How to make dhclient give the current hostname to the dhcp server automatically on Debian Squeeze
I recently started working on generating a headless squeeze and wheezy image forthe Efika MX smart top Similar to my headless maverick image.
I ran into a problem though: dhclient does not send the machine's hostname by default. Even worse on Squeeze dhclient has no config directive that will use the systems current hostname.
Thankfully testing and unstable use a version of dhclient that has the gethostname() function implemented. in order to use this feature on wheezy/sid just add send host-name = gethostname(); to the /etc/dhcp/dhclient.conf file.
If you want to do the same thing in Squeeze please read on
In order to make things work on squeeze I made the following hook
#!/bin//sh
HOSTNAME=`/bin/hostname`
export HOSTNAME
rm -f /etc/dhcp/dhclient.tmp
echo "cat >/etc/dhcp/dhclient.conf <<EOF" >/etc/dhcp/dhclient.tmp
cat /etc/dhcp/dhclient.conf.template >>/etc/dhcp/dhclient.tmp
echo EOF >>/etc/dhcp/dhclient.tmp
sh /etc/dhcp/dhclient.tmp >/etc/dhcp/dhclient.conf
In order to use that hook you will want to move dhclient.conf to dhclient.conf.template and then add a line that looks like send host-name "$HOSTNAME"; to that file.
Once that is done just add the hook listed above as a file called update inside of /etc/dhcp/dhclient-enter-hooks.d/ and it should start sending out your configured hostname in all dhcp lease requests from now on.
[/debian] permanent link RSS feed
An update to the ip6tables rules
I recently found out that I was screwing up outbound IPv6 connections from the gateway host itself. Also I was jsut dropping packets instead of sending a reset back for closed ports. This new rules6 file should fix that.
The changed bits are in bold
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
#INPUT Chain
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i he-ipv6 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -m rt --rt-type 0 -j DROP
-A INPUT -s fe80::/10 -j ACCEPT
-A INPUT -s <Put your ULA here or just delete this part>/64 -j ACCEPT
-A INPUT -d ff00::/8 -j ACCEPT
-A INPUT -j REJECT
##Put all rules here for opening services on the firewall itself rather than
##for other hosts on the internal network.
#Allow Web requests for HE.net certification tests.
#-A INPUT -d 2001:DB8:4242:93:: -i he-ipv6 -p tcp -m tcp --dport 80 -j ACCEPT
#All firewall/routing stuff goes here
#Don't use these rules to open ports on the local machine!
-A FORWARD -p ipv6-icmp -j ACCEPT
#Reject source routing.
-A FORWARD -m rt --rt-type 0 -j DROP
#Next two lines allow stateful filtering for anything thats started from inside our network
-A FORWARD -s 2001:DB8:4242:93::/64 -i eth1 -o he-ipv6 -m state --state NEW -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
#I don't think this one is needed
#-A FORWARD -i eth1 -o he-ipv6 -p icmpv6 -j ACCEPT
#Add anything here you want to allow through to various ports
#-A FORWARD -d 2001:DB8:4242:93::/64 -i he-ipv6 -p tcp -m tcp --dport 22 -j ACCEPT
#-A FORWARD -d 2001:DB8:4242:93::/64 -i he-ipv6 -p tcp -m tcp --dport 33600:33604 -j ACCEPT
#Log all dropped packets.
-A FORWARD -j LOG
-A FORWARD -j REJECT
#Output chain
-A OUTPUT -p ipv6-icmp -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o he-ipv6 -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
-A OUTPUT -m rt --rt-type 0 -j DROP
-A OUTPUT -s fe80::/10 -j ACCEPT
-A OUTPUT -s <Put your ULA here or just delete this part>/64 -j ACCEPT
-A OUTPUT -d ff00::/8 -j ACCEPT
COMMIT
[/debian/ipv6] permanent link RSS feed
Quick update on my last blog post.
I just got done adding some minor changes to the last post on setting up IPv6 onm your LAN.
I also discovered today that using multicast DNS to look up link-local IPv6 addresses is broken on Linux because libnss-mdns does not implement the correct NSS callbacks needed to give a scope ID back for a link local IPv6 address.
See: http://www.avahi.org/ticket/174 and http://ensiwiki.ensimag.fr/index.php/Fixing_nss-mdns_for_IPv6_linklocal_scoped_addresses for details.
In the mean time I would recommend setting up radvd to set up a unique local address prefix, even if you don't connect out to the IPv6 internet. It's not a big deal since nearly everyone (including myself) uses IPv4 on their lan anyway but if you are testing a V6 only LAN and want it to be fully zero-conf capable this is a bit of a problem.
