30 Mar

Configuring Unifi IPv6 on pfSense

Re-post from LYN forum. Credit to ansonlos.

After much try and error and research, I’ve managed to get pfSense to work with UniFi’s IPv6 allocation. For a bit of a background, I’m running the latest release of pfSense i.e. 2.2.1 and also I got this to work with my office’s UniFi which is on Biz 10.

I’d just like to share my settings here to benefit those who might want to get IPv6 to work for their pfSense box.

1. Under “System -> Advanced -> Networking”, make sure “Allow IPv6” is checked. Then go to “Interfaces”, click on “WAN”. Under IPv6 Configuration Type, choose “DHCP6”. MTU should be 1492.

2. Under DHCP6 client configuration section, put a tick mark on “Request a IPv6 prefix/information through the IPv4 connectivity link”. In the drop down list for DHCPv6 Prefix Delegation size, choose “56”. (I have no idea why this is the case, but the allocated subnet for both the PPPoE and LAN are actually 64. I’ve tried choosing 64 here, but it doesn’t work. Maybe 56 is for a Biz account. If 56 doesn’t work for you, try choosing 64 especially if you’re on home UniFi account.)

Also, put a tick mark for “Send an IPv6 prefix hint to indicate the desired prefix size for delegation”. Click on “Save”.
Interface_WAN

3. Now, go to “Interfaces”, click on “LAN”. Under IPv6 Configuration Type, choose “Track Interface”. Type 1492 for MTU.

4. Under Track IPv6 Interface section, ensure IPv6 Interface “WAN” is selected and as for IPv6 Prefix ID, just type 0 (zero) here.

5. Under Private networks section, ensure “Block Bogons networks” is unchecked. Then, click “Save”.

Interface_LAN

6. Finally, I’ve read that IPv6 requires ICMP to work. So under Firewall -> Rules, I’ve also created a rule to allow ICMP IPv6 traffic for both WAN and LAN.

I’m not entirely certain what the security implications are with the above settings to the firewall, so please be forewarned.

With the above settings, I’m able to get IPv6 addresses for PPPoE and LAN interfaces for pfSense and also devices connected to the LAN. Hope this helps those who are using pfSense.

Incoming search terms:

  • pfsense pppoev6
  • ipv6 without prefix delegation pfsense
  • pfsense ipv6 prefix id
  • freebsd ppp conf unifi ipv6
  • https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1822 ziP4QCuojp0RXafp26cUt4vv1aHqWQLnSXgV9veJH3vfQMqZSDXCKQrUmh89lFgc 6ccf22220d89eda062a4b1bfdfd759c1ef57a910&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme
  • https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1839 AKdGkbUvdPdyspMZW9X40g-sYab7Pfkw8odYtynuashfQ0r5hEZrJpOvq4taqYk3 1fe33720b39846b9c9b5a345624345e54348196f&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme
  • ipv6 is usable through the unifi aps route advertisement doesnt pass
  • ipv6 pfsense unifi
  • pfsense ipv6 configuration
  • pfsense ppoe dhcpv6
  • unifi ipv6
  • UniFi IPv6 Interface Type
  • unifi pfsense
24 Mar

Logging Bind DNS Queries

Option 1 – Quick and Dirty

You can quickly turn on logging by typing in the following into the server shell:

[code]rndc querylog[/code]

Then you can follow the information in the standard syslog.

[code]tail -f /var/log/syslog[/code]

You should see output like the following letting you know that queries are now logged:

[code]Sep 14 22:23:20 ns01.companya.local named[7896]: query logging is now on[code]

<h3>Option 2 – Full and Stored Logs</h3>
If you want to store full logs that you can go back to at a later date you’ll need to make some changes to the BIND configuration.

Logon to your shell as usual, and type the following:
[code]nano /etc/bind/named.conf[/code]

Put in the following code at the bottom:

[code]logging {
channel query.log {
file “/var/log/query.log”;
severity debug 3;
};
category queries { query.log; };
};[/code]

Now we need to create the log:

[code]touch /var/log/query.log[/code]

Make it writable by the BIND process:

[code]chown named.named /var/log/query.log[/code]

Give BIND a reboot:

[code]service bind9 restart[/code]

And now you should be able to follow the queries as any other log:

[code]tail -f /var/log/query.log[/code]

References:

How to Log BIND Queries on Ubuntu 12.10


http://linuxmantra.com/2011/04/logging-bind-queries.html

Incoming search terms:

  • linux named bind tail log
  • /var/log/named/named log graylog
  • bind9 loggin queries
  • bind9 query log
  • what is DNS query logging
17 Mar

Install Transmission on Xbian

0805_transmission_587

Connect to xbian using ssh

Default username xbian password raspberry

Perform package update and upgrade

root@xbian:/home/xbian#apt-get update
root@xbian:/home/xbian#apt-get upgrade –y

Install xbian optimized transmission binary

root@xbian:/home/xbian#apt-get install -y -o Dpkg::Options::=”–force-confdef” -o Dpkg::Options::=”–force-confold” xbian-package-transmission

Notes:

1. Default download location is at /home/xbian
2. Access webui via http://xbianip:9091
3. Default webui login admin password raspberry

Incoming search terms:

  • xbian transmission install
05 Mar

Force apt-get to use IPv4 instead of IPv6

It seems that Ubuntu/Debian (or perhaps other distros as well) prefer IPv6 DNS records instead of IPv4 when applicable and some times this results in loss of connectivity or similar problems.
I ran into this issue today while trying to update an old VPS with apt-get/aptitude. Specifically, security.ubuntu.com was being resolved in an unreachable IPv6 address and I had to wait some minutes for timeout every time.
Fortunately, there is an easy fix for this; you just have to edit the file located at: /etc/gai.conf which is the configuration for getaddrinfo(). There you have to uncomment line ~54 which reads: “precedence ::ffff:0:0/96 100″, and you are all set! (assuming that every other option is commented out by default as in my case).

gai

Reference: http://bruteforce.gr/make-apt-get-use-ipv4-instead-ipv6.html

Incoming search terms:

  • force apt-get ipv4
  • force ubuntu to use ipv4
  • force yum ipv4
  • ubuntu force ipv4
03 Mar

check_mk: problem & solution

Network Topology

Problem:
From Dashboard-Network Topology-click on any nodes and getting this error “It appears as though you do not have permission to view information for any of the services you requested…
If you believe this is an error, check the HTTP server authentication requirements for accessing this CGI
and check the authorization options in your CGI configuration file.”
Solution:
Edit /omd/sites/xxx/etc/nagios/cgi.cfg, look for below variable and change to * (all authenticated users)
authorized_for_system_information=*
authorized_for_configuration_information=*
authorized_for_system_commands=*
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=*
authorized_for_all_host_commands=*

Then restart apache

Reference:
http://serverfault.com/questions/502862/nagios-new-user-doesnt-get-enabled-permissions
http://lists.mathias-kettner.de/pipermail/checkmk-en/2014-September/013249.html