Ipv6

Building a home router

WARNING: technical content ahead! There’s also a tonne of config files, which make this page look longer than it really is, but hopefully they’ll help other people who want to do similar work. Back in 2017 I described how to build a home router based on CentOS 7. C7 is now out of date, so I figured it was time to rebuild it, this time using Rocky Linux 9.

Using network namespaces for ipv4 only

The problem I use the Ookla Speedtest CLI in a cron job to get an idea of the speed of my internet connection (Verizon FIOS), and spot if there are problems. Why? Because why not :-) It let’s me draw graphs like this. However, recently I was starting to get error messages that the command wasn’t able to reach speedtest.net to get the configuration. It wasn’t happening every time; sometimes it would go hours without issue, other times it would fail 3 or 4 times in succession.

Firewall Basics

What is a firewall? Think of an office building with a keycard entry system. To get into the building you need to put your card to the reader. If it think you’re authorized then the gate will open and you can enter. Similarly, a number of offices require you to “badge out” as well. This badge/gate system is a simple analogy for a firewall. A network firewall may be considered to be a security gate to separate the network up into “inside” and “outside” and you define rules to allow traffic to pass through the gate.

Monitoring my router with graphs

WARNING: technical content ahead! There’s also a tonne of config files, which make this page look longer than it really is, but hopefully they’ll help other people who want to do similar work. A few months back I replaced my OpenWRT router with a CentOS 7 based one. This machine has been working very well, and handles my Gigabit FIOS traffic without any issues.

Remembering history

“Those who cannot remember the past are condemned to repeat it.” – George Santayana Default broken I was reminded, last week, of how old issues repeat. Back in the 90s it was a truism that if you put an “Out Of The Box” RedHat 4 (not RedHat Enterprise; the original freeware version) server on the internet then it would be compromised within hours. And so we learned; our default builds didn’t have telnet, didn’t have every possible service installed, didn’t have vulnerable configurations.

Building a home router

WARNING: technical content ahead! There’s also a tonne of config files, which make this page look longer than it really is, but hopefully they’ll help other people who want to do similar work. For many years I’ve been using variations of the Linksys WRT54G. I first switched to this router when freeware ROMs became available; I’ve used DD-WRT, Tomato, OpenWRT and others.

IP6 Updates

Since those experiments, linode is now also providing native IPv6 so my linode was switched to the auto-provided address they provide. By default they only provide 1 IPv6 address but they allow rDNS to work, so I haven’t needed any more, yet! IPv6 speeds internationally are a lot faster as well. I did some speed tests to a site in a UK exchange (connected at 100Mbit/s). It would saturate my home FIOS connection, peaking for periods of time at 3.

IPv6 on the LAN

Just for the lulz I fired up a CentOS VM (I knew that Citrix XenServer would come in handy!) and configured a tunnel to HE via that. I then configured a static IP6 address on eth0 and fired up radvd. My main Linux machine automatically picked up an address on that subnet and could ping6 to the outside world. I could also ssh from my linode directly to my main Linux machine (did I mention I need an IPv6 firewall?

Messing around with ipv6

My v-colo at Panix can be configured to use IPv6. Now it looks a little bit like Panix is kludging routing slightly (they give you a /96 but with a /64 netmask). It’s very possible that their router is just at the end of a HE tunnelbroker, since HE are an upstream provider to Panix. Enabling IPv6 on the v-colo was simple; I just enabled it on their “config” website and…it worked.