\end_layout
@@ -1270,6 +1272,7 @@ In Skripts oder an Ihrer Kommandozeile müssen Sie die < und > weglassen
\end_layout
\begin_layout Code
+
1.2.3.4
\end_layout
@@ -1283,6 +1286,7 @@ Kommandos, die nicht als Root-Benutzer ausgeführt werden, beginnen mit $,
\end_layout
\begin_layout Code
+
$ whoami
\end_layout
@@ -1291,6 +1295,7 @@ Befehle, die mit Root-Rechten ausgeführt werden, beginnen mit #, z.B.
\end_layout
\begin_layout Code
+
# whoami
\end_layout
@@ -1480,58 +1485,72 @@ Der erste IPv6 Netzwerk Code wurde dem Linux Kernel 2.1.8 im November 1996
\end_layout
\begin_layout Code
+
diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h
\end_layout
\begin_layout Code
+
¬ linux/include/linux/in6.h
\end_layout
\begin_layout Code
+
--- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970
\end_layout
\begin_layout Code
+
+++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996
\end_layout
\begin_layout Code
+
@@ -0,0 +1,99 @@
\end_layout
\begin_layout Code
+
+/*
\end_layout
\begin_layout Code
+
+ * Types and definitions for AF_INET6
\end_layout
\begin_layout Code
+
+ * Linux INET6 implementation
\end_layout
\begin_layout Code
+
+ * + * Authors:
\end_layout
\begin_layout Code
+
+ * Pedro Roque <******>
\end_layout
\begin_layout Code
+
+ *
\end_layout
\begin_layout Code
+
+ * Source:
\end_layout
\begin_layout Code
+
+ * IPv6 Program Interfaces for BSD Systems
\end_layout
\begin_layout Code
+
+ *
\end_layout
@@ -1653,6 +1672,7 @@ Wie gesagt, IPv6 Adressen sind 128 bit lang.
\end_layout
\begin_layout Code
+
2^128-1: 340282366920938463463374607431768211455
\end_layout
@@ -1676,6 +1696,7 @@ nibble
\end_layout
\begin_layout Code
+
2^128-1: 0xffffffffffffffffffffffffffffffff
\end_layout
@@ -1698,6 +1719,7 @@ e Werte) entfernt:
\end_layout
\begin_layout Code
+
2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
\end_layout
@@ -1708,6 +1730,7 @@ Eine gültige Adresse (s.u.
\end_layout
\begin_layout Code
+
2001:0db8:0100:f101:0210:a4ff:fee3:9566
\end_layout
@@ -1718,10 +1741,12 @@ Der Vereinfachung halber können führende Nullen jedes 16 bit-Blocks weggelasse
\end_layout
\begin_layout Code
+
2001:0db8:0100:f101:0210:a4ff:fee3:9566 ->
\end_layout
\begin_layout Code
+
¬ 2001:0db8:100:f101:210:a4ff:fee3:9566
\end_layout
@@ -1744,6 +1769,7 @@ Eine Sequenz von 16 bit-Blöcken, die nur Nullen enthaltet, kann durch ein
\end_layout
\begin_layout Code
+
2001:0db8:100:f101:0:0:0:1 -> 2001:0db8:100:f101::1
\end_layout
@@ -1753,6 +1779,7 @@ Die höchstmögliche Reduktion sieht man bei der IPv6 Localhost Adresse:
\end_layout
\begin_layout Code
+
0000:0000:0000:0000:0000:0000:0000:0001 -> ::1
\end_layout
@@ -1777,10 +1804,12 @@ h ein Aprilscherz.
\end_layout
\begin_layout Code
+
# ipv6calc --addr_to_base85 2001:0db8:0100:f101:0210:a4ff:fee3:9566
\end_layout
\begin_layout Code
+
Itu&-ZQ82s>J%s99FJXT
\end_layout
@@ -1993,6 +2022,7 @@ Dies ist eine spezielle Adresse für das Loopback Interface, vergleichbar
\end_layout
\begin_layout Code
+
0000:0000:0000:0000:0000:0000:0000:0001
\end_layout
@@ -2002,6 +2032,7 @@ bzw.
\end_layout
\begin_layout Code
+
::1
\end_layout
@@ -2037,6 +2068,7 @@ any
\end_layout
\begin_layout Code
+
0000:0000:0000:0000:0000:0000:0000:0000
\end_layout
@@ -2045,6 +2077,7 @@ oder:
\end_layout
\begin_layout Code
+
::
\end_layout
@@ -2090,6 +2123,7 @@ Diese Adressen sind mit einer speziellen Präfixlänge von 96 definiert (a.b.c.d
\end_layout
\begin_layout Code
+
0:0:0:0:0:ffff:a.b.c.d/96
\end_layout
@@ -2098,6 +2132,7 @@ oder in komprimiertem Format:
\end_layout
\begin_layout Code
+
::ffff:a.b.c.d/96
\end_layout
@@ -2108,6 +2143,7 @@ Die IPv4 Adresse 1.2.3.4.
