Wednesday 31 October 2012

How to enable vsftpd( ftp server) for IPV6 and IPv4

1) yum install vsftpd

2) vim /etc/vsftpd/vsftpd.conf
     change :
         listen=NO
         listen_ipv6= YES
    
     For anonymous upload/dwnload

        anon_mkdir_write_enable= YES
        anon_other_write_enable= YES
          anon_upload_enable= YES

3)  service vsftpd start
    
4) Default path for upload /download directory

       /var/ftp/

5) The Linux native client (ftp) does not support IPv6, so use "lftp" to test the server.

6) Windows 7/ Windows 2008 Server ftp client will work so you can use "ftp ipv4/ipv6" command.
       

       

How to enable TFTP server in Fedora core 16 for IPv6 and IPv4


1) Install Tftp Server

     yum install tftp-server

2) "Flag IPv6" support both IPv4 and IPv6 communication

    Vi /etc/xinetd.d/tftp

     Change -> disable = no
                       flags = IPv6


3) systemctl restart xinetd.service

4) Verify if the server is running

       chkconfig tftp

  it should display "enabled"

5) The default directory is /var/lib/tftproot

Troubleshooting

If you run command

tftp ipv6-address , and in wireshark you observe "unreachable Administratively Prohibited"

this means that the firewall is blocking the packets , disable SELinux,iptables and ip6tables

Commands to disable Firewall

chkconfig iptables off

chkconfig ip6tables off

vim /etc/selinux/config
         change-> disabled

Reboot the PC

How to enable TFTP server in Fedora core 16 for IPv6 and IPv4


1) Install Tftp Server

     yum install tftp-server

2) "Flag IPv6" support both IPv4 and IPv6 communication

    Vi /etc/xinetd.d/tftp

     Change -> disable = no
                       flags = IPv6


3) systemctl restart xinetd.service

4) Verify if the server is running

       chkconfig tftp

  it should display "enabled"

5) The default directory is /var/lib/tftproot

Troubleshooting

If you run command

tftp ipv6-address , and in wireshark you observe "unreachable Administratively Prohibited"

this means that the firewall is blocking the packets , disable SELinux,iptables and ip6tables

Commands to disable Firewall

chkconfig iptables off

chkconfig ip6tables off

vim /etc/selinux/config
         change-> disabled

Reboot the PC

How to use ping6 command for IPv6?

Once you have enabled IPv6 in your Linux or Windows 7/Windows 2008 PC, we have to use ping command to verify the connections. The way commands are used in Windows and Linux are little different but the concept is same.

In IPv6 we need to tell the interface on which it is going to send the ping, In windows %n tells the interface and in Linux it is "-I interface"


Windows :

ping6 fe80::1e6f:66ff:fec6:844d%5

Linux

ping6 -I eth1 fe80::1e6f:66ff:fec6:844d

Server installation in Fedora core 16 for IPv6

As i have mentioned in my earlier posts, i need to enable all servers for ipv4 and ipv6.

The first step is to install all servers in my Fedora core 16 machine.


1) Install wireshak

      yum install wireshark
      yum install wireshark-gnome

2) Install TFTP server

      yum install tftp-server

3) Install telnet server

      yum install telnet-server

4) Install ftp server

       yum install vsftpd

5) Update ftp client ( the native ftp client in FC16 does not support IPv6) so need to install another client

       As of now lftp seems fine, but commands are little difficult, need to work on this

         yum install lftp

6)  Install Http Server

        yum install httpd

7) Install dhcp Server

       yum install dhcp-common
       yum -y install dhcp

8) Install Syslog Server

         yum install syslog

9) Install NTP Server

         yum install ntp


Tuesday 30 October 2012

How to disable firewall (ipv6tables and iptables) in Linux Fedora core 16 (IPv4 and IPv6)


IPv4 firewall ( iptables)

chkconfig iptables off

IPv6 firewall ( ip6tables)

chkconfig  ip6tables off

Verify if disabled

chkconfig iptables

chkconfig ip6tables
 

Lab Server to be migrated for dual stack ( IPV6 and IPV4)

We are migrating to dual IPV6 and IPv4 stack. I have to enable all servers for dual mode ( IPv6 and IPv4)

These are the servers to be migrated :

1) TFTP-Server

2) FTP Server

3) HTTP Server

4) Radius Server

5) DHCP Server

6) Syslog Server

7) NTP Server

8) Telnet Server

We use Windows 2003 server and Linux EL as servers , now for full IPv6 support we need Windows 2008 server and instead of EL I am using Fedora core 16.

So in few days i will try to configure all servers in FC 16 and once done, will move to Windows 2008 server.

Monday 29 October 2012

How to make Linux Fedora Core 14 work as IPV6 Router

We have in IPv6 Stateless Address Auto-configuration, it is defined in RFC 4862.

1) We need radvd for it to work

 # yum install radvd

2) Make changes in radvd.conf

# vim /etc/radvd.conf


interface eth1
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2001:db8:1:0::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};

};

3) Enable IPv6 forwarding,

 we need to set following in /etc/sysctl.conf

    net.ipv6.conf.all.forwarding=1


4)   Reboot the PC


5) service radvd start


6) Now the service should start fine

How to test :

Connect Windows 7 PC-> make it tcp/ipv6 DHCP client , connect to Linux Server ( above configured PC)

The two should communicate using IPv6, the Linux Server should assign IPv6 address to windows 7 client.

ping6 -I eth1 ipv6-address-of-windows

should work fine.



Keep Learning !! Keap sharing !!!



