archive-org.com » ORG » N » NETBSD.ORG

Total: 1243

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • intro
    The full source to the NetBSD kernel and userland is available for all the supported platforms please see the details on the official site of the NetBSD Project A detailed list of NetBSD features can be found at http www NetBSD org about features html The basic features of NetBSD are Code quality and correctness Portability to a wide range of hardware Secure defaults Adherence to industry standards Research and innovation These characteristics bring also indirect advantages For example if you work on just one platform you could think that you re not interested in portability But portability is tied to code quality without a well written and well organized code base it would be impossible to support a large number of platforms And code quality is the base of any good and solid software system though surprisingly few people seem to understand it One of the key characteristics of NetBSD is that its developers are not satisfied with partial implementations Some systems seem to have the philosophy of If it works it s right In that light NetBSD s philosophy could be described as It doesn t work unless it s right Think about how many overgrown programs are collapsing under their own weight and features and you ll understand why NetBSD tries to avoid this situation at all costs Supported platforms NetBSD supports many platforms including the popular PC platform i386 and amd64 SPARC and UltraSPARC Alpha Amiga Atari and m68k and PowerPC based Apple Macintosh machines Technical details for all of them can be found on the NetBSD site NetBSD s target users The NetBSD site states that The NetBSD Project provides a freely available and redistributable system that professionals hobbyists and researchers can use in whatever manner they wish It is also an ideal system if

    Original URL path: http://wiki.netbsd.org/guide/intro/ (2016-02-01)
    Open archived version from archive


  • kernel
    most platforms is the GENERIC configuration as it contains most drivers and options In the configuration file there are comments describing the options a more detailed description is found in the options 4 man page So the usual procedure is cp GENERIC MYKERNEL vi MYKERNEL The modification of a kernel configuration file basically involves three operations support for hardware devices is included excluded in the kernel for example SCSI support can be removed if it is not needed support for kernel features is enabled disabled for example enable NFS client support enable Linux compatibility tuning kernel parameters Lines beginning with are comments lines are disabled by commenting them and enabled by removing the comment character It is better to comment lines instead of deleting them it is always possible uncomment them later The output of the dmesg 8 command can be used to determine which lines can be disabled For each line of the type XXX at YYY both XXX and YYY must be active in the kernel configuration file You ll probably have to experiment a bit before achieving a minimal configuration but on a desktop system without SCSI and PCMCIA you can halve the kernel size You should also examine the options in the configuration file and disable the ones that you don t need Each option has a short comment describing it which is normally sufficient to understand what the option does Many options have a longer and more detailed description in the options 4 man page While you are at it you should set correctly the options for local time on the CMOS clock For example options RTC OFFSET 60 Building the kernel manually Based on your kernel configuration file either one of the standard configurations or your customised configuration a new kernel must be built These steps can either be performed manually or using the build sh command that was introduced in section Chapter 31 Crosscompiling NetBSD with build sh This section will give instructions on how to build a native kernel using manual steps the following section Building the kernel using build sh describes how to use build sh to do the same Configure the kernel Generate dependencies Compile the kernel Configuring the kernel manually When you ve finished modifying the kernel configuration file which we ll call MYKERNEL you should issue the following command config MYKERNEL If MYKERNEL contains no errors the config 1 program will create the necessary files for the compilation of the kernel otherwise it will be necessary to correct the errors before running config 1 again Notes for crosscompilings As the config 1 program used to create header files and Makefile for a kernel build is platform specific it is necessary to use the nbconfig program that s part of a newly created toolchain created for example with usr src build sh m sparc64 tools That aside the procedure is just as like compiling a native NetBSD kernel The command is for example usr src tooldir NetBSD 4 0

    Original URL path: http://wiki.netbsd.org/guide/kernel/ (2016-02-01)
    Open archived version from archive

  • linux
    The shared libraries for Linux are installed Most applications are linked dynamically and expect to find the necessary libraries on the system For example for Acrobat Reader if you go to the usr pkgsrc print acroread7 and give the make depends command pkgsrc will fetch and install all dependencies for Acrobat Reader Both operations will be handled automatically by the package system without the need of manual intervention from the user we suppose that by now you have already begun to love the package system Note that this section describes manual installation of the Linux libraries To install the libraries a program must be installed that handles the RPM format it is rpm which will be used to extract the SUSE libraries Execute make and make install in the usr pkgsrc misc rpm directory to build and install rpm Next the suse121 base package must be installed The SUSE RPM files can be downloaded by the package system or if you have a SUSE CD you can copy them in the usr pkgsrc distfiles suse121 directory and then run make and make install after going to the usr pkgsrc emulators suse121 base directory With the same method install suse121 compat and suse121 x11 The final configuration is pkg info a grep suse suse base 12 1nb3 Linux compatibility package suse compat 12 1 Linux compatibility package with old shared libraries suse x11 12 1 Linux compatibility package for X11 Note Of course you can also install the packages binary To do this you would either set the proper PKG PATH and then pkg add rpm pkg add suse base pkg add suse compat pkg add suse x11 Or using pkgin pkgin install rpm suse base suse compat suse x11 Note You can also skip this step when you are installing a package from pkgsrc which requires Linux emulation A good example for this is the package www opera which will automatically install the packages needed for emulating the Linux version of the Opera browser Installing Acrobat Reader Now everything is ready for the installation of the Acrobat Reader program or other Linux programs Change to usr pkgsrc print acroread7 and give the usual commands make make install Note To download and install Acrobat Reader you need to add the line ACCEPTABLE LICENSES adobe acrobat license to etc mk conf to accept the Acrobat Reader license simply follow the instructions given after make Directory structure If we examine the outcome of the installation of the Linux libraries and programs we find that emul linux is a symbolic link pointing to usr pkg emul linux where the following directories have been created bin dev etc lib opt proc root sbin usr var Note Please always refer to emul linux and not to usr pkg emul linux The latter is an implementation detail and may change in the future How much space is required for the Linux emulation software On one system we got the following figure cd usr pkg emul du k

    Original URL path: http://wiki.netbsd.org/guide/linux/ (2016-02-01)
    Open archived version from archive