\end_layout
\begin_layout Code
+
::ffff:1.2.3.4
\end_layout
@@ -2136,6 +2172,7 @@ reference "tunneling-6to4"
\end_layout
\begin_layout Code
+
0:0:0:0:0:0:a.b.c.d/96
\end_layout
@@ -2144,6 +2181,7 @@ oder in komprimierter Form:
\end_layout
\begin_layout Code
+
::a.b.c.d/96
\end_layout
@@ -2228,18 +2266,22 @@ x
\end_layout
\begin_layout Code
+
fe8x: <- zurzeit als einziger in Benutzung
\end_layout
\begin_layout Code
+
fe9x:
\end_layout
\begin_layout Code
+
feax:
\end_layout
\begin_layout Code
+
febx:
\end_layout
@@ -2279,18 +2321,22 @@ Die Adresse beginnt mit:
\end_layout
\begin_layout Code
+
fecx: <- meistens genutzt.
\end_layout
\begin_layout Code
+
fedx:
\end_layout
\begin_layout Code
+
feex:
\end_layout
\begin_layout Code
+
fefx:
\end_layout
@@ -2378,10 +2424,12 @@ Die Adresse beginnt mit:
\end_layout
\begin_layout Code
+
fcxx:
\end_layout
\begin_layout Code
+
fdxx: <- zurzeit als einziger in Benutzung
\end_layout
@@ -2409,6 +2457,7 @@ target "http://www.goebel-consult.de/ipv6/createLULA"
\end_layout
\begin_layout Code
+
fd0f:8b72:ac90::/48
\end_layout
@@ -2437,10 +2486,12 @@ Die Adresse beginnt mit (x sind hexadezimale Zeichen)
\end_layout
\begin_layout Code
+
2xxx:
\end_layout
\begin_layout Code
+
3xxx:
\end_layout
@@ -2472,6 +2523,7 @@ Diese globalen Adressen waren die Ersten definierten und auch benutzen Adressen.
\end_layout
\begin_layout Code
+
3ffe:
\end_layout
@@ -2480,6 +2532,7 @@ Beispiel:
\end_layout
\begin_layout Code
+
3ffe:ffff:100:f102::1
\end_layout
@@ -2489,6 +2542,7 @@ Eine spezielle 6bone Test-Adresse, die niemals weltweit einmalig ist, beginnt
\end_layout
\begin_layout Code
+
3ffe:ffff:
\end_layout
@@ -2547,6 +2601,7 @@ target "http://www.faqs.org/rfcs/rfc2893.html"
\end_layout
\begin_layout Code
+
2002:
\end_layout
@@ -2556,6 +2611,7 @@ z.B.
\end_layout
\begin_layout Code
+
2002:c0a8:0101:5::1
\end_layout
@@ -2564,10 +2620,12 @@ Ein kleines Shell-Kommando kann aus einer IPv4 eine 6to4 Adresse erstellen:
\end_layout
\begin_layout Code
+
ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4
\end_layout
\begin_layout Code
+
¬ | tr "." " "` $sla
\end_layout
@@ -2601,6 +2659,7 @@ Diese Adressen werden an Internet Service Provider (ISP) delegiert und beginnen
\end_layout
\begin_layout Code
+
2001:
\end_layout
@@ -2643,10 +2702,12 @@ target "http://www.faqs.org/rfcs/rfc3849.html"
\end_layout
\begin_layout Code
+
3ffe:ffff::/32
\end_layout
\begin_layout Code
+
2001:0DB8::/32 EXAMPLENET-WF
\end_layout
@@ -2671,6 +2732,7 @@ Sie beginnen immer mit (xx ist hierbei der Wert der Reichweite)
\end_layout
\begin_layout Code
+
ffxy:
\end_layout
@@ -2766,6 +2828,7 @@ Ein Beispiel für diese Adresse könnte sein:
\end_layout
\begin_layout Code
+
ff02::1:ff00:1234
\end_layout
@@ -2834,6 +2897,7 @@ Die Subnet-Router Anycast Adresse ist ein einfaches Beispiel für eine Anycast
\end_layout
\begin_layout Code
+
2001:0db8:100:f101:210:a4ff:fee3:9566/64 <- Node's address
\end_layout
@@ -2843,6 +2907,7 @@ Die Subnet-Router Anycast Adresse wird durch komplette Streichung des Suffixes
\end_layout
\begin_layout Code
+
2001:0db8:100:f101::/64 <- subnet-router anycast address
\end_layout
@@ -2882,6 +2947,7 @@ Als Beispiel hat hier ein NIC folgende MAC-Adresse (48 bit):
\end_layout
\begin_layout Code
+
00:10:a4:01:23:45
\end_layout
@@ -2901,6 +2967,7 @@ target "http://standards.ieee.org/regauth/oui/tutorials/EUI64.html"
\end_layout
\begin_layout Code
+
0210:a4ff:fe01:2345
\end_layout
@@ -2912,6 +2979,7 @@ Mit einem gegebenen Präfix wird daraus die schon oben gezeigte IPv6-Adresse:
\end_layout
\begin_layout Code
+
2001:0db8:0100:f101:0210:a4ff:fe01:2345
\end_layout
@@ -2969,6 +3037,7 @@ Bei Servern ist es wahrscheinlich leichter, sich einfachere Adressen zu
\end_layout
\begin_layout Code
+
2001:0db8:100:f101::1
\end_layout
@@ -3066,6 +3135,7 @@ Ein Beispiel:
\end_layout
\begin_layout Code
+
2001:0db8:100:1:2:3:4:5/48
\end_layout
@@ -3079,6 +3149,7 @@ Netzwerk:
\end_layout
\begin_layout Code
+
2001:0db8:0100:0000:0000:0000:0000:0000
\end_layout
@@ -3087,6 +3158,7 @@ Netzmaske:
\end_layout
\begin_layout Code
+
ffff:ffff:ffff:0000:0000:0000:0000:0000
\end_layout
@@ -3106,10 +3178,12 @@ Wenn z.B.