I've looked at glibc and the two URLs up above and I might see about making a patch for libnss-mdns and sending it in to the libnss-mdns maintainers. I don't know when I will have time for this though. This already works on MacOS X and FreeBSD (at least as far as I could find out researching this problem)
One of the edits I made to my origanal post is changing radvd.conf to advertise the unique local address prefix with an infinite lifetime. This will have the effect of causing (at least as far as I've been able to test on linux anyway) The ULA address to be the primary address on each computer's interface, and also ensuring that the ULA will never expire even if the v6 router goes down. This should cause all zeroconf .local addresses to resolve to the ULA address and keep the ULA addresses more reliable than the global prefix. (which will expire and dissapear off the interfaces after it hasn't been advertised in a while)
[/debian/ipv6] permanent link RSS feed
Setting up IPV6 on your LAN with Debian squeeze
I've been experimenting with IPv6 recently since ARIN has run out of IPv4 addresses and the RIRs will likely run out of their addresses rather soon.
I've made it my new years resolution to get my local network and my web/email services up and running on IPv6 by the end of the year. In order to get IPv6 connectivity up and also learn about IPv6 at the same time I've taken advantage of Hurricane Electric's free IPv6 certification program and tunnel broker service.
This blog is a short guide to setting up IPv6 on your own LAN using a Debian box as a router. (It should work on just about any Linux box out there)
All of the addresses shown here are RFC3849 addresses that are meant for documentation only. Please use the actual addresses assigned to you, or in the case of the ULA address (should you decide to use a ULA at all) go use the tool at http://www.sixxs.net/tools/grh/ula/ to generate your own.
If you are running Linux or a version of windows > XP you are already running IPV6 with a link local address space out of the box.
You still might want to install a couple of useful services though.
If you don't already have avahi-daemon installed go ahead and install it with apt-get install avahi-daemon. this should pull in everything you need to resolve local machines on your LAN as hostname.local. If you have MacOS X you are already running this service. This is optional but it really does help out on a LAN if you don't want to run your own local DNS.
On some older distros like lucid you may need to edit /etc/avahi/avahi-daemon.conf and make sure use-ipv6=yes.
By default /etc/nsswitch.conf is set to only resolve mDNS through IPv4. You can enable it to resolve mDNS with IPv6 also by changing the line:
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4hosts: files mdns_minimal [NOTFOUND=return] dnsThis will prefer resolving over IPv4 first but will still pick up a v6 only host.
Stateless auto configuration works out of the box on Linux. As soon as a router announcement is sent over the LAN your interface will get an IPv6 address and route for each advertised prefix. However even though the RA can contain DNS server information Linux will not pick it up and use it unless you have a Daemon called rdnssd installed. (You could also set up dhcpv6 instead but since I did not decide to go that route I won't be covering that)
Just run apt-get install rdnssd on each linux machine on your LAN.
At this point you are now ready to go to the next step.
You now have your local network ready to get on the IPv6 internet but first you have to get connected to the IPv6 internet to do much of anything useful with it. I recommend going to http://www.tunnelbroker.net and signing up for a free account.
Once you have your tunnel created click on the Example configurations Tab and select linux-route2. You will see a script that looks something like this:
modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 209.51.161.14 local yourpubliciphere ttl 255
ip link set he-ipv6 up
ip addr add 2001:DB8:0001:23::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr
If you are behind NAT just replace your public IP address with your local behind the NAT address instead. (otherwise the tunnel wont work)
If you have a NAT router that does not forward IP protocol 41 packets you may need to configure it to do so, or just get a better home router. Some people have had luck using the DMZ feature on a particular box running the tunnel but YMMV (and I don't recommend doing it that way in any case). I had an old WRT54G router that didn't forward Protocol 41 and so I just bought a router that runs tomato on eBay for cheap instead.
If you didn't get any errors after pasting in the script (after making changes mentioned above) you should be able to run ping6 ipv6.google.com successfully. If not See what I wrote above about Protocol 41 and check out the forums at tunnelbroker.net.
If you successfully pinged ipv6.google.com you now are ready to set up a computer to be the router/firewall for your LAN.
run apt-get install iptables iptables-persistent radvd This should give you the ip6tables command which will allow us to filter IPv6 traffic. (IPv4 and IPv6 filtering use separate firewall rules. If we don't set this up first you will expose every IPv6 capable machine on your LAN to the global IPv6 internet with no protection. DON'T DO THIS!)
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
#INPUT Chain
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -m rt --rt-type 0 -j DROP
-A INPUT -s fe80::/10 -j ACCEPT
-A INPUT -s <Put your ULA address here>::/64 -j ACCEPT
-A INPUT -d ff00::/8 -j ACCEPT
##Put all rules here for opening services on the firewall itself rather than
##for other hosts on the internal network.
#Allow Web requests for HE.net certification tests.
#-A INPUT -d 2001:DB8:4242:93:: -i he-ipv6 -p tcp -m tcp --dport 80 -j ACCEPT
#All firewall/routing stuff goes here
#Don't use these rules to open ports on the local machine!