  • lvm
    in the kernel the tool modstat 8 is used vm1 modstat NAME CLASS SOURCE REFS SIZE REQUIRES cd9660 vfs filesys 0 21442 coredump misc filesys 1 2814 exec elf32 misc filesys 0 6713 coredump exec script misc filesys 0 1091 ffs vfs boot 0 163040 kernfs vfs filesys 0 10201 ptyfs vfs filesys 0 7852 You can use modload 8 to load the dm kernel module by issueing modload dm vm1 modstat NAME CLASS SOURCE REFS SIZE REQUIRES cd9660 vfs filesys 0 21442 coredump misc filesys 1 2814 dm misc filesys 0 14448 exec elf32 misc filesys 0 6713 coredump exec script misc filesys 0 1091 ffs vfs boot 0 163040 kernfs vfs filesys 0 10201 ptyfs vfs filesys 0 7852 Configure LVM on a NetBSD system For using LVM you have to install lvm2tools and libdevmapper to NetBSD system These tools and libraries are not enabled as default To enable the build of LVM tools set MKLVM yes in the etc mk conf or MAKECONF file Disklabel each physical volume member of the LVM Each physical volume disk in LVM will need a special file system established In this example I will need to disklabel dev rsd0d dev rsd1d dev rsd2d dev rsd3d It should be borne in mind that it is possible to use the NetBSD vnd driver to make standard file system space appear in the system as a disk device Note Always remember to disklabel the character device not the block device in dev r s w d Note On all platforms except i386 where d partition is used for this the c slice is symbolic of the entire NetBSD partition and is reserved You will probably want to remove any pre existing disklabels on the physical volume disks in the LVM This can be accomplished in one of two ways with the dd 1 command dd if dev zero of dev rsd0d bs 8k count 1 dd if dev zero of dev rsd1d bs 8k count 1 dd if dev zero of dev rsd2d bs 8k count 1 dd if dev zero of dev rsd3d bs 8k count 1 If your port uses a MBR Master Boot Record to partition the disks so that the NetBSD partitions are only part of the overall disk and other OSs like Windows or Linux use other parts you can void the MBR and all partitions on disk by using the command dd if dev zero of dev rsd0d bs 8k count 1 dd if dev zero of dev rsd1d bs 8k count 1 dd if dev zero of dev rsd2d bs 8k count 1 dd if dev zero of dev rsd3d bs 8k count 1 This will make all data on the entire disk inaccessible Note that the entire disk is slice d on i386 and some other ports and c elsewhere e g on sparc See the kern rawpartition sysctl 3 means d 2 means c The default disklabel for the disk will look similar to this disklabel r sd0 snip bytes sector 512 sectors track 63 tracks cylinder 16 sectors cylinder 1008 cylinders 207 total sectors 208896 rpm 3600 interleave 1 trackskew 0 cylinderskew 0 headswitch 0 microseconds track to track seek 0 microseconds drivedata 0 4 partitions size offset fstype fsize bsize cpg sgs a 208896 0 4 2BSD 0 0 0 Cyl 0 207 d 208896 0 unused 0 0 Cyl 0 207 You will need to create one slice on the NetBSD partition of the disk that consumes the entire partition The slice must begin at least two sectors after end of disklabel part of disk On i386 it is sector 63 Therefore the size value should be total sectors minus 2x sectors Edit your disklabel accordingly disklabel e sd0 Note The offset of a slice of type 4 2BSD must be a multiple of the sectors value Note Be sure to export EDITOR path to your favorite editor before editing the disklabels Note The slice must be fstype 4 2BSD Because there will only be one slice on this partition you can recycle the d slice normally reserved for symbolic uses Change your disklabel to the following 3 partitions size offset fstype fsize bsize cpg d 4197403 65 4 2BSD Cyl 1 4020 Optionally you can setup a slice other than d to use simply adjust accordingly below 3 partitions size offset fstype fsize bsize cpg a 4197403 65 4 2BSD Cyl 1 4020 c 4197405 0 unused 1024 8192 Cyl 0 4020 Be sure to write the label when you have completed Disklabel will object to your disklabel and prompt you to re edit if it does not pass its sanity checks Create Physical Volumes Once all disks are properly labeled you will need to create physical volume on them Every partition disk added to LVM must have physical volume header on start of it All informations like Volume group where Physical volume belongs are stored in this header lvm pvcreate dev rwd1 ad Status of physical volume can be viewed with the pvdisplay 8 command lvm pvdisplay Create Volume Group Once all disks are properly labeled with physical volume header volume group must be created from them Volume Group is pool of PEs from which administrator can create Logical Volumes partitions lvm vgcreate vg0 dev rwd1 ad vg0 is name of Volume Group dev rwd1 ad is Physical Volume The volume group can be later extended reduced with vgextend 8 and vgreduce 8 commands These commands add physical volumes to VG lvm vgextend vg0 dev rwd1 ad lvm vgreduce vg0 dev rwd1 ad The status of Volume group can be viewed with the vgdisplay 8 command lvm vgdisplay vg0 Create Logical Volume Once the volume group was created the administrator can create logical partitions volumes lvm lvcreate L 20M n lv1 vg0 vg0 is the name of the volume group L 20M is the size of the logical volume n lv1 is the name of the logical volume Logical Volume

    Original URL path: http://wiki.netbsd.org/guide/lvm/ (2016-02-01)
    Open archived version from archive

  • mail
    the messages You ll probably also want to configure postfix in order to send the e mails to the provider s mail server using it as a relay In the configuration described in this chapter postfix does not directly contact the recipient s mail server as previously described but relays all its mail to the provider s mail server Note The provider s mail server acts as a relay which means that it delivers mail which is not destined to its own domain to another mail server It acts as an intermediary between two servers Since the connection with the provider is not always active it is not necessary to start postfix as a daemon in etc rc conf you can disable it with the line postfix NO As a consequence it will be necessary to launch postfix manually when you want to transfer mail to the provider Local mail is delivered correctly even if postfix is not active as a daemon Let s start configuring postfix Configuration of generic mapping This type of configuration uses a new file etc postfix generic which contains the hostname mapping used by postfix to rewrite the internal hostnames The first step is therefore to write the mapping file carlo ape insetti net alan bignet it root ape insetti net alan bignet it news ape insetti net alan bignet it These entries will map the mail sent from the users given on the left side into the globally valid email addresses given on the right making it appear as if the mail was really sent from that address For the sake of efficiency generic must be transformed into a binary file with the following command postmap etc postfix generic Now it s time to create the prototype configuration file which we ll use to create the postfix configuration file vi etc postfix main cf For the sake of simplicity we ll only show the variables you need to change relayhost mail bignet it smtp generic maps hash etc postfix generic This configuration tells postfix to rewrite the addresses of type ape insetti net using the real names found in the etc postfix generic file It also says that mail should be sent to the mail bignet it server The meaning of the options is described in detail in postconf 5 The last step is to reload the configuration You can do that easily with etc rc d postfix reload postfix postfix script refreshing the Postfix mail system Now everything is ready to start sending mail Testing the configuration Postfix is finally configured and ready to work but before sending real mail it is better to do some simple tests First let s try sending a local e mail with the following command postfix s sendmail wrapper sendmail carlo Subject test Hello world Please follow exactly the example above leave a blank line after Subject and end the message with a line containing only one dot Now you should be able to read the message with your mail client and verify that the From field has been correctly rewritten From alan bignet it Using an alternative MTA Starting from version 1 4 of NetBSD sendmail is not called directly ls l usr sbin sendmail lrwxr xr x 1 root wheel 21 Nov 1 01 14 usr sbin sendmail usr sbin mailwrapper The purpose of mailwrapper is to allow the usage of an alternative MTA instead of postfix for example sendmail If you plan to use a different mailer I suggest that you read the mailwrapper 8 and the mailer conf 5 manpages which are very clear fetchmail If someone sends me mail it is received and stored by the provider and not automatically transferred to the local hosts therefore it is necessary to download it Fetchmail is a very popular program that downloads mail from a remote mail server using e g the Post Office Protocol POP and forwards it to the local system for delivery usually using postfix s sendmail wrapper It is powerful yet easy to use and configure after installation the file fetchmailrc must be created and the program is ready to run fetchmailrc contains a password so appropriate permissions on the file are required This is an example fetchmailrc poll mail bignet it protocol POP3 username alan there with password pZY9o is carlo here flush mda usr sbin sendmail oem T The last line mda is used only if postfix is not active as daemon on the system Please note that the POP mail server indicated in this file mail bignet it is only used to retrieve mails and that it is not necessary the same as the mail relay used by postfix to send out mails After setting up the fetchmailrc file the following command can be used to download and deliver mail to the local system fetchmail The messages can now be read with mutt Reading and writing mail with mutt Mutt is one of the most popular mail programs it is lightweight easy to use and has lots of features The man page mutt is very bare bones the real documentation is in usr pkg share doc mutt in particular manual txt Mutt s configuration is defined by the muttrc file The easiest way to create it is to copy mutt s example muttrc file usually usr pkg share examples mutt sample muttrc to the home directory and modify it The following example shows how to achieve some results Save a copy of sent mail Define a directory and two files for incoming and outgoing mail saved by mutt in this example the directory is Mail and the files are incoming and outgoing Define some colors Define an alias set copy yes set edit headers set folder Mail unset force name set mbox Mail incoming set record Mail outgoing unset save name bind pager previous page bind pager next page color normal white black color hdrdefault blue black color indicator white blue color markers red black color quoted