\end_layout
\begin_layout Code
+
2001:0db8:100::/48 :: U 1 0 0 sit1
\end_layout
\begin_layout Code
+
2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4
\end_layout
@@ -3119,10 +3193,12 @@ Die gezeigten Zieladressen der IPv6 Pakete werden über die entsprechenden
\end_layout
\begin_layout Code
+
2001:0db8:100:1:2:3:4:5/48 -> routed through device sit1
\end_layout
\begin_layout Code
+
2001:0db8:200:1:2:3:4:5/48 -> routed through device tun6to4
\end_layout
@@ -3182,6 +3258,7 @@ Um zu überprüfen, ob ihr aktueller Kernel IPv6 unterstützt, sollten sie
\end_layout
\begin_layout Code
+
/proc/net/if_inet6
\end_layout
@@ -3191,6 +3268,7 @@ Einen kleinen automatischen Test können Sie wie folgt durchführen:
\end_layout
\begin_layout Code
+
# test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"
\end_layout
@@ -3210,6 +3288,7 @@ Mit folgenden Befehl können Sie versuchen, das Modul zu laden:
\end_layout
\begin_layout Code
+
# modprobe ipv6
\end_layout
@@ -3220,6 +3299,7 @@ Wenn dieser Befehl positiv verläuft, dann sollten Sie das Modul mit folgendem
\end_layout
\begin_layout Code
+
# lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded"
\end_layout
@@ -3245,6 +3325,7 @@ Es ist möglich das IPv6 Modul bei Bedarf automatisch zu laden.
\end_layout
\begin_layout Code
+
alias net-pf-10 ipv6 # automatically load IPv6 module on demand
\end_layout
@@ -3254,6 +3335,7 @@ Mit der folgenden Zeile ist es auch möglich, das automatische Laden des
\end_layout
\begin_layout Code
+
alias net-pf-10 off # disable automatically load of IPv6 module on demand
\end_layout
@@ -3511,10 +3593,12 @@ Automatische Überprüfung:
\end_layout
\begin_layout Code
+
# /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is
\end_layout
\begin_layout Code
+
¬ IPv6-ready"
\end_layout
@@ -3528,6 +3612,7 @@ route
\end_layout
\begin_layout Code
+
# /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready"
\end_layout
@@ -3546,6 +3631,7 @@ Alexey N.Kuznetsov (gegenwärtig ein Betreuer des Linux Network Codes) erstellte
\end_layout
\begin_layout Code
+
# /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready"
\end_layout
@@ -3611,14 +3697,17 @@ Anwendung
\end_layout
\begin_layout Code
+
# ping6
\end_layout
\begin_layout Code
+
# ping6
\end_layout
\begin_layout Code
+
# ping6 [-I ]
\end_layout
@@ -3630,6 +3719,7 @@ Einige Implementierungen unterstützen auch % Definition zusätzlich
\end_layout
\begin_layout Code
+
# ping6 %
\end_layout
@@ -3638,14 +3728,17 @@ Beispiel
\end_layout
\begin_layout Code
+
# ping6 -c 1 ::1
\end_layout
\begin_layout Code
+
PING ::1(::1) from ::1 : 56 data bytes
\end_layout
\begin_layout Code
+
64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec
\end_layout
@@ -3654,14 +3747,17 @@ PING ::1(::1) from ::1 : 56 data bytes
\end_layout
\begin_layout Code
+
--- ::1 ping statistics ---
\end_layout
\begin_layout Code
+
1 packets transmitted, 1 packets received, 0% packet loss
\end_layout
\begin_layout Code
+
round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms
\end_layout
@@ -3694,10 +3790,12 @@ Wenn link-lokale Adressen für ein IPv6 ping verwendet werden, dann hat der
\end_layout
\begin_layout Code
+
# ping6 fe80::212:34ff:fe12:3456
\end_layout
\begin_layout Code
+
connect: Invalid argument
\end_layout
@@ -3706,18 +3804,22 @@ In diesem Fall müssen Sie das Interface zusätzlich spezifizieren:
\end_layout
\begin_layout Code
+
# ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205
\end_layout
\begin_layout Code
+
PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from
\end_layout
\begin_layout Code
+
¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes
\end_layout
\begin_layout Code
+
64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec
\end_layout
@@ -3726,14 +3828,17 @@ PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from
\end_layout
\begin_layout Code
+
--- fe80::2e0:18ff:fe90:9205 ping statistics ---
\end_layout
\begin_layout Code
+
1 packets transmitted, 1 packets received, 0% packet loss round-trip
\end_layout
\begin_layout Code
+
¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms
\end_layout
@@ -3744,6 +3849,7 @@ Beispiel für % Notation:
\end_layout
\begin_layout Code
+
# ping6 -c 1 fe80::2e0:18ff:fe90:9205%eth0
\end_layout
@@ -3757,18 +3863,22 @@ Ein interessanter Mechanismus zum Aufspüren eines IPv6 aktiven Hosts am
\end_layout
\begin_layout Code
+
# ping6 -I eth0 ff02::1
\end_layout
\begin_layout Code
+
PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes
\end_layout
\begin_layout Code
+
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms
\end_layout
\begin_layout Code
+
64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!)
