IPv4IPv6

2012 TWNIC
6
7
Postfix
2012 TWNIC
6
8
Postfix
Postfix
#/etc/init.d/postfix start
2012 TWNIC
6
9
Postfix
dovecot POP3
# yum install dovecot
dovecot.conf
# vim /etc/dovecot/dovecot.conf
Protocols = pop3 imap lmtp
#listen = *, ::
login_trusted_network = 192.168.0.0/24, 127.0.0.0/8,
2001:abcd::/64
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
#service dovecot start

#chkconfig dovecot on
2012 TWNIC
7
0
Postfix
dovecot
#/etc/init.d/dovecot start
2012 TWNIC
7
1
Microsoft Mail
2012 TWNIC
7
2
Postfix IPv6
netstat
postfix IPv4
IPv6
#netstat -tlunp | grep :25
IPv4 IPv6
2012 TWNIC
7
3
Postfix IPv6
Microsoft
Mail ,
2012 TWNIC
7
4
2012 TWNIC
7
5
Chapter 04
WEB SERVER (APACHE)
2012 TWNIC
7
6

Apache Server
Apache Server
IPv6 Web Server

Apache
2012 TWNIC
7
7
Apache
Unix-like OS Web
Server Apache2
IPv6/IPv4 Dual Stack CentOS6.x
Apache 2.2.X
IPv6 Web Server
Apache
2012 TWNIC
7
8
IPv6 Web Server: CentOS 6.x

Browser: Internet Explorer 8.0
2012 TWNIC
7
9
Apache Server
yumApache
#yum install httpd
2012 TWNIC
8
0
Apache Server
2012 TWNIC
8
1
Apache Server
/etc/httpd/conf/httpd.conf
Apache
IPv4/IPv6
2012 TWNIC
8
2
IPv6 Web Server

Server: fe80::a00:27ff:fe84:a767
Host: fe80::21b:fcff:fec0:8e97
Host
ipconfig%11
2012 TWNIC
8
3
IPv6 Web Server

IPv6Server
2012 TWNIC
8
4
Chapter 05
FTP SERVER(VSFTPD)
2012 TWNIC
8
5

vsftpd Server
vsftpd Server
FTP
IPv6 FTP Server

vsftpd
2012 TWNIC
8
6
vsftpd
vsftpd
Very Secure FTP Daemon

FTP Server

FTP Server
IPv6 FTP Server
2012 TWNIC
8
7
IPv6 FTP Server: CentOS 6.x

2012 TWNIC
8
8
vsftpd Server
yumvsftpd
#yum install vsftpd
2012 TWNIC
8
9
vsftpd Server

2012 TWNIC
9
0
vsftpd Server
/etc/vsftpd/vsftpd.conf

#vim /etc/vsftpd/vsftpd.conf
2012 TWNIC
9
1
vsftpd Server

listen=YES #listen_ipv6=YES
2012 TWNIC
9
2
vsftpd Server
vsftpd
#/etc/init.d/vsftpd restart
2012 TWNIC
9
3
FTP

userftpuser
#adduser ftpuser
x()
#chmod u+x /home/ftpuser
2012 TWNIC
9
4
FTP

ls al
drw------- drwx------
2012 TWNIC
9
5
IPv6 FTP Server

XP ftp Server
port 21
IPv6FTP
Server
2012 TWNIC
9
6
2012 TWNIC
Squid proxy with IPv6
/etc/squid/squid.conf
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10
acl in_ipv6 src ipv6
http_access allow localnet
http_access allow localhost
http://logicmd.net/2010/12/centos-setup-squid-over-ipv6/
http_access allow in_ipv6
2012 TWNIC
9
8
Chapter 06
DHCPV6 SERVER (DIBBLER)
2012 TWNIC
9
9

Dibbler Server
Dibbler Client (Windows)
Dibbler Client (Linux)

Dibbler
2012 TWNIC
1
0
0
Dibbler
Dibbler DHCPv6 Server
LinuxWindowsXPWindows2003
Client Dibbler Client
Dibbler Server
CentOS5.x Dibbler Server

Windows XPLinux Dibbler Client
DHCPv6IP
2012 TWNIC
1
0
1
IPv6 DHCP Server: CentOS 6.x

2012 TWNIC
1
0
2
Dibbler Server

Dibbler CentOS
yum Dibbler
#wget http://klub.com.pl/dhcpv6/dibbler/dibbler-0.7.3-src.tar.gz
2012 TWNIC
1
0
3
Dibbler Server
tar
#tar zxvf dibbler-0.7.3-src.tar.gz
2012 TWNIC
1
0
4
Dibbler Server
lsdibbler0.7.3
#ls
#cd dibbler-0.7.3
#ls
2012 TWNIC
1
0
5
Dibbler Server
dibbler-0.7.3Makefile
make make install
2012 TWNIC
1
0
6
Dibbler Server
Dibbler
#make
g++(gcc-c++)
yum
#yum install gcc-c++
2012 TWNIC
1
0
7
Dibbler Server
g++(gcc-c++)
2012 TWNIC
1
0
8
Dibbler Server
make
#make
2012 TWNIC
1
0
9
Dibbler Server
Makemake install
#make install
2012 TWNIC
1
1
0
Dibbler Server
2012 TWNIC
1
1
1
Dibbler Server
Dibbler-Server
/etc/dibbler/server.conf
#vim /etc/dibbler/server.conf
2012 TWNIC
1
1
2
Dibbler Server
T1T2 : Client
prefered-lifetime
vaild-lifetime
pool
2012 TWNIC
1
1
3
Dibbler Server
class { pool 2000:00/64 }
2012 TWNIC
1
1
4
Dibbler Server
FQDNNTPMIS
2012 TWNIC
1
1
5
Dibbler Server

dibbler-server
#dibbler-server start
netstat dibbler
#netstat -anutl | grep ::
port 547 dibbler-server
2012 TWNIC
1
1
6
Windows XP
DHCPv6 Client DHCPv6 Server
IPv6 Address
Windows
Dibbler-Client
http://klub.com.pl/dhcpv6/#DOWNLOAD
0.72
2012 TWNIC
1
1
7