-A FORWARD -p ipv6-icmp -j ACCEPT
#Reject source routing.
-A FORWARD -m rt --rt-type 0 -j DROP
#Next two lines allow stateful filtering for anything thats started from inside our network
-A FORWARD -s 2001:DB8:4242:93::/64 -i eth1 -o he-ipv6 -m state --state NEW -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
#I don't think this one is needed
#-A FORWARD -i eth1 -o he-ipv6 -p icmpv6 -j ACCEPT
#Add anything here you want to allow through to various ports
#-A FORWARD -d 2001:DB8:4242:93::/64 -i he-ipv6 -p tcp -m tcp --dport 22 -j ACCEPT
#-A FORWARD -d 2001:DB8:4242:93::/64 -i he-ipv6 -p tcp -m tcp --dport 33600:33604 -j ACCEPT
#Log all dropped packets.
-A FORWARD -j LOG
#Output chain
-A OUTPUT -p ipv6-icmp -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o he-ipv6 -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
-A OUTPUT -m rt --rt-type 0 -j DROP
-A OUTPUT -s fe80::/10 -j ACCEPT
-A OUTPUT -s <put your ULA address here>::/64 -j ACCEPT
-A OUTPUT -d ff00::/8 -j ACCEPT
COMMIT
The router announcement daemon is kind of similar to DHCP on an IPv4 network. It sends out multicast packets to the all-hosts multicast address periodically. it also responds to router solicitation requests on the all routers address when a machine wants to get a V6 address. It mainly advertises IPv6 address prefixes, routes and optionally DNS server addresses.
The following is an example /etc/radvd.conf configuration. Just replace the DB8 addresses with your own routed /64 that you obtained from tunnelbroker.net and use your own generated ULA (or just delete that part from the config file if you decided not to use a ULA)
interface eth1
{
AdvSendAdvert on;
prefix 2001:DB8:4242:93::/64
{
};
prefix <put your ULA here or just delete this part>/64
{
AdvValidLifetime infinity;
AdvPreferredLifetime infinity;
};
RDNSS 2620:0:ccc::2 2620:0:ccd::2
{
};
};
Finally I have created a simple init script to bring the tunnel up, load the ip6tables firewall rules in, assign the v6 routed address to the internal interface, assign the ULA to the internal interface and finally start up radvd to announce our prefixes/routes to the LAN. you can just make a link to it as /etc/rc2.d/S99ipv6 (or whatever your default runlevel is instead of rc.2) to make it run automatically. Or you can just start/stop it by hand like I'm doing for now.
#!/bin/sh
#This is the address of the he.net tunnel server
TUNNELSERVER=209.51.161.14
#this needs to be the local ipv4 address of this machine, if you are behind
#NAT it needs to be the RFC1918 address and not the NAT router's public IP
LOCALIP=192.168.93.111
#This is the local part of the point to point link that he.net gave you
TUNNELV6ADDR=2001:DB8:0001:23::2/64
#This is your actual routed /64 address space (This is different than the
#TUNNELV6ADDR) Just copy this from your tunnel info on the tunnelbroker page
ROUTED64=2001:DB8:4242:93::/64
#This is optional but rather useful if you want your own local v6 address
#space beyond the link local addresses. DO NOT just put in any address
#Please generate your own using the tool at
#http://http://www.sixxs.net/tools/grh/ula/
#ULA's are meant to be private but unique in order to avoid the problems
#encountered with RFC1918 addresses in IPv4.
ULA=<enter a /64 address allocated out of your /48 ULA here>
#This is the interface that is on your LAN.
#Used to assign the routed /64 address and the ULA address to)
LANIF=eth1
case "$1" in
start)
ip6tables-restore </etc/iptables/rules6
ip tunnel add he-ipv6 mode sit remote $TUNNELSERVER local $LOCALIP ttl 255
ip link set he-ipv6 up
ip addr add $TUNNELV6ADDR dev he-ipv6
ip addr add $ROUTED64 dev $LANIF
ip addr add $ULA dev $LANIF
ip route add ::/0 dev he-ipv6
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
service radvd start
;;
stop)
ip link set he-ipv6 down
ip tunnel del he-ipv6
ip addr del $ROUTED64 dev eth1
service radvd stop
echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
;;
force-stop|restart|force-reload|status)
;;
*)
echo "Usage: $0 {start|stop|force-stop|restart|force-reload|status}" >&2
exit 1
;;
esac
exit 0
Once you have that init script edited and in place and run /etc/init.d/ipv6 start Your tunnel should come up and radvd should start and announce your prefixes to the LAN. If you go to a machine on your LAN and type ifconfig -a you should now see a 2001:* prefix inet6 address assigned to your network interface. Just type ping6 ipv6.google.com to see if everything is working.