    Original URL path: http://wiki.netbsd.org/guide/mail/ (2016-02-01)
    Open archived version from archive

  • misc
    the error Password file is busy please see the section below Password file is busy If you try to modify a password and you get the mysterious message Password file is busy it probably means that the file etc ptmp has not been deleted from the system This file is a temporary copy of the etc master passwd file check that you are not losing important information and then delete it rm etc ptmp Note If the file etc ptmp exists you can also receive a warning message at system startup For example root password file may be incorrect etc ptmp exists Adding a new hard disk This section describes how to add a new hard disk to an already working NetBSD system In the following example a new SCSI controller and a new hard disk connected to the controller will be added If you don t need to add a new controller skip the relevant part and go to the hard disk configuration The installation of an IDE hard disk is identical only the device name will be different wd instead of sd As always before buying new hardware consult the hardware compatibility list of NetBSD or ask on a mailing list to make sure the new device is supported by NetBSD When the SCSI controller has been physically installed in the system and the new hard disk has been connected it s time to restart the computer and check that the device is correctly detected using the dmesg 8 command This is the sample output for an NCR 875 controller ncr0 at pci0 dev 15 function 0 ncr 53c875 fast20 wide scsi ncr0 interrupting at irq 10 ncr0 minsync 12 maxsync 137 maxoffs 16 128 dwords burst large dma fifo ncr0 single ended open drain IRQ driver using on chip SRAM ncr0 restart scsi reset scsibus0 at ncr0 16 targets 8 luns per target sd0 ncr0 2 0 20 0 MB s 50 ns offset 15 sd0 2063MB 8188 cyl 3 head 172 sec 512 bytes sect x 4226725 sectors If the device doesn t appear in the output check that it is supported by the kernel that you are using if necessary compile a customized kernel see Compiling the kernel Now the partitions can be created using the fdisk 8 command First check the current status of the disk fdisk sd0 NetBSD disklabel disk geometry cylinders 8188 heads 3 sectors track 172 516 sectors cylinder BIOS disk geometry cylinders 524 heads 128 sectors track 63 8064 sectors cylinder Partition table 0 sysid 6 Primary big DOS 16 bit FAT 32MB start 63 size 4225473 2063 MB flag 0x0 beg cylinder 0 head 1 sector 1 end cylinder 523 head 127 sector 63 1 UNUSED 2 UNUSED 3 UNUSED In this example the hard disk already contains a DOS partition which will be deleted and replaced with a native NetBSD partition The command fdisk u sd0 allows to modify interactively the partitions The modified data will be written

    Original URL path: http://wiki.netbsd.org/guide/misc/ (2016-02-01)
    Open archived version from archive

