Re-post from LYN forum. Credit to ansonlos.

After much try and error and research, I’ve managed to get pfSense to work with UniFi’s IPv6 allocation. For a bit of a background, I’m running the latest release of pfSense i.e. 2.2.1 and also I got this to work with my office’s UniFi which is on Biz 10.

I’d just like to share my settings here to benefit those who might want to get IPv6 to work for their pfSense box.

1. Under “System -> Advanced -> Networking”, make sure “Allow IPv6” is checked. Then go to “Interfaces”, click on “WAN”. Under IPv6 Configuration Type, choose “DHCP6”. MTU should be 1492.

2. Under DHCP6 client configuration section, put a tick mark on “Request a IPv6 prefix/information through the IPv4 connectivity link”. In the drop down list for DHCPv6 Prefix Delegation size, choose “56”. (I have no idea why this is the case, but the allocated subnet for both the PPPoE and LAN are actually 64. I’ve tried choosing 64 here, but it doesn’t work. Maybe 56 is for a Biz account. If 56 doesn’t work for you, try choosing 64 especially if you’re on home UniFi account.)

Also, put a tick mark for “Send an IPv6 prefix hint to indicate the desired prefix size for delegation”. Click on “Save”.
Interface_WAN

3. Now, go to “Interfaces”, click on “LAN”. Under IPv6 Configuration Type, choose “Track Interface”. Type 1492 for MTU.

4. Under Track IPv6 Interface section, ensure IPv6 Interface “WAN” is selected and as for IPv6 Prefix ID, just type 0 (zero) here.

5. Under Private networks section, ensure “Block Bogons networks” is unchecked. Then, click “Save”.

Interface_LAN

6. Finally, I’ve read that IPv6 requires ICMP to work. So under Firewall -> Rules, I’ve also created a rule to allow ICMP IPv6 traffic for both WAN and LAN.

I’m not entirely certain what the security implications are with the above settings to the firewall, so please be forewarned.

With the above settings, I’m able to get IPv6 addresses for PPPoE and LAN interfaces for pfSense and also devices connected to the LAN. Hope this helps those who are using pfSense.

Incoming search terms:

  • pfsense pppoev6
  • pfsense ipv6 prefix id

Option 1 – Quick and Dirty

You can quickly turn on logging by typing in the following into the server shell:

rndc querylog

Then you can follow the information in the standard syslog.

tail -f /var/log/syslog

You should see output like the following letting you know that queries are now logged:

Sep 14 22:23:20 ns01.companya.local named[7896]: query logging is now on

<h3>Option 2 – Full and Stored Logs</h3>
If you want to store full logs that you can go back to at a later date you’ll need to make some changes to the BIND configuration.

Logon to your shell as usual, and type the following:
nano /etc/bind/named.conf

Put in the following code at the bottom:

logging {
channel query.log {
file “/var/log/query.log”;
severity debug 3;
};
category queries { query.log; };
};

Now we need to create the log:

touch /var/log/query.log

Make it writable by the BIND process:

chown named.named /var/log/query.log

Give BIND a reboot:

service bind9 restart

And now you should be able to follow the queries as any other log:

tail -f /var/log/query.log

References:
http://www.gypthecat.com/how-to-log-bind-queries-on-ubuntu-12-10
http://linuxmantra.com/2011/04/logging-bind-queries.html

Incoming search terms:

  • logging { channel querylog{
  • named queries log

0805_transmission_587

Connect to xbian using ssh

Default username xbian password raspberry

Perform package update and upgrade

[email protected]:/home/xbian#apt-get update
[email protected]:/home/xbian#apt-get upgrade –y

Install xbian optimized transmission binary

[email protected]:/home/xbian#apt-get install -y -o Dpkg::Options::=”–force-confdef” -o Dpkg::Options::=”–force-confold” xbian-package-transmission

Notes:

1. Default download location is at /home/xbian
2. Access webui via http://xbianip:9091
3. Default webui login admin password raspberry

It seems that Ubuntu/Debian (or perhaps other distros as well) prefer IPv6 DNS records instead of IPv4 when applicable and some times this results in loss of connectivity or similar problems.
I ran into this issue today while trying to update an old VPS with apt-get/aptitude. Specifically, security.ubuntu.com was being resolved in an unreachable IPv6 address and I had to wait some minutes for timeout every time.
Fortunately, there is an easy fix for this; you just have to edit the file located at: /etc/gai.conf which is the configuration for getaddrinfo(). There you have to uncomment line ~54 which reads: “precedence ::ffff:0:0/96 100″, and you are all set! (assuming that every other option is commented out by default as in my case).

gai

Reference: http://bruteforce.gr/make-apt-get-use-ipv4-instead-ipv6.html

Network Topology

Problem:
From Dashboard-Network Topology-click on any nodes and getting this error “It appears as though you do not have permission to view information for any of the services you requested…
If you believe this is an error, check the HTTP server authentication requirements for accessing this CGI
and check the authorization options in your CGI configuration file.”
Solution:
Edit /omd/sites/xxx/etc/nagios/cgi.cfg, look for below variable and change to * (all authenticated users)
authorized_for_system_information=*
authorized_for_configuration_information=*
authorized_for_system_commands=*
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=*
authorized_for_all_host_commands=*

Then restart apache

Reference:
http://serverfault.com/questions/502862/nagios-new-user-doesnt-get-enabled-permissions
http://lists.mathias-kettner.de/pipermail/checkmk-en/2014-September/013249.html

Posted in NMS.