Groesbeek, view of the 'National Liberation Museum 1944-1945' in Groesbeek. © Ton Kersten
Fork me on GitHub
Archive for August 2010

Stupid web user

2010-08-30 (70) by Ton Kersten, tagged as ipv6

As blogged before I had my first IPv6 visitor, but of course the first IPv6 type that tried to enter my network could not be far of. Yep and there he/she is.

It's IP address 2002:4e6d:8112::1 and that does not resolve to something useful, yet, because it's a 6to4 network address.

Recalculating to an IPv4 address this gives me: 78.109.129.18 and digging that results in

; <<>> DiG 9.6.0-APPLE-P2 <<>> -x 78.109.129.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31228
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;18.129.109.78.in-addr.arpa.    IN  PTR

;; ANSWER SECTION:
18.129.109.78.in-addr.arpa. 3600 IN PTR 18.static.ppp.dianet.info.

;; AUTHORITY SECTION:
129.109.78.in-addr.arpa. 172799 IN  NS  ns3.netcorp.ru.
129.109.78.in-addr.arpa. 172799 IN  NS  ns1.netcorp.ru.

;; Query time: 694 msec
;; SERVER: 192.168.63.4#53(192.168.63.4)
;; WHEN: Mon Aug 30 21:06:50 2010
;; MSG SIZE  rcvd: 129</pre>

So: From Russia with love! smiley

This dude or dudette tried to connect to port 51777 (╬╝Torrent I guess) for a meager 21514 times. I would guess you should know there's nothing to get after couple of times (say 10). I do not run torrents and even if I did, you wouldn't get anything.

No more git RPM's

2010-08-30 (69) by Ton Kersten, tagged as git

I, for some time now, created RPM's for git. I will not do that anymore, because Dag Wieers RPMForge now has them and even up-to-date ones as well.

I also removed the git archive RPM's.

My first IPv6 webside visitor

2010-08-30 (68) by Ton Kersten, tagged as ipv6

Last night I had my first genuine visitor with IPv6. It seems it's a webcrawler from the Erlangen University in Germany.

The IPv6 address is 2001:638:a00:4f::83bc:4e1e and this results in

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33203
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;e.1.e.4.c.b.3.8.0.0.0.0.0.0.0.0.f.4.0.0.0.0.a.0.8.3.6.0.1.0.0.2.ip6.arpa. IN PTR
;; ANSWER SECTION:
e.1.e.4.c.b.3.8.0.0.0.0.0.0.0.0.f.4.0.0.0.0.a.0.8.3.6.0.1.0.0.2.ip6.arpa. 86291 IN PTR legolas.rrze.uni-erlangen.de.
;; AUTHORITY SECTION:
0.0.a.0.8.3.6.0.1.0.0.2.ip6.arpa. 86291 IN NS   faui45.informatik.uni-erlangen.de.
0.0.a.0.8.3.6.0.1.0.0.2.ip6.arpa. 86291 IN NS   ns.rrze.uni-erlangen.de.
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug 30 09:07:47 2010
;; MSG SIZE  rcvd: 181

To the Erlangen University: Congratulations!!

Also known as pa1ton

2010-08-25 (67) by Ton Kersten, tagged as ipv6

I've been running this blog for some time now and for the IPv6 certificate I needed this site to be IPv6 capable. Therefore I had to run my own nameserver and stuff like that and so I decided that it would be nice if you could reach me at http://pa1ton.nl as well.

Well, you can. Just click here.

Some URL's need some tweaking, but the first hurdles have been taken.

IPv6 certification level "Sage" reached

2010-08-24 (66) by Ton Kersten, tagged as ipv6

It took me some time and some tweaking of nameservers, webservers and mailservers, but I finally got it.

I got the Hurricane Electric IPv6 Certification nailed for the "Sage" level. This is the highest level, so only a simple test to go and a daily submission of some logs for maximum points. the maximum points you can get is 1500, so I'm well on my way.

As an extra HE gives you a nice, nerdy T-Shirt, stating that you are an IPv6 guru. I can't wait to put it on smiley

This is the certificate.

IPv6 Certification Badge for tonk

DNSSEC for tonkersten.com and pa1ton.nl

2010-08-23 (65) by Ton Kersten, tagged as dnssec

Last night (Aug. 22 2010 at 00:25:47) SIDN signed the Dutch .nl zone and made it public. This is, of course, reason for a party and calls for the signing of my own zones. Unfortunately it's not possible to use secure delegation, but that's something for the future.

I do have two domains up and running and I signed them both.

Read more »

Deploying IPv6

2010-08-16 (64) by Ton Kersten, tagged as ipv6

It took me some time, but now I have it up and running. My home network runs IPv6 and my server can be reached on an IPv6 address.

Unfortunately I don't have a native IPv6 address and my provider (UPC/Chello) will not supply one. So I had to use a tunnel broker. After experimenting a bit I got stuck on the tunnelbroker of Hurricane Electric.

My m0n0wall firewall supports the Tunnelbroker IPv6/IPv4 tunnels and after configuring some firewall rules everything is up and running.

Have to grab some screenshots and after that I'll post how I did it.

Compiling OpenSSL and OpenSSH

2010-08-12 (63) by Ton Kersten, tagged as sysadm

My server at home runs CentOS 5 and this has OpenSSH version 4.3. Running updates doesn't update this version, because RedHat keeps the version number stable.

But I wanted a newer OpenSSH because of some nice new features. But when I do compile a new version I'm still stuck with old OpenSSL, and that's not what I want.

Well, you can guess it by now, this is what I did.

Read more »

Back to m0n0wall

2010-08-10 (62) by Ton Kersten, tagged as sysadm

Some time ago I switch from m0n0wall to pfSense and I did like it a lot.

But a problem with PPTP tunneling made me think again. Was pfSense the way to go?

Well, it wasn't. When I was trying to get IPv6 up and running it turned out that pfSense doesn't support IPv6 out of the box. And m0n0wall does. There where some answers on the internet, but I was not willing to hack the pfSense box if that was not needed. And the pfSense website states that IPv6 support will come after the release of 2.0. I'm not going to hold my breath that long. And the PPTP tunneling problem can only be solved when you have a dual external IP address. My provider won't give me a static one, so two statics is completely out of the question.

So, here is what I did. I took my old firewall and installed m0n0wall (version 1.32, the latest stable) on it. After that I implemented all the firewall thingies I had in the pfSense box and put all the stuff in to make it work.

Then I switched firewalls to test it for a couple of days and see if everything works. And it did. So, I installed m0n0wall on the primary firewall and left it running for some time.

OK, time to implement IPv6, but that is a different story. When I have it completely up and running, you are the first to here it.

My new Internet connection

2010-08-02 (61) by Ton Kersten, tagged as sysadm

About a month or two ago I was contacted by my ISP asking if I would like a lot faster internet connection and a lower price. Well, you have to be nuts to deny such an offer, so I decided to comply.

About a week later the new internet modem showed up and I connected everything up.

Running speedtest made me very happy.

Speedtest

Not bad at all smiley