  • net-intro
    between which refresh the signals this is not enough to cover all the locations where machines are located Besides that there is a maximum number of 1024 hosts on one ethernet wire and you ll lose quite a bit of performance if you go to this limit So are you hosed now Having an address which allows more than 60000 hosts but being bound to media which allows far less than that limit Well of course not The idea is to divide the big class B net into several smaller networks commonly called sub networks or simply subnets Those subnets are only allowed to have say 254 hosts on them i e you divide one big class B network into several class C networks To do this you adjust your netmask to have more network and less host bits on it This is usually done on a byte boundary but you re not forced to do it there So commonly your netmask will not be 255 255 0 0 as supposed by a class B network but it will be set to 255 255 255 0 In CIDR notation you now write a 24 instead of the 16 to show that 24 bits of the address are used for identifying the network and subnet instead of the 16 that were used before This gives you one additional network byte to assign to each physical network All the 254 hosts on that subnet can now talk directly to each other and you can build 256 such class C nets This should fit your needs To explain this better let s continue our above example Say our host 132 199 15 99 I ll call him dusk from now we ll talk about assigning hostnames later has a netmask of 255 255 255 0 and thus is on the subnet 132 199 15 0 24 Let s furthermore introduce some more hosts so we have something to play around with see the next figure Our demo network In the above network dusk can talk directly to dawn as they are both on the same subnet There are other hosts attached to the 132 199 15 0 24 subnet but they are not of importance for us now But what if dusk wants to talk to a host on another subnet Well the traffic will then go through one or more gateways routers which are attached to two subnets Because of this a router always has two different addresses one for each of the subnets it is on The router is functionally transparent i e you don t have to address it to reach hosts on the other side Instead you address that host directly and the packets will be routed to it correctly Example Let s say dusk wants to get some files from the local ftp server As dusk can t reach ftp directly because it s on a different subnet all its packets will be forwarded to its defaultrouter rzi 132 199 15 1 which knows where to forward the packets Dusk knows the address of its defaultrouter in its network rzi 132 199 15 1 and it will forward any packets to it which are not on the same subnet i e it will forward all IP packets in which the third address byte isn t 15 The default router then gives the packets to the appropriate host as it s also on the FTP server s network In this example all packets are forwarded to the 132 199 1 0 24 network simply because it s the network s backbone the most important part of the network which carries all the traffic that passes between several subnets Almost all other networks besides 132 199 15 0 24 are attached to the backbone in a similar manner But what if we had hooked up another subnet to 132 199 15 0 24 instead of 132 199 1 0 24 Maybe something the situation displayed in the next figure Attaching one subnet to another one When we now want to reach a host which is located in the 132 199 16 0 24 subnet from dusk it won t work routing it to rzi but you ll have to send it directly to route2 132 199 15 2 Dusk will have to know to forward those packets to route2 and send all the others to rzi When configuring dusk you tell it to forward all packets for the 132 199 16 0 24 subnet to route2 and all others to rzi Instead of specifying this default as 132 199 1 0 24 132 199 2 0 24 etc 0 0 0 0 can be used to set the default route Returning to our demo network there s a similar problem when dawn wants to send to noon which is connected to dusk via a serial line running When looking at the IP addresses noon seems to be attached to the 132 199 15 0 network but it isn t really Instead dusk is used as gateway and dawn will have to send its packets to dusk which will forward them to noon then The way dusk is forced into accepting packets that aren t destined at it but for a different host noon instead is called proxy arp The same goes when hosts from other subnets want to send to noon They have to send their packets to dusk possibly routed via rzi Name Service Concepts In the previous sections when we talked about hosts we referred to them by their IP addresses This was necessary to introduce the different kinds of addresses When talking about hosts in general it s more convenient to give them names as we did when talking about routing Most applications don t care whether you give them an IP address or a hostname However they ll use IP addresses internally and there are several methods for them to map hostnames to IP addresses each one with its own way of configuration In this section we ll introduce the idea behind each method in the next chapter we ll talk about the configuration part The mapping from hostnames and domainnames to IP addresses is done by a piece of software called the resolver This is not an extra service but some library routines which are linked to every application using networking calls The resolver will then try to resolve hence the name the hostnames you give into IP addresses See RFC1034 Domain names concepts and facilities and RFC1035 Domain names implementation and specification for details on the resolver Hostnames are usually up to 256 characters long and contain letters numbers and dashes case is ignored Just as with networks and subnets it s possible and desirable to group hosts into domains and subdomains When getting your network address you usually also obtain a domainname by your provider As with subnets it s up to you to introduce subdomains Other as with IP addresses sub domains are not directly related to sub nets for example one domain can contain hosts from several subnets Our demo network shows this Both subnets 132 199 1 0 24 and 132 199 15 0 24 and others are part of the subdomain rz uni regensburg de The domain the University of Regensburg got from its IP provider is uni regensburg de de is for Deutschland Germany the subdomain rz is for Rechenzentrum computing center Hostnames subdomain and domainnames are separated by dots It s also possible to use more than one stage of subdomains although this is not very common An example would be fox in socs uts edu au A hostname which includes the sub domain is also called a fully qualified domain name FQDN For example the IP address 132 199 15 99 belongs to the host with the FQDN dusk rz uni regensburg de Further above I told you that the IP address 127 0 0 1 always belongs to the local host regardless what s the real IP address of the host Therefore 127 0 0 1 is always mapped to the name localhost The three different ways to translate hostnames into IP addresses are etc hosts the Domain Name Service DNS and the Network Information Service NIS etc hosts The first and simplest way to translate hostnames into IP addresses is by using a table telling which IP address belongs to which hostname s This table is stored in the file etc hosts and has the following format IP address hostname nickname Lines starting with a hash mark are treated as comments The other lines contain one IP address and the corresponding hostname s It s not possible for a hostname to belong to several IP addresses even if I made you think so when talking about routing rzi for example has really two distinct names for each of its two addresses rzi and rzia but please don t ask me which name belongs to which address Giving a host several nicknames can be convenient if you want to specify your favorite host providing a special service with that name as is commonly done with FTP servers The first leftmost name is usually the real canonical name of the host Besides giving nicknames it s also convenient to give a host s full name including domain as its canonical name and using only its hostname without domain as a nickname Important There must be an entry mapping localhost to 127 0 0 1 in etc hosts Domain Name Service DNS etc hosts bears an inherent problem especially in big networks when one host is added or one host s address changes all the etc hosts files on all machines have to be changed This is not only time consuming it s also very likely that there will be some errors and inconsistencies leading to problems Another approach is to hold only one hostnames table database for a network and make all the clients query that nameserver Updates will be made only on the nameserver This is the basic idea behind the Domain Name Service DNS Usually there s one nameserver for each domain hence DNS and every host client in that domain knows which domain it is in and which nameserver to query for its domain When the DNS gets a query about a host which is not in its domain it will forward the query to a DNS which is either the DNS of the domain in question or knows which DNS to ask for the specified domain If the DNS forwarded the query doesn t know how to handle it it will forward that query again to a DNS one step higher This is not ad infinitum there are several root servers which know about any domain See the separate article for details on DNS Network Information Service NIS YP Yellow Pages YP was invented by Sun Microsystems The name has been changed into Network Information Service NIS because YP was already a trademark of the British telecom So when I m talking about NIS you ll know what I mean There are quite some configuration files on a Unix system and often it s desired to maintain only one set of those files for a couple of hosts Those hosts are grouped together in a NIS domain which has nothing to do with the domains built by using DNS and are usually contained in one workstation cluster Examples for the config files shared among those hosts are etc passwd etc group and last but not least etc hosts So you can abuse NIS for getting a unique name to address translation on all hosts throughout one NIS domain There s only one drawback which prevents NIS from actually being used for that translation In contrast to the DNS NIS provides no way to resolve hostnames which are not in the hosts table There s no hosts one level up which the NIS server can query and so the translation will fail Suns NIS takes measures against that problem but as NIS is only available on Solaris systems this is of little use for us now Don t get me wrong NIS is a fine thing for managing e g user information etc passwd in workstation clusters it s simply not too useful for resolving hostnames Other The name resolving methods described above are what s used commonly today to resolve hostnames into IP addresses but they aren t the only ones Basically every database mechanism would do but none is implemented in NetBSD Let s have a quick look what you may encounter With NIS lacking hierarchy in data structures NIS is intended to help out in that field Tables can be setup in a way so that if a query cannot be answered by a domain s server there can be another domain above that might be able to do so E g you could choose to have a domain that lists all the hosts users groups that are valid in the whole company one that defines the same for each division etc NIS is not used a lot today even Sun went back to ship back NIS by default Last century the X 500 standard was designed to accommodate both simple databases like etc hosts as well as complex hierarchical systems as can be found e g in DNS today X 500 wasn t really a success mostly due to the fact that it tried to do too much at the same time A cut down version is available today as the Lightweight Directory Access Protocol LDAP which is becoming popular in the last years to manage data like users but also hosts and others in small to medium sized organisations Next generation Internet protocol IPv6 The Future of the Internet According to experts the Internet as we know it will face a serious problem in a few years Due to its rapid growth and the limitations in its design there will be a point at which no more free addresses are available for connecting new hosts At that point no more new web servers can be set up no more users can sign up for accounts at ISPs no more new machines can be setup to access the web or participate in online games some people may call this a serious problem Several approaches have been made to solve the problem A very popular one is to not assign a worldwide unique address to every user s machine but rather to assign them private addresses and hide several machines behind one official globally unique address This approach is called Network Address Translation NAT also known as IP Masquerading It has problems as the machines hidden behind the global address can t be addressed and as a result of this opening connections to them which is used in online gaming peer to peer networking etc is not possible For a more in depth discussion of the drawbacks of NAT see RFC3027 guide index bilbiography Protocol Complications with the IP Network Address Translator A different approach to the problem of internet addresses getting scarce is to abandon the old Internet protocol with its limited addressing capabilities and use a new protocol that does not have these limitations The protocol or actually a set of protocols used by machines connected to form today s Internet is know as the TCP IP Transmission Control Protocol Internet Protocol suite and version 4 currently in use has all the problems described above Switching to a different protocol version that does not have these problems of course requires for a better version to be available which actually is Version 6 of the Internet Protocol IPv6 does fulfill any possible future demands on address space and also addresses further features such as privacy encryption and better support of mobile computing Assuming a basic understanding of how today s IPv4 works this text is intended as an introduction to the IPv6 protocol The changes in address formats and name resolution are covered With the background given here the next sections will show how to use IPv6 even if your ISP doesn t offer it by using a simple yet efficient transition mechanism called 6to4 The goal is to get online with IPv6 giving an example configuration for NetBSD What good is IPv6 When telling people to migrate from IPv4 to IPv6 the question you usually hear is why There are actually a few good reasons to move to the new version Bigger address space Support for mobile devices Built in security Bigger Address Space The bigger address space that IPv6 offers is the most obvious enhancement it has over IPv4 While today s internet architecture is based on 32 bit wide addresses the new version has 128 bit available for addressing Thanks to the enlarged address space work arounds like NAT don t have to be used any more This allows full unconstrained IP connectivity for today s IP based machines as well as upcoming mobile devices like PDAs and cell phones will benefit from full IP access through GPRS and UMTS Mobility When mentioning mobile devices and IP another important point to note is that some special protocol is needed to support mobility and implementing this protocol called Mobile IP is one of the requirements for every IPv6 stack Thus if you have IPv6 going you have support for roaming between different networks with everyone being updated when you leave one network and enter the other one Support for roaming is possible with IPv4 too but there are a number of hoops that need to be jumped in order to get things working With IPv6 there s no need for this as support for mobility was one of the design requirements for IPv6 See RFC3024 Reverse Tunneling for Mobile IP for some more information on the issues that need to be addressed with Mobile IP on IPv4

