IPv6 & Linux - HowTo - Part 3

Important Applications

Contents

• IPv6 configuration tools
• Net-tools (hostname, netstat, arp, ifconfig, rarp, route)
• General applications
• TCPwrappers
• Internet super daemon xinetd
• Telnet client and server
• Finger client
• FTP daemon ftpd-BSD
• FTP client netkit ftp
• FTP client lukemftp
• IPv6 debugging tools
• IP utilities (ping6, tracepath6, traceroute6, ...)
• TCPdump

Net-Tools (hostname, netstat, arp, ifconfig, rarp, route)

Why?

• First check if the current installed version with  is already with netstat -?

If you see similar output at the end:
List of possible address families (which support routing):
inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
You can skip this section!

ToDo

URLs:

• Main site: http://www.tazenda.demon.co.uk/phil/net-tools/

Version and filename of the packet:

Additional informations:

Contents:

Unpacking, configuration and installation

1. Move into the source directory:
• cd /usr/src
2. Unpack the new source:
• tar xzf your-path/net-tools-version.tar.gz -C /usr/src
3. Rename the new directory:
• mv net-tools net-tools-version
4. Now create/overwrite the softlink, necessary for shorter paths:
• ln -sf /usr/src/net-tools-version /usr/src/net-tools
5. Move into the source directory:
• cd /usr/src/net-tools
6. Configure the compile options: make clean; make config

Don't forget to set other options depending on your system, too!

8. Now compile:
• make

You should get no errors!
9. And install:
• make install

Binaries and manuals are directly installed to the given directories
Don't worry about such messages: "ls: *.[158]: directory not found", they are caused by non existent multilingual manpages (the US version will be always installed)

IP Utilities (ping6, tracepath6, traceroute6...)

Why?

• First check if the current installed version with  is already ok with rpm -q --qf "%{NAME}-%{VERSION}\n" iputils

Result: iputils-20000121 or better
You can skip this section!

ToDo

URLs:

• Main site: ftp://ftp.inr.ac.ru/ip-routing/

Version and filename of the packet:

tcp_wrappers

Why?

ToDo

URLs:

• Main site: ftp://coast.cs.purdue.edu/pub/tools/unix/netutils/tcp_wrappers/
• Source RPM
• http://www.netcore.fi/pekkas/linux/ipv6/ (glibc-2.2 systems only, e.g. RHL 7.1)

Version and filename of the packet:

Contents:

Using SRPMS: RPM build and install (RHL 6.2)

Using SRPMS: RPM build and install (RHL 7.1)

• Rebuild binary
• rpm --rebuild /path/to/SRPMS/tcp_wrappers-version-release.src.rpm
• Freshen/install package
• rpm -F|ihv /path/to/RPMS/cpu/tcp_wrappers-version-release.cpu.rpm

Using source: Unpacking, configuration and installation

Usage

• First, deny all access (if handled by tcp_wrappers), edit /etc/hosts.deny
# Deny all access
ALL: ALL
• Allow particular access, edit /etc/hosts.allow
# Allow ssh access
sshd: [3ffe:400:100:f101::]/64
• See also given manpages for more details

Hints

• If access won't work, even if allowed, then it is perhaps a built problem of the dedicated server binary. Rebuild SRPMS after IPv6-enabled tcp_wrappers was installed.
• Happen to me with openssh, /var/log/secure shows lines like sshd[pid]: refused connect from 0.0.0.0

eXtended InterNET super Daemon (xinetd)

Why?

ToDo

Additional information

URLs:

• Main site: http://synack.net/xinetd/
• RPM sites:
• ftp://ftp.freshmeat.net/pub/rpms/xinetd/ (currently compiled without IPv6 support)
• RedHat Powertools 6.2 (currently compiled without IPv6 support)
• Binary RPM
• RHL 7.1 (updates)
• Source RPM
• http://www.netcore.fi/pekkas/linux/ipv6/
• For usage with RHL 6.2, a patch for the spec file is needed
• ftp://ftp.bieringer.de/pub/linux/IPv6/xinetd/

Version and filename of the packet:

Latest tarball version I have tested is xinetd-2.1.8.8p2.tar.gz
I've published a modified spec file. You can use it for rebuilding a given SRPMS: ftp://ftp.bieringer.de/pub/linux/IPv6/xinetd/

Contents:

Preparation

• Before you install the IPv6 enabled xinetd, you should deinstall the normal inetd and install the IPv4 only xinetd. Then, after you are familiar with xinetd, you can go a step further on to the IPv6 enabling.