\end_layout
@@ -3780,6 +3890,7 @@ Beispiel für % Notation:
\end_layout
\begin_layout Code
+
# ping6 ff02::1%eth0
\end_layout
@@ -3807,42 +3918,51 @@ Dieses Programm ist normal im Paket iputils enthalten.
\end_layout
\begin_layout Code
+
# traceroute6 www.6bone.net
\end_layout
\begin_layout Code
+
traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2,
30
\end_layout
\begin_layout Code
+
¬ hops max, 16 byte packets
\end_layout
\begin_layout Code
+
1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms
\end_layout
\begin_layout Code
+
2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms
\end_layout
\begin_layout Code
+
3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms
\end_layout
\begin_layout Code
+
4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441
ms
\end_layout
\begin_layout Code
+
5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms
\end_layout
\begin_layout Code
+
6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms
\end_layout
@@ -3882,42 +4002,52 @@ iputils
\end_layout
\begin_layout Code
+
# tracepath6 www.6bone.net
\end_layout
\begin_layout Code
+
1?: [LOCALHOST] pmtu 1480
\end_layout
\begin_layout Code
+
1: 3ffe:401::2c0:33ff:fe02:14 150.705ms
\end_layout
\begin_layout Code
+
2: 3ffe:b00:c18::5 267.864ms
\end_layout
\begin_layout Code
+
3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280
\end_layout
\begin_layout Code
+
3: 3ffe:3900:5::2 asymm 4 346.632ms
\end_layout
\begin_layout Code
+
4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms
\end_layout
\begin_layout Code
+
5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms
\end_layout
\begin_layout Code
+
6: 3ffe:3800::1:1 asymm 4 578.126ms !N
\end_layout
\begin_layout Code
+
Resume: pmtu 1280
\end_layout
@@ -4010,26 +4140,32 @@ IPv6 ping zur Adresse
\end_layout
\begin_layout Code
+
# tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6
\end_layout
\begin_layout Code
+
tcpdump: listening on eth0
\end_layout
\begin_layout Code
+
2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo
\end_layout
\begin_layout Code
+
¬ request (len 64, hlim 64)
\end_layout
\begin_layout Code
+
2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo
\end_layout
\begin_layout Code
+
¬ reply (len 64, hlim 64)
\end_layout
@@ -4048,42 +4184,52 @@ IPv6 ping zur Adresse
\end_layout
\begin_layout Code
+
# tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6
\end_layout
\begin_layout Code
+
tcpdump: listening on ppp0
\end_layout
\begin_layout Code
+
1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request
\end_layout
\begin_layout Code
+
¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124)
\end_layout
\begin_layout Code
+
5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len
\end_layout
\begin_layout Code
+
¬ 64, hlim 61) (ttl 23, id 29887, len 124)
\end_layout
\begin_layout Code
+
1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request
\end_layout
\begin_layout Code
+
¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124)
\end_layout
\begin_layout Code
+
5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len
\end_layout
\begin_layout Code
+
¬ 64, hlim 61) (ttl 23, id 29919, len 124)
\end_layout
@@ -4169,6 +4315,7 @@ Jeder DNS-Server (Domain Name System) sollte aufgrund der Sicherheitsupdates
\end_layout
\begin_layout Code
+
# host -t AAAA www.join.uni-muenster.de
\end_layout
@@ -4177,17 +4324,20 @@ Die Ausgabe des Tests sollte etwa wie folgt sein:
\end_layout
\begin_layout Code
+
www.join.uni-muenster.de.
is an alias for tolot.join.uni-muenster.de.
\end_layout
\begin_layout Code
+
tolot.join.uni-muenster.de.
has AAAA address
\end_layout
\begin_layout Code
+
¬ 2001:638:500:101:2e0:81ff:fe24:37c6
\end_layout
@@ -4201,25 +4351,30 @@ IPv6 kompatible Clients sind verfügbar.
\end_layout
\begin_layout Code
+
$ telnet 3ffe:400:100::1 80
\end_layout
\begin_layout Code
+
Trying 3ffe:400:100::1...
\end_layout
\begin_layout Code
+
Connected to 3ffe:400:100::1.
\end_layout
\begin_layout Code
+
Escape character is '^]'.