    Original URL path: http://wiki.netbsd.org/guide/net-intro/ (2016-02-01)
    Open archived version from archive

  • net-practice
    example of the etc nsswitch conf file etc nsswitch conf group compat group compat nis hosts files dns netgroup files notfound return nis networks files passwd compat passwd compat nis shells files The defaults of doing hostname lookups via etc hosts followed by the DNS works fine and there s usually no need to modify this Creating the directories for pppd The directories etc ppp and etc ppp peers will contain the configuration files for the PPP connection After a fresh install of NetBSD they don t exist and must be created chmod 700 mkdir etc ppp mkdir etc ppp peers Connection script and chat file The connection script will be used as a parameter on the pppd command line it is located in etc ppp peers and has usually the name of the provider For example if the provider s name is BigNet and your user name for the connection to the provider is alan an example connection script could be etc ppp peers bignet connect usr sbin chat v f etc ppp peers bignet chat noauth user alan remotename bignet it In the previous example the script specifies a chat file to be used for the connection The options in the script are detailed in the pppd 8 man page Note If you are experiencing connection problems add the following two lines to the connection script debug kdebug 4 You will get a log of the operations performed when the system tries to connect See pppd 8 syslog conf 5 The connection script calls the chat application to deal with the physical connection modem initialization dialing The parameters to chat can be specified inline in the connection script but it is better to put them in a separate file If for example the telephone number of the POP to call is 02 99999999 an example chat script could be etc ppp peers bignet chat ABORT BUSY ABORT NO CARRIER ABORT NO DIALTONE ATDT0299999999 CONNECT Note If you have problems with the chat file you can try connecting manually to the POP with the cu 1 program and verify the exact strings that you are receiving Authentication During authentication each of the two systems verifies the identity of the other system although in practice you are not supposed to authenticate the provider but only to be verified by him using one of the following methods PAP CHAP login Most providers use a PAP CHAP authentication PAP CHAP authentication The authentication information speak password is stored in the etc ppp pap secrets for PAP and in etc ppp chap secrets for CHAP The lines have the following format user password For example alan pZY9o For security reasons the pap secrets and chap secrets files should be owned by root and have permissions 600 chown root etc ppp pap secrets chown root etc ppp chap secrets chmod 600 etc ppp pap secrets chmod 600 etc ppp chap secrets Login authentication This type of authentication is not widely used today if the provider uses login authentication user name and password must be supplied in the chat file instead of the PAP CHAP files because the chat file simulates an interactive login In this case set up appropriate permissions for the chat file The following is an example chat file with login authentication etc ppp peers bignet chat ABORT BUSY ABORT NO CARRIER ABORT NO DIALTONE ATDT0299999999 CONNECT TIMEOUT 50 ogin alan ssword pZY9o pppd options The only thing left to do is the creation of the pppd options file which is etc ppp options chmod 644 dev tty01 lock crtscts 57600 modem defaultroute noipdefault Check the pppd 8 man page for the meaning of the options Testing the modem Before activating the link it is a good idea to make a quick modem test in order to verify that the physical connection and the communication with the modem works For the test the cu 1 program can be used as in the following example Create the file etc uucp port with the following lines type modem port modem device dev tty01 speed 115200 substitute the correct device in place of dev tty01 Write the command cu p modem to start sending commands to the modem For example cu p modem Connected ATZ OK Disconnected In the previous example the reset command ATZ was sent to the modem which replied with OK the communication works To exit cu 1 write tilde followed by dot as in the example If the modem doesn t work check that it is connected to the correct port i e you are using the right port with cu 1 Cables are a frequent cause of trouble too When you start cu 1 and a message saying Permission denied appears check who is the owner of the dev tty device it must be uucp For example ls l dev tty00 crw 1 uucp wheel 8 0 Mar 22 20 39 dev tty00 If the owner is root the following happens ls l dev tty00 crw 1 root wheel 8 0 Mar 22 20 39 dev tty00 cu p modem cu open dev tty00 Permission denied cu All matching ports in use Activating the link At last everything is ready to connect to the provider with the following command pppd call bignet where bignet is the name of the already described connection script To see the connection messages of pppd give the following command tail f var log messages To disconnect do a kill HUP of pppd pkill HUP pppd Using a script for connection and disconnection When the connection works correctly it s time to write a couple of scripts to avoid repeating the commands every time These two scripts can be named for example ppp start and ppp stop ppp start is used to connect to the provider bin sh MODEM tty01 POP bignet if f var spool lock LCK MODEM then echo ppp is already running else pppd call POP tail f var log messages fi ppp stop is used to close the connection bin sh MODEM tty01 if f var spool lock LCK MODEM then echo f killing pppd kill HUP cat var spool lock LCK MODEM echo done else echo ppp is not active fi The two scripts take advantage of the fact that when pppd is active it creates the file LCK tty01 in the var spool lock directory This file contains the process ID pid of the pppd process The two scripts must be executable chmod u x ppp start ppp stop Running commands after dialin If you find yourself to always run the same set of commands each time you dial in you can put them in a script etc ppp ip up which will be called by pppd 8 after successful dial in Likewise before the connection is closed down etc ppp ip down is executed Both scripts are expected to be executable See pppd 8 for more details Creating a small home network Networking is one of the main strengths of Unix and NetBSD is no exception networking is both powerful and easy to set up and inexpensive too because there is no need to buy additional software to communicate or to build a server Setting up an Internet gateway with IPNAT explains how to configure a NetBSD machine to act as a gateway for a network with IPNAT all the hosts of the network can reach the Internet with a single connection to a provider made by the gateway machine The only thing to be checked before creating the network is to buy network cards supported by NetBSD check the INSTALL files for a list of supported devices First the network cards must be installed and connected to a hub switch or directly see the next image for an example configuration Next check that the network cards are recognized by the kernel studying the output of the dmesg command In the following example the kernel recognized correctly an NE2000 clone ne0 at isa0 port 0x280 0x29f irq 9 ne0 NE2000 Ethernet ne0 Ethernet address 00 c2 dd c1 d1 21 If the card is not recognized by the kernel check that it is enabled in the kernel configuration file and then that the card s IRQ matches the one that the kernel expects For example this is the isa NE2000 line in the configuration file the kernel expects the card to be at IRQ 9 ne0 at isa port 0x280 irq 9 NE 12 000 ethernet cards If the card s configuration is different it will probably not be found at boot In this case either change the line in the kernel configuration file and compile a new kernel or change the card s setup usually through a setup disk or for old cards a jumper on the card The following command shows the network card s current configuration ifconfig ne0 ne0 flags 8822 BROADCAST NOTRAILERS SIMPLEX