Activating IPv6 Stack on Fedora Core 14 ( How to assign/enable IPv6 address in Fedora)

To enable IPv6 in Fedora core 14 following steps is to done:

1)#  vim /etc/sysconfig/network

add "NETWORKING_IPv6=yes"

    NETWORKING=yes
    NETWORKING_IPV6=yes
    HOSTNAME=localhost.localdomain



2) Verify using modprobe

# modprobe -c | grep net-pf-10

    alias net-pf-10 ipv6
    alias net-pf-10-proto-0-type-6 dccp_ipv6
    alias net-pf-10-proto-33-type-6 dccp_ipv6
    alias net-pf-10-proto-132 sctp

3) Assign  static IPv6 address in

vim /etc/sysconfig/network-scripts/ifcfg-eth1


4) restart service "network"

   # service network restart 

Your interface should be assigned IPv6 address.

5) You can use command ifconfig also  to assign ip address

ifconfig eth0 inet6 add 2001:db8:1::1/64







How to enable IPv6 Forwarding in Linux ( Fedora Core 14 )

To enable IPv4 forwarding in Linux we use below command :

# echo 1 > /proc/sys/net/Ipv4/ip_forward


To enable IPv6 forwarding we need to set following in /etc/sysctl.conf
net.ipv6.conf.all.forwarding=1


Reboot the PC,IPv6 forwarding should work.

Tuesday 16 October 2012

How to configure Linux DHCP server for multiple VLAN?

Recently i was working on VLAN and DHCP.

  The setup was something like this :


              PC1------------VLAN Switch1 -----------VLAN Switch 2---------------DHCP Server
                                           |
                                           |
                                          PC2

PC1 and PC2 are connected to Access port of VLAN switch 1 with VLAN ID 100 and 200.

The DHCP server was supposed to server both the VLAN.

DHCP Server is Linux PC.

How to do this?


1) VLAN S/W 1 will be connected to VLAN S/W 2 "trunk Port".

2) DHCP Server should be connected to VLAN S/W 2 "trunk port".

3) All trunk port should expect tagged traffic

4) PC1 and PC2 will send untagged traffic to VLAN  S/W 1 , the switch will tag with respective vlan id and send to switch 2.

5) The DHCP Server should support both VLAN otherwise it will drop the packets. The DHCP Server should be configured for both VLAN.

Command to enable multiple VLAN on Linux:

                  ifconfig eth0 0.0.0.0 
                 
                  vconfig add eth0 100
                   
                  ifconfig add eth0.100 10.1.1.1 netmask 255.0.0.0

                  vconfig add eth0 200
                   
                  ifconfig add eth0.200 20.1.1.1 netmask 255.0.0.0
 
                
Command to enable DHCP

           Vim /etc/dhcp/dhcpd.conf

 Add both subnets

subnet 10.1.1.0 netmask 255.0.0.0 {
range 10.1.1.10 10.1.1.20;
option routers 10.1.1.1;
option broadcast-address 10.1.1.255;
}

subnet 20.1.1.0 netmask 255.0.0.0 {

range 20.1.1.10 10.1.1.20;
option routers 20.1.1.1;
option broadcast-address 20.1.1.255;
}

            

Run dhcp server :

           dhcpd &


6) Now make PC1 and PC2 as DHCP client

  Both should be able to get IP address from DHCP server in their respective VLAN.



      

Thursday 11 October 2012

Another intersting Question ! !

The situation is in a network.
                                                            
PC1--------Internet ------HTTP  Server ( DNS Server, hostname "Server")

Symptoms

1) From PC1 if you ping to "Server", it is properly resolving the IP address.

2) From PC1 if you ping to IP address of the Server , it is ping fine

Issue :
 If you try to open webpage in Browser , nothing is coming.

How do you debug it, where could be the problem?

Wednesday 10 October 2012

How to take backup for Windows IAS server and DHCP server ?

For Windows 2003 Server if we want to take backup and restore it in another Windows machine, we have a very handy command "netsh"

c:\> netsh ?

Commands in this context:
?              - Displays a list of commands.
aaaa           - Changes to the `netsh aaaa' context.
add            - Adds a configuration entry to a list of entries.
bridge         - Changes to the `netsh bridge' context.
delete         - Deletes a configuration entry from a list of entries.
dhcp           - Changes to the `netsh dhcp' context.
diag           - Changes to the `netsh diag' context.
dump           - Displays a configuration script.
exec           - Runs a script file.
firewall       - Changes to the `netsh firewall' context.
help           - Displays a list of commands.
interface      - Changes to the `netsh interface' context.
ipsec          - Changes to the `netsh ipsec' context.
ras            - Changes to the `netsh ras' context.
routing        - Changes to the `netsh routing' context.
rpc            - Changes to the `netsh rpc' context.
set            - Updates configuration settings.
show           - Displays information.
wins           - Changes to the `netsh wins' context.
winsock        - Changes to the `netsh winsock' context.

To take IAS server backup

Server 1

c:\> netsh aaaa show config > backup.txt

Server 2 ( restore)

c:> netsh exec backup.txt

To take DHCP Server backup and restore

Server 1

c:\> netsh dhcp server export dhcpbackup.txt all

Server 2

c:\>  netsh dhcp server import dhcpbackup.txt all


Tuesday 9 October 2012

What will Happen if we ping in this case?


A very basic question ....


   PC1--------------------------Router 1-------Router 2---------PC2 ( 10.1.1.1, mac : 00:22:33:33:44:55)
192.168.1.2        192.168.1.1

The IP address of PC1 is 192.168.1.2.  PC1 and PC2 are windows XP machines.

 At PC1 the default gateway is 192.168.1.1.

We added static arp entry for PC2 in PC1

arp -s 10.1.1.1 00:22:33:33:44:55

Now tell me , if we ping from PC1 -> ping 10.1.1.1 , what packets will be sent by PC1 ?









Friday 5 October 2012