I recently secured a bargain on Ebay getting a Cisco 5505 Advanced Security Appliance for only £200 which a fry cry from their prices back in late 2008 (~£600) so instantly set about increasing the security of my IPv6 LAN. Most Networks consist of a LAN and a WAN segment, unfortunately due to my previous IPv6 work and the inherant nature of IPv6 the LAN also has public Global Unicast addresses secured via rather crude RRAS filters. To increase the security of the LAN I need a firewall with seperate IPv4 and a IPv6 interfaces and a dual stack LAN interface. interface Vlan1 nameif ...

Looking through one of my smaller 2008 dual IPv4 & IPv6 installations I noticed that in the IPv6 section the FQDN in the name column had artefacts. Weirdness. ...

My first dabble with IPv6 was back in late 2008 when I experimented with Dual Stack DHCP in the RC of Windows Server 2008. Now that IPv6 is enabled by default in all of the OS's I use in my home (Fedora, Windows 2008 & Windows 7) I decided to go back and check my traffic graphs and the results surprised me. There was a spike in Oct '08 when I was first experimenting with IPv6 and visiting as many native IPv6 sites as I could and then it tailed off as one would expect. Interestingly the traffic started to pick up again in July of 2009 and in the 2 years of having IPv6 Internet ...

I recently had the opportunity to provide Internet connectivity to the first Airsoft Arms Fair so the Stall operators could show YouTube videos, Retailers could utilise Paypal and so media outlets could do Live blogging or upload high resolution pictures throughout the day. The core of this setup was a series of 3G Modems linked up with 3G to ethernet devices such as the Solwise NET-3G-3GWIFIMRW. These were backed off onto a server running Squid and BIND with DHCP containing all the relevant proxy auto config data (plus some IPTables magic for those that didn't play nice). Couple ...

One of the common issues that appears when integrating a hybrid vision of Hosted Exchange with someones existing infrastructure (so not really Hosted Exchange at all!) is synchronising credentials between the Exchange Server and the local machines or for the more tech savvy the 'hackiness' of having disparate forests. Cross Forest trusts are a possibility and merging one with the other (i.e having the Hosted Exchange solution bound to the existing domain) is another but there are many issues with that (mostly political). What I intend to do is utilise the 'Branch office' concept that ...

With the initial tests over it was time to actually move over to 'real' IPv6 addresses. After applying for a tunnel from SixXS it was time to set it up. Unfortunately none of my JUNOS or Cisco IOS images have IPv6 support so rather than buying another 2600XM I decided to use the Windows Server 2008 server that performs IPv6 DHCP as the router. The advice for setting up a tunnel on the Wiki only covers up to Windows Server 2003 and is below: netsh interface ipv6 install netsh interface ipv6 add v6v4tunnel SixXS [Your IPv4 Endpoint] [PoP IPv4 Endpoint] netsh interface ipv6 add ...

We already know that disabling IPv6 on a 2008 & Exchange 2007 server breaks things but what if we go IPv6 only? IPv6 Only Domain Controllers: The installation didn't cause any trouble but after initially logging on and running a DCDiag we see this: It turns out that the install of the DNS Server had set the NIC's properties to be ::1 but the DNS Server was only listening on the Static Site Local address FEC0::2 and its self assigned Link Local. This of course caused all DNS reliant checks to fail and cause a whole world of pain.           Changing the ...

IPv6 is coming and I'm trying to stay ahead of the curve on this one so I'm moving the NAMOS LAN over to an IPv6 network [public services such as DNS, Web and mail are already running on IPv6] which means in the meantime I'm going to have to go through some of the transitional pains. Armed with a [now depreciated] netblock I set about the practise run for the Plan O' Doom. Configuring the scopes is easy and so doesn't really need to be covered but in order to split my /48 [SixXS subnets are /48] into more usable subnets I cheated on the calculations and used Rhys Koedijk's IPv6 Subnet ...

Well I'm back from my trip to New York and I've brought back a couple of things. With the most tracks HOPE has ever had I was truly spoilt for choice but I spent most of my time [when I wasn't showing our US friends how drinking should be done] visiting talks that had potential datacenter impact. Kevin Figueroa, Marco Figueroa and Anthony L. Williams reminded me that VLAN's and other layer 2 stuff is still vulnerable to many attacks. Most are just Denial of Service stuff that would be detected almost instantly and very easily fixed (although not easily preventable) but the cross VLAN ...

The new version of Fedora is upon us, Rejoice! Feature List Where to get it Update - 22/11/2007 In little under 2 weeks I've seeded nearly 40Gb! Ubuntu 7.10 has only seeded 33Gb and has been out for twice as long. Read into that what you will! ...