MULTICAST mtu 1500 address 00 50 ba aa a7 7f media Ethernet autoselect 10baseT inet6 fe80 250 baff feaa a77f ne0 prefixlen 64 scopeid 0x1 The software configuration of the network card is very easy The IP address 192 168 1 1 is assigned to the card ifconfig ne0 inet 192 168 1 1 netmask 0xffffff00 Note that the networks 10 0 0 0 8 and 192 168 0 0 16 are reserved for private networks which is what we re setting up here Repeating the previous command now gives a different result ifconfig ne0 ne0 flags 8863 UP BROADCAST NOTRAILERS RUNNING SIMPLEX MULTICAST mtu 1500 address 00 50 ba aa a7 7f media Ethernet autoselect 10baseT inet 192 168 1 1 netmask 0xffffff00 broadcast 192 168 1 255 inet6 fe80 250 baff feaa a77f ne0 prefixlen 64 scopeid 0x1 The output of ifconfig has now changed the IP address is now printed and there are two new flags UP and RUNNING If the interface isn t UP it will not be used by the system to send packets The host was given the IP address 192 168 1 1 which belongs to the set of addresses reserved for internal networks which are not reachable from the Internet The configuration is finished and must now be tested if there is another active host on the network a ping can be tried For example if 192 168 1 2 is the address of the active host ping 192 168 1 2 PING ape 192 168 1 2 56 data bytes 64 bytes from 192 168 1 2 icmp seq 0 ttl 255 time 1 286 ms 64 bytes from 192 168 1 2 icmp seq 1 ttl 255 time 0 649 ms 64 bytes from 192 168 1 2 icmp seq 2 ttl 255 time 0 681 ms 64 bytes from 192 168 1 2 icmp seq 3 ttl 255 time 0 656 ms C ape PING Statistics 4 packets transmitted 4 packets received 0 0 packet loss round trip min avg max stddev 0 649 0 818 1 286 0 312 ms With the current setup at the next boot it will be necessary to repeat the configuration of the network card In order to avoid repeating the card s configuration at each boot add the following lines to etc rc conf auto ifconfig yes ifconfig ne0 inet 192 168 1 1 netmask 0xffffff00 In this example the variable ifconfig ne0 was set because the network card was recognized as ne0 by the kernel if you are using a different adapter substitute the appropriate name in place of ne0 At the next boot the network card will be configured automatically If you have a router that is connected to the internet you can use it as default router which will handle all your packets To do so set defaultroute to the router s IP address in etc rc conf defaultroute 192 168 0 254 Be sure to use the default router s IP address instead of name in case your DNS server is beyond the default router In that case the DNS server couldn t be reached to resolve the default router s hostname and vice versa creating a chicken and egg problem To reach hosts on your local network and assuming you really have very few hosts adjust etc hosts to contain the addresses of all the hosts belonging to the internal network For example Host Database This file should contain the addresses and aliases for local hosts that share this file It is used only for ifconfig and other operations before the nameserver is started 127 0 0 1 localhost 1 localhost RFC 1918 specifies that these networks are internal 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 192 168 1 1 ape insetti net ape 192 168 1 2 vespa insetti net vespa 192 168 1 0 insetti net If you are dialed in via an Internet Service Provider or if you have a local Domain Name Server DNS running you may want to use it to resolve hostnames to IP addresses possibly in addition to etc hosts which would only know your own hosts To configure a machine as DNS client you need to edit etc resolv conf and enter the DNS server s address in addition to an optional domain name that will be appended to hosts with no domain in order to create a FQDN for resolving Assuming your DNS server s IP address is 192 168 1 2 and it is setup to serve for home net put the following into etc resolv conf etc resolv conf domain home net nameserver 192 168 1 2 The etc nsswitch conf file should be checked as explained in the previous nsswitch conf example Summing up to configure the network the following must be done the network adapters must be installed and physically connected Next they must be configured with ifconfig and finally the file etc rc conf must be modified to configure the interface and possibly default router and etc resolv conf and etc nsswitch conf should be adjusted if DNS should be used This type of network management is sufficient for small networks without sophisticated needs Setting up an Internet gateway with IPNAT The mysterious acronym IPNAT hides the Internet Protocol Network Address Translation which enables the routing of an internal network e g your home network as described in the previous section on a real network Internet This means that with only one real IP static or dynamic belonging to a gateway running IPNAT it is possible to create simultaneous connections to the Internet for all the hosts of the internal network Some usage examples of IPNAT can be found in the subdirectory usr share examples ipf look at the files BASIC NAT and nat setup The setup for the example described in this section is detailed in the following figure host 1 can connect to the Internet calling a provider with a modem and getting a dynamic IP address host 2 and host 3 can t communicate with the Internet with a normal setup IPNAT allows them to do it host 1 will act as a Internet gateway for hosts 2 and 3 Using host 1 as default router hosts 2 and 3 will be able to access the Internet Network with gateway Configuring the gateway firewall To use IPNAT the pseudo device ipfilter must be compiled into the kernel and IP packet forwarding must be enabled in the kernel To check run sysctl net inet ip forwarding net inet ip forwarding 1 If the result is 1 as in the previous example the option is enabled otherwise if the result is 0 the option is disabled You can do two things Compile a new kernel with the GATEWAY option enabled Enable the option in the current kernel with the following command sysctl w net inet ip forwarding 1 You can add sysctl settings to etc sysctl conf to have them set automatically at boot In this case you would want to add net inet ip forwarding 1 The rest of this section explains how to create an IPNAT configuration that is automatically started every time that a connection to the provider is activated with the PPP link With this configuration all the host of a home network for example will be able to connect to the Internet through the gateway machine even if they don t use NetBSD For the setup first create the etc ipnat conf file containing the following rules map ppp0 192 168 1 0 24 0 32 proxy port ftp ftp tcp map ppp0 192 168 1 0 24 0 32 portmap tcp udp 40000 60000 map ppp0 192 168 1 0 24 0 32 192 168 1 0 24 are the network addresses that should be mapped The first line of the configuration file is optional it enables active FTP to work through the gateway The second line is used to handle correctly tcp and udp packets the portmapping is necessary because of the many to one relationship The third line is used to enable ICMP ping etc Next create the etc ppp ip up file it will be called automatically every time that the PPP link is activated bin sh etc ppp ip up etc rc d ipnat forcestart Create the file etc ppp ip down it will be called automatically when the PPP link is closed bin sh etc ppp ip down etc rc d ipnat forcestop Both ip up and ip down must be executable chmod u x ip up ip down The gateway machine is now ready Configuring the clients Create a etc resolv conf file like the one on the gateway machine to make the clients access the same DNS server as the gateway Next make all clients use the gateway as their default router Use the following command route add default 192 168 1 1 192 168 1 1 is the address of the gateway machine configured in the previous section Of course you don t want to give this command every time so it s better to define the defaultroute entry in the etc rc conf file the default route will be set automatically during system initialization using the defaultroute option as an argument to the route add default command If the client machine is