You are hereForums / Computers / CentOS server setup and maintenance notes / IPv6 on a home network (Part 1)

IPv6 on a home network (Part 1)


By DaveAtFraud - Posted on 20 February 2011

I haven't done anything all that interesting with my home network for quite a while. Everything "just works" which is nice but really boring. At some point in the future when CentOS fully supports it I will implement DNSSEC. In the meant time I decided to see how far I can move toward IPv6. Besides being interesting, it might actually make me a little more employable.

Rather than do my usual "just do it" (and then clean up the mess), I decided that I could model almost everything under VMware ESXi and only inflict IPv6 on my "real" network once I understood how to make everything work on the VMware box. This article is "part 1" and covers what can best be described as the preliminary steps. So far, that has consisted of just creating a virtual network that resembles my real network but under VMware. This looks like (sorry about the ASCII art):

     _____________________
     | My "real" network |
     ---------------------
               |                     Real
..........................................
               |                   VMware
   _________________________
   | VMware Default Switch |
   -------------------------
               |
     _____________________
     | CentOS 5.X Router |
     ---------------------
               |
  ___________________________
  | Virtual Internal Switch |
  ---------------------------
    |          |         |
_________  _________  _________
| Box 1 |  | Box 2 |..| Box N |
---------  ---------  ---------

Just to make sure that the virtual network is really separate from my real network, I used the 172.16.3.X private network for all of the virtual systems. The CentOS 5.X router is at 192.168.0.6 on my "real" network since it connects to VMware's default switch. It does NAT using IPtables so that the remaining virtual boxes on the 172.16.3.X subnet can "see" the outside world. The router is at the traditional 172.16.3.1 address for the "internal" network.

First lesson: add an "accept all rule" to IPtables for the device that talks to the internal network when setting up NAT.
I could do finer grained control but that usually means additional headaches as I try to figure out why something isn't working that simply uses yet another outbound port that I then need to add a separate accept rule for.

Since I hand edited the network configuration files, I didn't have an initial, default route on any of the systems. This showed up as me being able to ping the other boxes on the internal network but not get to any of the boxes on my real network or beyond. A quick route command showed the missing default route which I then added on each on the "user" VMs.

Once I had the above working with fixed addresses, the next step was to set up the router to also provide DHCP services. The first step of this task was to configure DNS on the CentOS router virtual machine (VM) including allowing dynamic updates for the "internal" network. Since I already had this working for my real network, I just copied the /etc/named.conf (actually /var/named/chroot/etc/named.conf since I run named chrooted) file for my real network and then edited appropriate changes. I then used the same approach for /etc/dhcpd.conf... and it didn't work.


Second lesson: turn off SELinux.
SELinux is wonderful when you have a stable configuration and you want to know if a program is attempting to access or change something it shouldn't need to. It's really annoying when you're trying to get something working since it doesn't like simply copying files. At some point I may go back and turn SELinux back on and let it figure out how to relabel the files I copied. I guess I should have edited the original configuration files, deleted the original content and then slurped in the new content. Maybe next time.

Even with SELinux out of the picture I still kept getting the following error when I tried to have dhcpd dynamically update the named zone files:

Feb 17 22:50:27 centos-5x-1 dhcpd: Unable to add forward map from
ubuntu-904-1.vmware.davenjudy.org local.davenjudy.org 
davenjudy.org to 172.16.3.192: timed out

I stared at the named and dhcpd configuration files for hours. I compared them to the originals on my real server. I fiddled with permissions in /var/named/chroot/var/named. I Googled for the error message and tried different solutions. I even tried creating the journal files using touch so that they already existed. It finally clicked that the host declaration for the name server in dhcpd.conf still pointed to an alias for my external name server:

	# we want the nameserver to appear at a fixed address
	host ns {
		next-server mutilate.local.davenjudy.org;
		fixed-address 192.168.0.1;
	}

should have become:

	# we want the nameserver to appear at a fixed address
	host gateway {
		next-server gateway.vmware.davenjudy.org;
		fixed-address 172.16.3.1;
	}

Somehow, the "ns" in the original didn't "click" for me as one of my host names so I thought it was part of the statement. Once I realised it was supposed to be the host name of my name server all was good.

Third lesson: don't use confusing host names. If I had used "mutilate" (the internal name for my router box) instead of "ns" (an alias for the same box in its role of name server), I would have noticed the host name and changed it.

Fourth lesson: when setting up VNC of virtual machines, install the VMware utilities. VNC doesn't do at all well on a VM (really long latencies for mouse actions). The VMware utilities seem to make the latencies more comparable to what I see with a "real" node on my network.

The only other thing I've done has been to install radvd on the CentOS router VM and hack at the configuration enough to get it to start. The next step, which I will document in part 2, is to actually get IPv6 functioning internally on the virtual network.

Cheers,
Dave