\end_layout
\begin_layout Code
+
HEAD / HTTP/1.0
\end_layout
@@ -4228,38 +4383,47 @@ HEAD / HTTP/1.0
\end_layout
\begin_layout Code
+
HTTP/1.1 200 OK
\end_layout
\begin_layout Code
+
Date: Sun, 16 Dec 2001 16:07:21
\end_layout
\begin_layout Code
+
GMT Server: Apache/2.0.28 (Unix)
\end_layout
\begin_layout Code
+
Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT
\end_layout
\begin_layout Code
+
ETag: "3f02-a4d-b1b3e080"
\end_layout
\begin_layout Code
+
Accept-Ranges: bytes
\end_layout
\begin_layout Code
+
Content-Length: 2637
\end_layout
\begin_layout Code
+
Connection: close
\end_layout
\begin_layout Code
+
Content-Type: text/html; charset=ISO-8859-1
\end_layout
@@ -4268,6 +4432,7 @@ Content-Type: text/html; charset=ISO-8859-1
\end_layout
\begin_layout Code
+
Connection closed by foreign host.
\end_layout
@@ -4309,14 +4474,17 @@ he Verhaltensweisen:
\end_layout
\begin_layout Code
+
$ ssh -6 ::1
\end_layout
\begin_layout Code
+
user@::1's password: ******
\end_layout
\begin_layout Code
+
[user@ipv6host user]$
\end_layout
@@ -4866,10 +5034,12 @@ Gebrauch:
\end_layout
\begin_layout Code
+
# ip link set dev up
\end_layout
\begin_layout Code
+
# ip link set dev down
\end_layout
@@ -4882,10 +5052,12 @@ Beispiel:
\end_layout
\begin_layout Code
+
# ip link set dev eth0 up
\end_layout
\begin_layout Code
+
# ip link set dev eth0 down
\end_layout
@@ -4899,10 +5071,12 @@ Gebrauch:
\end_layout
\begin_layout Code
+
# /sbin/ifconfig up
\end_layout
\begin_layout Code
+
# /sbin/ifconfig down
\end_layout
@@ -4911,10 +5085,12 @@ Beispiel:
\end_layout
\begin_layout Code
+
# /sbin/ifconfig eth0 up
\end_layout
\begin_layout Code
+
# /sbin/ifconfig eth0 down
\end_layout
@@ -4969,6 +5145,7 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 addr show dev
\end_layout
@@ -4977,22 +5154,27 @@ Beispiel für einen statisch konfigurierten Host:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 addr show dev eth0
\end_layout
\begin_layout Code
+
2: eth0:
\end_layout
@@ -5070,18 +5261,22 @@ en (die Ausgabe wurde mit grep gefiltert)
\end_layout
\begin_layout Code
+
# /sbin/ifconfig eth0 |grep "inet6 addr:"
\end_layout
\begin_layout Code
+
inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link
\end_layout
\begin_layout Code
+
inet6 addr: 2001:0db8:0:f101::1/64 Scope:Global
\end_layout
\begin_layout Code
+
inet6 addr: fec0:0:0:f101::1/64 Scope:Site
\end_layout
@@ -5104,6 +5299,7 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 addr add / dev
\end_layout
@@ -5112,6 +5308,7 @@ Beispiel:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0
\end_layout
@@ -5125,6 +5322,7 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/ifconfig inet6 add /
\end_layout
@@ -5133,6 +5331,7 @@ Beispiel:
\end_layout
\begin_layout Code
+
# /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64
\end_layout
@@ -5156,6 +5355,7 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 addr del / dev
\end_layout
@@ -5164,6 +5364,7 @@ Beispiel:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0
\end_layout
@@ -5177,6 +5378,7 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/ifconfig inet6 del /
\end_layout
@@ -5185,6 +5387,7 @@ Beispiel:
\end_layout
\begin_layout Code
+
# /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64
\end_layout
@@ -5238,6 +5441,7 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route show [dev ]
\end_layout
@@ -5247,22 +5451,27 @@ Beispiel:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route show dev eth0
\end_layout
\begin_layout Code
+
2001:0db8:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440
\end_layout
\begin_layout Code
+
fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440
\end_layout
\begin_layout Code
+
ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440
\end_layout
\begin_layout Code
+
default proto kernel metric 256 mtu 1500 advmss 1440
\end_layout
@@ -5276,6 +5485,7 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6
\end_layout
@@ -5286,34 +5496,42 @@ Sie sehen hier mehrere IPv6 Routen mit unterschiedlichen Adressen eines
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 |grep -w "eth0"
\end_layout
\begin_layout Code
+
2001:0db8:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global
\end_layout
\begin_layout Code
+
¬ address
\end_layout
\begin_layout Code
+
fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local
\end_layout
\begin_layout Code
+
¬ address
\end_layout
\begin_layout Code
+
ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast
\end_layout
\begin_layout Code
+
¬ addresses
\end_layout
\begin_layout Code
+
::/0 :: UDA 256 0 0 eth0 <- Automatic default route
\end_layout
@@ -5336,10 +5554,12 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route add / via
\end_layout
\begin_layout Code
+
¬ [dev ]
\end_layout
@@ -5348,6 +5568,7 @@ Beispiel:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route add default via 2001:0db8:0:f101::1
\end_layout
@@ -5361,10 +5582,12 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 add / gw
\end_layout
\begin_layout Code
+
¬ [dev ]
\end_layout
@@ -5383,6 +5606,7 @@ Im folgenden Beispiel wird eine Route für alle Adressen (default) über das
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 add default gw 2001:0db8:0:f101::1
\end_layout
@@ -5407,10 +5631,12 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route del / via
\end_layout
\begin_layout Code
+
¬ [dev ]
\end_layout
@@ -5419,6 +5645,7 @@ Beispiel:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route del default via 2001:0db8:0:f101::1
\end_layout
@@ -5432,11 +5659,13 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 del / gw
[dev
\end_layout
\begin_layout Code
+
¬ ]
\end_layout
@@ -5445,6 +5674,7 @@ Beispiel zum entfernen der im obigen Beispiel hinzugefügten Route:
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 del default gw 2001:0db8:0:f101::1
\end_layout
@@ -5468,10 +5698,12 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route add / dev
\end_layout
\begin_layout Code
+
¬ metric 1
\end_layout
@@ -5480,6 +5712,7 @@ Beispiel:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route add default dev eth0 metric 1
\end_layout
@@ -5522,6 +5755,7 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 add / dev
\end_layout
@@ -5530,6 +5764,7 @@ Beispiel:
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 add default dev eth0
\end_layout
@@ -5552,6 +5787,7 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route del / dev
\end_layout
@@ -5560,6 +5796,7 @@ Beispiel:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route del default dev eth0
\end_layout
@@ -5573,6 +5810,7 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 del / dev
\end_layout
@@ -5582,6 +5820,7 @@ Beispiel:
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 del default dev eth0
\end_layout
@@ -5621,14 +5860,17 @@ Ein client kann eine Default Route (z.B.