not using NetBSD the configuration will be different On Windows PCs you need to set the gateway property of the TCP IP protocol to the IP address of the NetBSD gateway That s all that needs to be done on the client machines Some useful commands The following commands can be useful for diagnosing problems ping tries to connect to other computers via ICMP usually used for testing if a connection exists netstat r Displays the routing tables similar to route show traceroute On the client it shows the route followed by the packets to their destination tcpdump Use on the gateway to monitor TCP IP traffic Setting up a network bridge device A bridge can be used to combine different physical networks into one logical network i e connect them at layer 2 of the ISO OSI model not at layer 3 which is what a router would do The NetBSD bridge driver provides bridge functionality on NetBSD systems Bridge example In this example two physical networks are going to be combined in one logical network 192 168 1 0 using a NetBSD bridge The NetBSD machine which is going to act as bridge has two interfaces ne0 and ne1 which are each connected to one physical network The first step is to make sure support for the bridge is compiled in the running kernel Support is included in the GENERIC kernel When the system is ready the bridge can be created this can be done using the brconfig 8 command First of a bridge interface has to be created With the following ifconfig command the bridge0 interface will be created ifconfig bridge0 create Please make sure that at this point both the ne0 and ne1 interfaces are up The next step is to add the ne0 and ne1 interfaces to the bridge brconfig bridge0 add ne0 add ne1 up This configuration can be automatically set up by creating an etc ifconfig interface file in this case etc ifconfig bridge0 with the following contents create brconfig int add ne0 add ne1 up After setting up the bridge the bridge configuration can be displayed using the brconfig a command Remember that if you want to give the bridge machine an IP address you can only allocate an IP address to one of the interfaces which are part of the bridge A common LAN setup The small home network discussed in the previous section contained many items that were configured manually In bigger LANs that are centrally managed one can expect Internet connectivity being available via some router a DNS server being available and most important a DHCP server which hands out IP addresses to clients on request To make a NetBSD client run in such an environment it s usually enough to set dhclient yes in etc rc conf and the IP address will be set automatically etc resolv conf will be created and routing setup to the default router Connecting two PCs through a serial line If you need to transfer files between two PCs which are not networked there is a simple solution which is particularly handy when copying the files to a floppy is not practical the two machines can be networked with a serial cable a null modem cable The following sections describe some configurations Connecting NetBSD with BSD or Linux The easiest case is when both machines run NetBSD making a connection with the SLIP protocol is very easy On the first machine write the following commands slattach dev tty00 ifconfig sl0 inet 192 168 1 1 192 168 1 2 On the second machine write the following commands slattach dev tty00 ifconfig sl0 inet 192 168 1 2 192 168 1 1 Now you can test the connection with ping for example on the second PC write ping 192 168 1 1 If everything worked there is now an active network connection between the two machines and ftp telnet and other similar commands can be executed The textual aliases of the machines can be written in the etc hosts file In the previous example both PCs used the first serial port dev tty0 Substitute the appropriate device if you are using another port IP addresses like 192 168 x x are reserved for internal networks The first PC has address 192 168 1 1 and the second 192 168 1 2 To achieve a faster connection the s speed option to slattach can be specified ftp can be used to transfer files only if inetd is active and the ftpd server is enabled Linux If one of the two PCs runs Linux the commands are slightly different on the Linux machine only If the Linux machine gets the 192 168 1 2 address the following commands are needed slattach p slip s 115200 dev ttyS0 ifconfig sl0 192 168 1 2 pointopoint 192 168 1 1 up route add 192 168 1 1 dev sl0 Don t forget the in the first command Connecting NetBSD and Windows NT NetBSD and Windows NT can be almost easily networked with a serial null modem cable Basically what needs to be done is to create a Remote Access connection under Windows NT and to start pppd on NetBSD Start pppd as root after having created a ppprc in root Use the following example as a template connect usr sbin chat v CLIENT CLIENTSERVER local tty00 115200 crtscts lock noauth nodefaultroute 192 168 1 2 The meaning of the first line will be explained later in this section 192 168 1 2 is the IP address that will be assigned by NetBSD to the Windows NT host tty00 is the serial port used for the connection first serial port On the NT side a null modem device must be installed from the Control Panel Modem icon and a Remote Access connection using this modem must be created The null modem driver is standard under Windows NT 4 but it s not a 100 null modem when the link is activated NT sends the string CLIENT and expects to receive the answer CLIENTSERVER This is the meaning of the first line of the ppprc file chat must answer to NT when the connection is activated or the connection will fail In the configuration of the Remote Access connection the following must be specified use the null modem telephone number 1 it s not used anyway PPP server enable only TCP IP protocol use IP address and nameservers from the server NetBSD in this case Select the hardware control flow and set the port to 115200 8N1 Now everything is ready to activate the connection Connect the serial ports of the two machines with the null modem cable Launch pppd on NetBSD To see the messages of pppd tail f var log messages Activate the Remote Access connection on Windows NT Connecting NetBSD and Windows 95 The setup for Windows 95 is similar to the one for Windows NT Remote Access on Windows 95 and the PPP server on NetBSD will be used Most if not all Windows 95 releases don t have the null modem driver which makes things a little more complicated The easiest solution is to find one of the available null modem drivers on the Internet it s a small INF file and repeat the same steps as for Windows NT The only difference is that the first line of the ppprc file the one that calls chat can be removed If you can t find a real null modem driver for Windows 95 it s still possible to use a little trick Create a Remote Access connection like the one described before for Windows NT but using the Standard Modem In ppprc substitute the line that calls chat with the following line connect usr sbin chat v ATH OK AT OK ATE0V1 OK AT OK ATDT CONNECT Activate the connection as described in the section before for Windows NT In this way the chat program called when the connection is activated emulates what Windows 95 thinks is a standard modem returning to Windows 95 the same answers that a standard modem would return Whenever Windows 95 sends a modem command string chat returns OK IPv6 Connectivity Transition via 6to4 This section will concentrate on how to get network connectivity for IPv6 and as that is rarely available directly talk at length about the alternatives to native IPv6 connectivity as a transitional method until native IPv6 peers are available Finding an ISP that offers IPv6 natively needs quite some luck What you need next is a router that will be able to handle the traffic To date not all router manufacturers offer IPv6 or hardware accelerated IPv6 features and gateway NAT boxes only rarely support IPv6 and also block IPv6 tunnels An alternative approach involves configuring a standard PC running NetBSD to act as a router The base NetBSD system contains a complete IPv6 routing solution and for special routing