|
aiccuu, post-up/pre-down scripting, interfaces, source IPs
![[se]](/s/countries/se.gif) Shadow Hawkins on Thursday, 06 October 2005 10:29:51
Since I'm planning to not have my computer on all the time anymore, I have
moved my tunnel from 6in4-static to the heartbeat type.
It works fine, but I have a slight problem, or annoyance, with the aiccu
software and my interfaces.
I want to add an IP from my delegated subnet to the sixxs interface, but
where should I do that? The aiccu program does not do any kind of
post-up/pre-down scripting like normal interfaces handling does in my
system (Debian GNU/Linux). Does anybody have suggestions for where I
should put my
ip addr add 2001:[...]:1/64 dev sixxs
and the respective "ip addr del"-lines?
Okay, I could edit /etc/init.d/aiccu, but it is not the Right Thing to do.
I could also have this IP on, for example, my eth0 interface. But if I do
that, every program using IPv6 seems to prefer binding to the IP of my
tunnel endpoint (if I don't explicitly tell them otherwise). I would like
my programs to, per default, bind* to the IP in my subnet (which has my
reverse dns etc); is there any way to influence this choice in GNU/Linux,
so I don't have to tell every program explicitly? Or does outbound traffic
from an interface have to have a source IP which belongs to that interface?
(Edit: Hm, probably is doesn't, since I CAN tell (some) programs which
interface/address to "bind" to.)
*) Perhaps bind is not the correct term; what I mean is that outbound
connections should originate from an IP in my subnet, not from my tunnel
endpoint.
On the side of this; when I indeed have the IP from my subnet on the sixxs
interface, am I "lucky" that the source of outbound connections is my
subnet IP instead of tunnel endpoint? Or how is that choice made?
aiccuu, post-up/pre-down scripting, interfaces, source IPs
Or does outbound traffic from an interface have to have a source IP which belongs to that interface?
This is the case, but you easily trick linux to have the local address on the outbound interface, not nice but works. It is noted somewhere else in this forum too.
*) Perhaps bind is not the correct term; what I mean is that outbound connections should originate from an IP in my subnet, not from my tunnel endpoint.
Bind is the correct term. Linux simply, at the moment, doesn't have a method of specifiying a source address based on routing decisions.
On the AICCU side: The big update(tm) is planned for about the second week of november. Pre/Post script support will be included, which also allows setting up firewalls for instance.
aiccuu, post-up/pre-down scripting, interfaces, source IPs
Shadow Hawkins on Thursday, 06 October 2005 12:48:48This is the case, but you easily trick linux to have the local address on the outbound interface, not nice but works. It is noted somewhere else in this forum too.
Isn't that what I do with "ip addr add foo dev sixxs"? But I wouldn't
say trick; perhaps I misunderstand what you mean.
I think I'll stick to having my subnet IP on the sixxs device, that way I
usually get the source address I want, without having to explicitly tell
my programs (for Mozilla Firefox I don't know if it is at all possible
to change the source address).
The update sounds good. I'll hack my init.d/aiccu in the meantime.
aiccuu, post-up/pre-down scripting, interfaces, source IPs
![[fr]](/s/countries/fr.gif) Carmen Sandiego on Sunday, 16 October 2005 02:22:20On the side of this; when I indeed have the IP from my subnet on the sixxs interface, am I "lucky" that the source of outbound connections is my subnet IP instead of tunnel endpoint? Or how is that choice made?
When you do not specify the IP address you bind, the application usually takes the first for the interface used. When you add an address to an interface with iproute2, it puts the address to the top of the list ("ip addr" to see the ordered list). So, the address used by default is the last added to the tunnel interface.
aiccuu, post-up/pre-down scripting, interfaces, source IPs
Shadow Hawkins on Friday, 21 October 2005 13:09:32
That explains everything. Thank you Camille.
aiccuu, post-up/pre-down scripting, interfaces, source IPs
![[gb]](/s/countries/gb.gif) Carmen Sandiego on Wednesday, 26 October 2005 16:48:55
What I did, when I was running a heartbeat'ed tunnel, was to slip into my /etc//network/interfaces file the following:
auto sixxs
iface sixxs inet manual
up /etc/init.d/aiccu start
up ip link set mtu 1456 dev sixxs
up ip -6 addr add 2001:4bd0:2028:00::1/64 dev sixxs
up ip -6 route add unreachable 2001:4bd0:2028::/48
pre-down ip -6 route del unreachable 2001:4bd0:2028::/48
pre-down /etc/init.d/aiccu stop
Of course you might want to amend or add extra 'up' or 'down' lines (check 'man interfaces' for more details) to suit your local setup. One thing worth bearing in mind is that if I remember correctly that aiccu backgrounds its-self and you might have to add an unclean 'up sleep 5' line after the 'aiccu start' command; I did not have to but your millege might vary.
Remember to remove aiccu from /etc/rc2.d/ and where-ever else you might have placed it.
As a side note, the 'unreachable' lines I found useful so that any unassigned subnets you had did not leak back out to SixXS and so they did not have to waste time/bandwidth sending you an ICMPv6 unreachable message; you generated it yourself.
Cheers
|
![[ch]](/s/countries/ch.gif)
on Thursday, 06 October 2005 11:31:46
Posting is only allowed when you are