\end_layout
\begin_layout Code
+
# ip -6 route show | grep ^default
\end_layout
\begin_layout Code
+
default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires
\end_layout
\begin_layout Code
+
¬ 29sec mtu 1500 advmss 1440
\end_layout
@@ -5725,6 +5967,7 @@ Mit dem folgenden Befehl können Sie die gelernten oder konfigurierten IPv6
\end_layout
\begin_layout Code
+
# ip -6 neigh show [dev ]
\end_layout
@@ -5733,10 +5976,12 @@ Das folgende Beispiel zeigt einen Nachbar, einen erreichbaren Router:
\end_layout
\begin_layout Code
+
# ip -6 neigh show
\end_layout
\begin_layout Code
+
fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable
\end_layout
@@ -5761,6 +6006,7 @@ Mit folgendem Befehl können Sie einen Eintrag manuell hinzufügen:
\end_layout
\begin_layout Code
+
# ip -6 neigh add lladdr dev
\end_layout
@@ -5769,6 +6015,7 @@ Beispiel:
\end_layout
\begin_layout Code
+
# ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0
\end_layout
@@ -5781,6 +6028,7 @@ Sie können einen Eintrag auch löschen:
\end_layout
\begin_layout Code
+
# ip -6 neigh del lladdr dev
\end_layout
@@ -5789,6 +6037,7 @@ Beispiel:
\end_layout
\begin_layout Code
+
# ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0
\end_layout
@@ -5818,23 +6067,28 @@ help
\end_layout
\begin_layout Code
+
# ip -6 neigh help
\end_layout
\begin_layout Code
+
Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR
]
\end_layout
\begin_layout Code
+
[ nud { permanent | noarp | stale | reachable } ]
\end_layout
\begin_layout Code
+
| proxy ADDR } [ dev DEV ]
\end_layout
\begin_layout Code
+
ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ]
\end_layout
@@ -6040,22 +6294,27 @@ target "http://www.faqs.org/rfcs/rfc3056.html"
\end_layout
\begin_layout Code
+
| 3+13 | 32 | 16 | 64 bits |
\end_layout
\begin_layout Code
+
+---+------+-----------+--------+--------------------------------+
\end_layout
\begin_layout Code
+
| FP+TLA | V4ADDR | SLA ID | Interface ID |
\end_layout
\begin_layout Code
+
| 0x2002 | | | |
\end_layout
\begin_layout Code
+
+---+------+-----------+--------+--------------------------------+
\end_layout
@@ -6287,6 +6546,7 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 tunnel show []
\end_layout
@@ -6295,14 +6555,17 @@ Beispiel:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 tunnel show
\end_layout
\begin_layout Code
+
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc
\end_layout
\begin_layout Code
+
sit1: ipv6/ip remote 195.226.187.50 local any ttl 64
\end_layout
@@ -6315,6 +6578,7 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6
\end_layout
@@ -6324,6 +6588,7 @@ Beispiel (Ausgabe wurde derart gefiltert, dass nur Tunnels über das virtuelle
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 | grep "
\backslash
Wsit0
@@ -6332,22 +6597,27 @@ W*$"
\end_layout
\begin_layout Code
+
::/96 :: U 256 2 0 sit0
\end_layout
\begin_layout Code
+
2002::/16 :: UA 256 0 0 sit0
\end_layout
\begin_layout Code
+
2000::/3 ::193.113.58.75 UG 1 0 0 sit0
\end_layout
\begin_layout Code
+
fe80::/10 :: UA 256 0 0 sit0
\end_layout
\begin_layout Code
+
ff00::/8 :: UA 256 0 0 sit0
\end_layout
@@ -6425,10 +6695,12 @@ ert 0 ist):
\end_layout
\begin_layout Code
+
# /sbin/ip tunnel add mode sit ttl remote
\end_layout
\begin_layout Code
+
¬ local
\end_layout
@@ -6437,18 +6709,22 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/ip tunnel add sit1 mode sit ttl remote
\end_layout
\begin_layout Code
+
¬ local
\end_layout
\begin_layout Code
+
# /sbin/ip link set dev sit1 up
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route add dev sit1 metric 1
\end_layout
@@ -6457,18 +6733,22 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/ip tunnel add sit2 mode sit ttl
\end_layout
\begin_layout Code
+
¬ local
\end_layout
\begin_layout Code
+
# /sbin/ip link set dev sit2 up
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route add dev sit2 metric 1
\end_layout
@@ -6477,18 +6757,22 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/ip tunnel add sit3 mode sit ttl
\end_layout
\begin_layout Code
+
¬ local
\end_layout
\begin_layout Code
+
# /sbin/ip link set dev sit3 up
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route add dev sit3 metric 1
\end_layout
@@ -6511,6 +6795,7 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit0 up
\end_layout
@@ -6519,14 +6804,17 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit0 tunnel