needs software like Zebra can provide additional routing protocols This solution is rather common for sites that want IPv6 connectivity today The drawbacks are that you need an ISP that supports IPv6 and that you may need a dedicated uplink only for IPv6 IPv6 to the door may be rare but you can still get IPv6 connectivity by using tunnels Instead of talking IPv6 on the wire the IPv6 packets are encapsulated in IPv4 packets as shown in the next image Using the existing IPv4 infrastructure the encapsulated packets are sent to a IPv6 capable uplink that will then remove the encapsulation and forward the IPv6 packets A frequently used method for transition is tunneling IPv6 in IPv4 packets When using tunnels there are two possibilities One is to use a so called configured tunnel the other is called an automatic tunnel A configured tunnel is one that required preparation from both ends of the tunnel usually connected with some kind of registration to exchange setup information An example for such a configured tunnel is the IPv6 over IPv4 encapsulation described in RFC1933 RFC 1933 Transition Mechanisms for IPv6 Hosts and Routers and that s implemented e g by the gif 4 device found in NetBSD An automatic tunnel consists of a public server that has some kind of IPv6 connectivity e g via 6Bone That server has made its connectivity data public and also runs a tunneling protocol that does not require an explicit registration of the sites using it as uplink A well used example of such a protocol is the 6to4 mechanism described in RFC3056 RFC 3056 Connection of IPv6 Domains via IPv4 Clouds and that is implemented in the stf 4 device found in NetBSD s Another mechanism that does not require registration of IPv6 information is the 6over4 mechanism which implements transporting of IPv6 over a multicast enabled IPv4 network instead of e g ethernet or FDDI 6over4 is documented in RFC2529 RFC 2529 Transmission of IPv6 over IPv4 Domains without Explicit Tunnels It s main drawback is that you do need existing multicast infrastructure If you don t have that setting it up is about as much effort as setting up a configured IPv6 tunnel directly so it s usually not worth bothering in that case Getting 6to4 IPv6 up running 6to4 is an easy way to get IPv6 connectivity for hosts that only have an IPv4 uplink especially if you have the background given in the chapter about IPv6 It can be used with static as well as dynamically assigned IPv4 addresses e g as found in modem dialup scenarios today When using dynamic IPv4 addresses a change of IP addresses will be a problem for incoming traffic i e you can t run persistent servers Example configurations given in this section are for NetBSD 1 5 2 Obtaining IPv6 Address Space for 6to4 The 6to4 IPv6 setup on your side doesn t consist of a single IPv6 address Instead you get a whole 48 network The IPv6 addresses are derived from your single IPv4 address The address prefix 2002 is reserved for 6to4 based addresses i e IPv6 addresses derived from IPv4 addresses The next 32 bits are your IPv4 address This results in a 48 network that you can use for your very own purpose It leaves 16 bits space for 2 16 IPv6 subnets which can take up to 2 64 nodes each The next figure illustrates the building of your IPv6 address range from your IPv4 address Thanks to the 6to4 prefix and your worldwide unique IPv4 address this address block is unique and it s mapped to your machine carrying the IPv4 address in question 6to4 derives an IPv6 from an IPv4 address How to get connected In contrast to the configured IPv6 over IPv4 tunnel setup you do not have to register at a 6bone gateway which would only then forward your IPv6 traffic encapsulated in IPv4 Instead as your IPv6 address is derived from your IPv4 address inbound traffic can be sent through the nearest 6to4 relay router De encapsulation of the packet is done via a 6to4 capable network interface which then forwards the resulting IPv6 packet according to your routing setup in case you have more than one machine connected on your 6to4 assigned network To transmit IPv6 packets the 6to4 router will encapsulate them inside IPv4 packets a system performing these functions is called a 6to4 border router These packets have a default route to the 6to4 relay anycast prefix This anycast prefix will route the tunnel to a 6to4 relay router Request and reply can be routed via different gateways in 6to4 Security Considerations In contrast to the configured tunnel setup you usually can t setup packet filters to block 6to4 packets from unauthorized sources as this is exactly how and why 6to4 works at all As such malicious users can send packets with invalid hazardous IPv6 payload If you don t already filter on your border gateways anyways packets with the following characteristics should not be allowed as valid 6to4 packets and some firewalling seems to be justified for them unspecified IPv4 source destination address 0 0 0 0 8 loopback address in outer v4 source destination 127 0 0 0 8 IPv4 multicast in source destination 224 0 0 0 4 limited broadcasts 255 0 0 0 8 subnet broadcast address as source destination depends on your IPv4 setup The NetBSD stf 4 manual page documents some common configuration mistakes intercepted by default by the KAME stack as well as some further advice on filtering but keep in mind that because of the requirement of these filters 6to4 is not perfectly secure Still if forged 6to4 packets become a problem you can use IPsec authentication to ensure the IPv6 packets are not modified Data Needed for 6to4 Setup In order to setup and configure IPv6 over 6to4 a few bits of configuration data must be known in advance These are Your local IPv4 address It can be determined using either the ifconfig a or netstat i commands on most Unix systems If you use a NATing gateway or something be sure to use the official outside visible address not your private 10 8 or 192 168 16 one We will use 62 224 57 114 as the local IPv4 address in our example Your local IPv6 address as derived from the IPv4 address See the previous figure 6to4 derives an IPv6 from an IPv4 address about how to do so For our example this is 2002 3ee0 3972 0001 1 62 224 57 114 0x3ee03972 0001 1 arbitrarily chosen The 6to4 IPv6 relay anycast address which is 2002 c058 6301 or the IPv6 address of a specific 6to4 relay router you want to use The IPv6 address will do as it also contains the IPv4 address in the usual 6to4 translation Kernel Preparation To process 6to4 packets the operating system kernel needs to know about them For that a driver has to be compiled in that knows about 6to4 and how to handle it In NetBSD 4 0 and newer the driver is already present in GENERIC kernel configurations so the procedure below is usually unnecessary For a NetBSD kernel put the following into your kernel config file to prepare it for using IPv6 and 6to4 e g on NetBSD use options INET6 IPv6 pseudo device stf 6to4 IPv6 over IPv4 encapsulation Note that the stf 4 device is not enabled by default on NetBSD releases older than 4 0 Rebuild your kernel then reboot your system to use the new kernel Please consult Compiling the kernel for further information on configuring building and installing a new kernel 6to4 Setup This section describes the commands to setup 6to4 In short the steps performed here are Configure interface Set default route Setup Router Advertisement if wanted The first step in setting up 6to4 is creating the 6to4 interface and assigning an IPv6 address to it This is achieved with the ifconfig 8 command Assuming the example configuration above the commands for NetBSD are ifconfig stf0 create ifconfig stf0 inet6 2002 3ee0 3972 1 1 prefixlen 16 alias After configuring the 6to4 device with these commands routing needs to be setup to forward all tunneled IPv6 traffic to the 6to4 relay router The best way to do this is by setting a default route the command to do so is for NetBSD route add inet6 default 2002 c058 6301 Note that NetBSD s stf 4 device determines the IPv4 address of the 6to4 uplink from the routing table

    Original URL path: http://wiki.netbsd.org/guide/net-practice/ (2016-02-01)
    Open archived version from archive