Using SRPMS: RPM build and install (RHL 6.2)

• Create a softlink (greetings from the Linux filesystem standard...)
• ln -s /etc/rc.d/init.d /etc/init.d
• Install source RPM
• rpm -ihv /path/to/SRPMS/xinetd-2.1.8.9pre14-7.src.rpm
• Apply patch to SPEC file
• cd /path/to/SPEC/
• cat /path/to/spec-patch/xinetd-pekkas.spec.diff | patch
• Rebuild
• rpm -ba xinetd-rhl-6v2+7.1.spec
• Freshen/install package
• rpm -F|ihv /path/to/RPMS/cpu/xinetd-version-release.cpu.rpm

Using SRPMS: RPM build and install (RHL 7.1)

• Rebuild binary
• rpm --rebuild /path/to/SRPMS/xinetd-version-release.src.rpm
• Freshen/install package
• rpm -F|ihv /path/to/RPMS/cpu/xinetd-version-release.cpu.rpm

Using source: Unpacking, configuration and installation

1. Move into the source directory:
• cd /usr/src
2. Unpack the new source:
• tar xzf your-path/xinet-version.tar.gz
3. Move into the source directory:
• cd xinet-version
4. Run configure
• If you want to place the binaries in /usr/*
• ./configure --with-inet6 --prefix=/usr
• If you want to place the binaries in /usr/local/*
• ./configure --with-inet6 --prefix=/usr/local
• If you want to place the binaries in /usr/inet6/*
• ./configure --with-inet6 --prefix=/usr/inet6
5. Compile:
• make clean; make

You should get no errors!
6. And install:
• make install

Binaries and manuals are copied into directories depending on 'configure'

Running

• See given manpages for details
• Create a configuration file from the old inet.conf:
• cat /etc/inetd.conf | itox -daemon_dir /usr/sbin/tcpd >/etc/xinetd.conf
• Edit /etc/xinetd.conf (i.e. copied from the example) for your requirements
• If used the

IPv6 test

• Enable a built-in service (i.e. daytime) in the config file, (re)start daemon and look for open ports:
[root@titan log]# netstat -A inet6 -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address          Foreign Address         State     PID/Program name
tcp        0      0 :::13                   :::*                    LISTEN    6966/xinetd
udp        0      0 :::13                   :::*                              6966/xinetd
raw        0      0 :::58                   :::*                    7         -
raw        0      0 :::58                   :::*                    7         -
raw        0      0 :::58                   :::*                    7         -
• tcp|udp = IPv6 enabled service
• raw = IPv6 enabled kernel

Telnet client and server

Important informations:

ToDo

Important: older versions than 0.17*-18 (Red Hat Linux) contain a remote exploitable security hole, so update as soon as possible!
See also RHSA-2001-099

URLs:

• Source RPM
• http://www.netcore.fi/pekkas/linux/ipv6/

Using SRPMS: RPM build and install

• Rebuild binary
• rpm --rebuild /path/to/SRPMS/telnet-version-release.src.rpm
• Freshen/install package
• rpm -F|ihv /path/to/rpms/cpu/telnet-version-release.cpu.rpm

Finger client

ToDo

URLs:

• Source RPM for Red Hat systems
• http://www.netcore.fi/pekkas/linux/ipv6/
• Given SRPMS compiles on RHL 6.2 and 7.1 systems without any problems
• This or newer versions of this package will be transferred to rawhide

Using SRPMS: RPM build and install

• Rebuild binary
• rpm --rebuild /path/to/SRPMS/finger-version-release.src.rpm
• Freshen/install package
• rpm -F|ihv /path/to/rpms/cpu/finger-version-release.cpu.rpm

FTP server "ftpd-BSD"

URLs:

• Main: ftp://ftpd-bsd.psychasia.com/pub/ftpd-bsd/
• Source RPM for Red Hat systems
• http://www.netcore.fi/pekkas/linux/ipv6/
• Given SRPMS compiles on RHL 6.2 and 7.1 systems without any problems
• This or newer versions of this package will be transferred to rawhide

Version and filename of the packet:

Contents:

Unpacking, configuration and installation

Test

1. Test, if no other FTP daemon is running
• netstat -ln -A inet | grep 21
2. Start FTP daemon in standalone and IPv6 enabled mode
• [root@gate ftpd-BSD]# ftpd-BSD -D -6
3. Look for listening on IPv4 only port:
[root@gate ftpd-BSD]# netstat -A inet -ln |grep 21
4. Look for listening on an IPv6 port:
[root@gate ftpd-BSD]# netstat -A inet -ln -A inet6 |grep 21
tcp        0      0 :::21                   :::*                    LISTEN

FTP client netkit ftp

ToDo

URLs:

• Source RPM for Red Hat systems
• http://www.netcore.fi/pekkas/linux/ipv6/
• Given SRPMS compiles on RHL 6.2 and 7.1 systems without any problems
• This or newer versions of this package will be transferred to rawhide

Using SRPMS: RPM build and install

• Rebuild binary
• rpm --rebuild /path/to/SRPMS/ftp-version-release.src.rpm
• Freshen/install package
• rpm -F|ihv /path/to/rpms/cpu/ftp-version-release.cpu.rpm

FTP client "lukemftp"

URLs:

• Main: ftp://ftp.netbsd.org/pub/NetBSD/misc/lukemftp/

Version and filename of the packet:

Contents:

Unpacking, configuration and installation

1. Move into the source directory, create new subdirectory and change into it
• cd /usr/src; mkdir lukemftp; cd lukemftp
2. Unpack the new source:
• tar xzf your-path/lukemftp-version.tar.gz
3. Move into the source directory and read the information files README, INSTALL,...
• cd lukemftp-version
4. Run configure
• ./configure
5. Compile:
• make clean; make

You should get no errors!
6. And install:
• make -n install
• make install

Binaries and manuals are copied into directories
• To prevent confusion with an existing IPv4-only FTP client, you can
1. deinstall this binary with
• rpm -e ftp
2. rename the IPv6-enabled
• mv /usr/local/bin/ftp /usr/local/bin/ftp6

TCPdump and libpcap (tcpdump)

ToDo

Additional informations:

URLs:

• Main: http://www.tcpdump.org/
• Source RPM
• http://www.netcore.fi/pekkas/linux/ipv6/

Version and filename of the packet:

Contents:

Using SRPMS: RPM build and install

• Rebuild binary
• rpm --rebuild /path/to/SRPMS/tcpdump-version-release.src.rpm
• Freshen/install package
• rpm -F|ihv /path/to/RPMS/cpu/tcpdump-version-release.cpu.rpm
• rpm -F|ihv /path/to/RPMS/cpu/libpcap-version-release.cpu.rpm

Using source: Unpacking, configuration and installation (libpcap)

1. Move into the source directory, create directory and move into it:
• cd /usr/src; mkdir libpcap; cd libpcap
2. Unpack the new source:
• tar xzf your-path/libpcap-version.tar.gz
3. Change to created directory and read the information files README, INSTALL,...
• cd libpcap-version
4. Run configure utility:
• ./configure --enable-ipv6
5. Now compile:
• make clean; make

You should get no errors!
6. And install the libary
•  make install
• Libary is installed in /usr/local/lib/libpcap.a

Using source: Unpacking, configuration and installation (tcpdump)

1. Move into the source directory, create directory and move into it:
• cd /usr/src; mkdir tcpdump; cd tcpdump
2. Unpack the new source:
• tar xzf your-path/tcpdump-version.tar.gz
3. Change to created directory and read the information files README, INSTALL,...
• cd tcpdump-version
4. Run configure utility:
• ./configure --enable-ipv6
5. Now compile:
• make clean; make
• If you got an error "./print-icmp6.c:576: #error unknown mld6 struct", replace around line 576
#error unknown mld6 struct
with
void
mld6_print(register const u_char *bp)
{
        printf("unknown mld6");
}
• If you got an error "./print-rt6.c:86: `IPV6_RTHDR_TYPE_0' ...", add
#define IPV6_RTHDR_TYPE_0  0
• If you got an error about missing libpcap libary, fix
• Makefile
• Append:
• INCLS = -I.  -I$(srcdir)/missing -I$(srcdir)/linux-include -Ipathto/libpcap/libpcap-version
• i.e. -I../../libpcap/libpcap-2000.10.05
• If you got an error about problems in following file, fix
• print-ppp.c, print-chdlc.c
• Add:
• #include <ethertype.h>
6. And install, but attention, selectively installing the binaries prevents you overriding existing ones
• make install
• tcpdump is installed in /usr/local/sbin/tcpdump