2012 TWNIC
1
1
8
DHCPv6 client
2012 TWNIC
1
1
9
2012 TWNIC
1
2
0

Dibbler
Client
> > Dibbler > Client Run in the console >

Client Edit config file
#inactive-mode Dibbler-Client
interface (interface)
2012 TWNIC
1
2
1
2012 TWNIC
1
2
2

Dibbler-Client
> > Dibbler > Client Run in the console
2000::9435:4306:5eae:c7ab
2012 TWNIC
1
2
3

ipconfig
2000::9435:4306:5eae:c7ab
2012 TWNIC
1
2
4
Dibbler Client(Windows)
Dibbler-Client
> > Dibbler > Client Install as

service

2012 TWNIC
1
2
5

Dibbler-Client Dibbler
Client
Linux
/etc/dibbler/client.conf
Dibbler-Client
ifconfig eth0
ifconfig eth0
2012 TWNIC
1
2
6

dibbler-client
#dibbler-client start
eth0Server
#ifconfig eth0
2012 TWNIC
1
2
7
Chapter 07
FIREWALL(IP6TABLES)
2012 TWNIC
1
2
8
iptablesip6tables

ipv6 web

iptables/ip6tables
2012 TWNIC
1
2
9
iptablesip6tables
Kernel 2.4 iptables Linux
NAT(Network Address
Translation)
IP
IPv6 ip6tables
ip6tables iptables ip6tables

IPv6 Address/Prefix
iptables
iptables ip6tables
2012 TWNIC
1
3
0
IPv6 Server with Firewall : CentOS 6.x

2012 TWNIC
1
3
1
iptables/ip6tables

#ip6tables -L
ACCEPT
2012 TWNIC
1
3
2
iptables/ip6tables
v6v4
#ip6tables -F
#ip6tables X
#ip6tables Z
#iptables F
#iptables X
#iptables -Z
2012 TWNIC
1
3
4
iptables/ip6tables
v6
#ip6tables -L
v4
#iptables -L
2012 TWNIC
1
3
5
ipv6 web
IPv4IPv6
IPv6
IPv4 IPv6
2012 TWNIC
1
3
6
ipv6 web
ip6tables
#ip6tables -A INPUT -i eth0 -p tcp --dport 80 -j DROP

-A
INPUT chain
-i
-p
--dport port
-j
2012 TWNIC
1
3
7
ipv6 web
IEIPv4IPv6
IPv4
2012 TWNIC
1
3
8
ipv6 web
IPv6
2012 TWNIC
1
3
9
!!
~
2012 TWNIC

(三) IPv6作業系統與應用服務建置實習 (Linux)

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

(三) IPv6作業系統與應用服務建置實習 (Linux)

Diunggah oleh

Hak Cipta:

Format Tersedia

1

Linux (RHEL 6.2)

128 bit long

IPv6 Address Assignment

Assigned by ISP:Subnet :Interface ID

/48 /64 /128

Unicast Address Type

Link Local Address

Unique Local Address

Get started on IPv6

Get a global /48 from ISP

Dual Stack IPv6

IP4 to IPv6 Tunneling

How To Get A FREE IPv6 Subnet

Router Advertisement Protocol

1.Router Solicitation Packet

inet6 fe80::2e0:12ff:fe34:1234/10 scope

IPv6 Ready Logo

Linux Kernel 2.1.8 IPv6

Does My Linux System Support IPv6?

ipv6 crash course

Check Kernel Route Table

#ip route show

Find out if you have IPv6 neighbors on your LAN?

$ ping6 -c4 -I eth0 ff02::1

PING FF02:0:0:0:0:0:0:1(ff02::1) from

64 bytes from fe80::221:97ff:feed:ef01:

Show the MAC of your neighbor

fe80::221:97ff:feed:ef01 dev eth0 lladdr

ping6 -I eth0 phineas

Trick to Use SSH and SCP

phineas@fe80::221:97ff:feed: ef01%eth0's password:

DNS SERVER (BIND)

IPv6 DNS Server: CentOS 6.x

#yum install bind system-config-bind bind-chroot

IPv6 Mail Server: CentOS 6.x

#yum install postfix

#yum remove sendmail

#service dovecot start

WEB SERVER (APACHE)

IPv6 Web Server: CentOS 6.x

#yum install httpd

IPv6 Web Server

IPv6 Web Server

Very Secure FTP Daemon

IPv6 FTP Server: CentOS 6.x

#yum install vsftpd

#chmod u+x /home/ftpuser

IPv6 FTP Server

Squid proxy with IPv6

acl localnet src 192.168.0.0/16

acl localnet src fc00::/7

acl localnet src fe80::/10

acl in_ipv6 src ipv6

http_access allow localnet

http_access allow localhost

http_access allow in_ipv6

DHCPV6 SERVER (DIBBLER)

CentOS5.x Dibbler Server

IPv6 DHCP Server: CentOS 6.x

#tar zxvf dibbler-0.7.3-src.tar.gz

class { pool 2000:00/64 }

#netstat -anutl | grep ::