You can go to http://test-ipv6.com/ to test your IPv6 connectivity and be sure you have your dual stack set up right.
[/debian/ipv6] permanent link RSS feed
Getting an old IBM 3151 terminal working with Debian Squeeze
I bring my laptop with me to St. Louis for Christmas every year. In St. Louis I have a big pile of obsolete equipment. One particular piece is an old IBM 3151 Terminal with Wyse 50 emulation card installed.
I like to hook up the IBM 3151 terminal to my laptop to give me an extra text only display and keyboard for editing text files and chatting on IRC etc.
Since this terminal (with the emulation card I have on hand at least) does not handle VT100 escapes it is a bit of a bear to set up so I figured I would write a blog post about how I get it working under Linux.
I like the nice crisp lime green display and the wonderful model M style buckling-sping keyboard.
First plug the serial cable into the rear left hand port (left hand side with the front of the display facing you) the other port is for a serial printer if you have one.
Next type Ctrl-Setup to get to the setup screen. You will use the arrow keys to move around the menu and the space bar to choose the options, once you have selected everything you want on that screen press send to go to the next setup screen.
Machine Mode: WYSE50/50+ Enhance Mode: ON Screen: NORMAL Row and Column: 25 x 80 Scroll: JUMP Auto LF: OFF CRT Saver: ON Line Wrap: ON Attribute: SCREEN Return/Enter: CR/CR Protect: HALF-INT
Operating Mode: ECHO Line Speed (bps) 9600 Word Length (bits) 8 Parity: NO Stop Bit: 1 Parity Check: OFF Line Control: PRTS Pacing: OFF Block End: US/CR Edit Mode: DUPLEX Keyboard Lock: ENABLE
Just ignore this screen if you don't have a printer, it only has the serial port setting for the printer on this screen anyway.
This is the screen that allows you to save your settings. Just press space over the desired function in order to perform it.
You will want to highlight save and press space and then highlight reset and press space on this screen.
The other functions are fairly obvious in what they do. you can search google for the 3151 manual to get full docs on this terminal.
Now that the terminal is set up you just have to get init to spawn a getty for the terminal and you will get a login prompt on the terminal. Once you have completed this step we are nearly finished.
Add this line to your inittab and when you are finished type init q as root.
T0:23:respawn:/sbin/getty -L ttyUSB0 9600 wyse50
Once you have typed init q you should see a login prompt on the terminal. go a head and log in and you should have a shell. a lot of curses programs, including the pager will act funny though because they seem to assume that the whole world is a VT100 compatable terminal. The next section addresses how to fix this.
The siple answer to getting the terminal to behave as much as possible like a VT100 to applications that are poorly written is to simply use screen to translate those vt100 escapes into wyse50 escapes. just simply invoke screen -a -O once you log in and curses applications should start to behave normally.
I hope this helps someone else that has a similar Terminal that they want to use on a linux machine. I also have a nice AT&T 705 MT terminal I could have used that has excellent VT100 emulation, but I prefer the model M keyboard on my 3151. In the future I might find the DEC emulator card for it at a reasonable price and just simply use that instead and save the headache of using screen.
[/debian] permanent link RSS feed
Getting Suspend to disk working on Debian 6.0 Squeeze on the Thinkpad T41
A recent update to the 2.6.32 i486 kernel in Squeeze had the effect of making the kernel crash on resume from disk. I tracked things down to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607288
This basicaly boils down to adding acpi_sleep=s4_nohwsig to the kernel command line.
While I'm at it I thought I would describe how I have suspend to disk set up on my T41 since I had to do other things to get hibernate to work at all before this.
Step 1. pre/post suspend script
I crated a file named 20_deep13hibernate inside of /etc/pm/sleep.d/ it looks like this:
#!/bin/sh
# Action script ensure that unattended-upgrades is finished
# before a hibernate
#
# Copyright: Copyright (c) 2009 Michael Vogt
# License: GPL-2
#
PATH=/sbin:/usr/sbin:/bin:/usr/bin
# pm-action(8) -
#
# On suspend|hibernate, disconnect any wpa-roam managed interfaces,
# reconnect it on resume.
case "${1}" in
hibernate)
echo removing wireless module
modprobe -r ipw2200;
pccardctl eject;
;;
resume|thaw)
# nothing
echo loading wireless module
modprobe ipw2200;
pccardctl insert;
;;
esac
Next Just edit /etc/default/grub and change the line that looks like:
GRUB_CMDLINE_LINUX_DEFAULT="" to
GRUB_CMDLINE_LINUX_DEFAULT="acpi_sleep=s4_nohwsig"
Finally just run update-grub and suspend to disk should work now. You may also want to add other modules into the sleep.d script (particularly if you have a different wifi card inside your Thinkpad T41) I hope this helps someone with a isimilar problem.
[/debian] permanent link RSS feed