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit1 up
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 add dev sit1
\end_layout
@@ -6535,14 +6823,17 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit0 tunnel
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit2 up
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 add dev sit2
\end_layout
@@ -6551,14 +6842,17 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit0 tunnel
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit3 up
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 add dev sit3
\end_layout
@@ -6587,6 +6881,7 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit0 up
\end_layout
@@ -6595,26 +6890,32 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 add gw
\end_layout
\begin_layout Code
+
¬ :: dev sit0
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 add gw
\end_layout
\begin_layout Code
+
¬ :: dev sit0
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 add gw
\end_layout
\begin_layout Code
+
¬ :: dev sit0
\end_layout
@@ -6644,6 +6945,7 @@ Entfernen eines Tunnel-Devices:
\end_layout
\begin_layout Code
+
# /sbin/ip tunnel del
\end_layout
@@ -6652,14 +6954,17 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route del dev sit1
\end_layout
\begin_layout Code
+
# /sbin/ip link set sit1 down
\end_layout
\begin_layout Code
+
# /sbin/ip tunnel del sit1
\end_layout
@@ -6668,14 +6973,17 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route del dev sit2
\end_layout
\begin_layout Code
+
# /sbin/ip link set sit2 down
\end_layout
\begin_layout Code
+
# /sbin/ip tunnel del sit2
\end_layout
@@ -6684,14 +6992,17 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route del dev sit3
\end_layout
\begin_layout Code
+
# /sbin/ip link set sit3 down
\end_layout
\begin_layout Code
+
# /sbin/ip tunnel del sit3
\end_layout
@@ -6712,10 +7023,12 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 del dev sit3
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit3 down
\end_layout
@@ -6724,10 +7037,12 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 del dev sit2
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit2 down
\end_layout
@@ -6736,10 +7051,12 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 add dev sit1
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit1 down
\end_layout
@@ -6748,6 +7065,7 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit0 down
\end_layout
@@ -6769,26 +7087,32 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 del gw
\end_layout
\begin_layout Code
+
¬ :: dev sit0
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 del gw
\end_layout
\begin_layout Code
+
¬ :: dev sit0
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 del gw
\end_layout
\begin_layout Code
+
¬ :: dev sit0
\end_layout
@@ -6797,6 +7121,7 @@ Anwendung (drei allgemeine Beispiele):
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit0 down
\end_layout
@@ -6857,6 +7182,7 @@ Angenommen, Ihre IPv4 Adresse ist:
\end_layout
\begin_layout Code
+
1.2.3.4
\end_layout
@@ -6865,6 +7191,7 @@ Dann ist das daraus resultierende 6to4 Präfix:
\end_layout
\begin_layout Code
+
2002:0102:0304::
\end_layout
@@ -6883,6 +7210,7 @@ pe Suffix kann benutzt werden) das Suffix
\end_layout
\begin_layout Code
+
2002:0102:0304::1
\end_layout
@@ -6891,6 +7219,7 @@ Zum automatischen Erstellen der Adresse können Sie folgenden Befehl nutzen:
\end_layout
\begin_layout Code
+
ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "`
\end_layout
@@ -6912,10 +7241,12 @@ Erstellen eines neues Tunnel-Device:
\end_layout
\begin_layout Code
+
# /sbin/ip tunnel add tun6to4 mode sit ttl remote any local
\end_layout
\begin_layout Code
+
¬
\end_layout
@@ -6924,6 +7255,7 @@ Interface aktivieren:
\end_layout
\begin_layout Code
+
# /sbin/ip link set dev tun6to4 up
\end_layout
@@ -6933,6 +7265,7 @@ Eine lokale 6to4 Adresse am Interface hinzufügen (Hinweis: Präfix-Länge
\end_layout
\begin_layout Code
+
# /sbin/ip -6 addr add /16 dev tun6to4
\end_layout
@@ -6942,6 +7275,7 @@ Hinzufügen der (Standard-) Route zum globalen IPv6 Netz unter Verwendung
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route add default via ::192.88.99.1 dev tun6to4 metric 1
\end_layout
@@ -6962,6 +7296,7 @@ ip
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route add default via 2002:c058:6301::1 dev tun6to4 metric
1
\end_layout
@@ -6981,6 +7316,7 @@ Das allgemeine Tunnel Interface sit0 aktivieren:
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit0 up
\end_layout
@@ -6989,6 +7325,7 @@ Dem Interface eine lokale 6to4 Adresse hinzufügen:
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit0 add /16
\end_layout
@@ -6998,6 +7335,7 @@ Hinzufügen der (Standard-) Route zum globalen IPv6 Netz unter Verwendung
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 add default gw ::192.88.99.1 dev sit0
\end_layout
@@ -7014,6 +7352,7 @@ Entfernen aller Routen über dieses bestimmten Tunnel Devices:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route flush dev tun6to4
\end_layout
@@ -7022,6 +7361,7 @@ Interface deaktivieren:
\end_layout
\begin_layout Code
+
# /sbin/ip link set dev tun6to4 down
\end_layout
@@ -7030,6 +7370,7 @@ Ein erstelltes Tunnel Device entfernen:
\end_layout
\begin_layout Code
+
# /sbin/ip tunnel del tun6to4
\end_layout
@@ -7043,6 +7384,7 @@ Entfernen der (Standard-) Route über ein 6to4 Tunnel Device:
\end_layout
\begin_layout Code
+
# /sbin/route -A inet6 del default gw ::192.88.99.1 dev sit0
\end_layout
@@ -7051,6 +7393,7 @@ Eine 6to4 Adresse des Interfaces entfernen:
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit0 del /16
\end_layout
@@ -7060,6 +7403,7 @@ Ein allgemeines Tunnel Device deaktivieren (aber Achtung, eventuell ist
\end_layout
\begin_layout Code
+
# /sbin/ifconfig sit0 down
\end_layout
@@ -7107,6 +7451,7 @@ Anwendung:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 tunnel show []
\end_layout
@@ -7117,15 +7462,18 @@ Beispiel:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 tunnel show mode any
\end_layout
\begin_layout Code
+
ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00
flowlabel 0x00000 (flowinfo 0x00000000)
\end_layout
\begin_layout Code
+
ip6tnl1: ip/ipv6 remote fd00:0:0:2::a local fd00:0:0:2::1 dev eth1 encaplimit
4 hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000)
\end_layout
@@ -7151,6 +7499,7 @@ Anwendung für die Erzeugung einer 4over6 Tunnel-Schnittstelle (welche danach
\end_layout
\begin_layout Code
+
# /sbin/ip tunnel add mode ip4ip6 remote
local
\end_layout
@@ -7162,15 +7511,18 @@ Anwendung (allgemeines Beispiel für drei Tunnels):
\end_layout
\begin_layout Code
+
# /sbin/ip -6 tunnel add ip6tnl1 mode ip4ip6 remote local
\end_layout
\begin_layout Code
+
# /sbin/ip link set dev ip6tnl1 up
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route add dev ip6tnl1 metric 1
\end_layout
@@ -7179,15 +7531,18 @@ Anwendung (allgemeines Beispiel für drei Tunnels):
\end_layout
\begin_layout Code
+
# /sbin/ip -6 tunnel add ip6tnl2 mode ip4ip6 remote local
\end_layout
\begin_layout Code
+
# /sbin/ip link set dev ip6tnl2 up
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route add dev ip6tnl2 metric 1
\end_layout
@@ -7196,15 +7551,18 @@ Anwendung (allgemeines Beispiel für drei Tunnels):
\end_layout
\begin_layout Code
+
# /sbin/ip -6 tunnel add ip6tnl3 mode ip4ip6 remote local
\end_layout
\begin_layout Code
+
# /sbin/ip link set dev ip6tnl3 up
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route add dev ip6tnl3 metric 1
\end_layout
@@ -7221,6 +7579,7 @@ Anwendung für das Löschen einer Tunnel-Schnittstelle:
\end_layout
\begin_layout Code
+
# /sbin/ip -6 tunnel del
\end_layout
@@ -7231,14 +7590,17 @@ Anwendung (allgemeines Beispiel für drei Tunnels):
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route del dev ip6tnl1
\end_layout
\begin_layout Code
+
# /sbin/ip link set ip6tnl1 down
\end_layout
\begin_layout Code
+
# /sbin/ip -6 tunnel del ip6tnl1
\end_layout
@@ -7247,14 +7609,17 @@ Anwendung (allgemeines Beispiel für drei Tunnels):
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route del dev ip6tnl2
\end_layout
\begin_layout Code
+
# /sbin/ip link set ip6tnl2 down
\end_layout
\begin_layout Code
+
# /sbin/ip -6 tunnel del ip6tnl2
\end_layout
@@ -7263,14 +7628,17 @@ Anwendung (allgemeines Beispiel für drei Tunnels):
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route del dev ip6tnl3
\end_layout
\begin_layout Code
+
# /sbin/ip link set ip6tnl3 down
\end_layout
\begin_layout Code
+
# /sbin/ip -6 tunnel del ip6tnl3
\end_layout
@@ -7350,6 +7718,7 @@ Das /proc-Dateisystem muss im Kernel aktiviert sein.
\end_layout
\begin_layout Code
+
CONFIG_PROC_FS=y
\end_layout
@@ -7359,10 +7728,12 @@ Das /proc-Dateisystem muss zuerst gemountet sein.
\end_layout
\begin_layout Code
+
# mount | grep "type proc"
\end_layout
\begin_layout Code
+
none on /proc type proc (rw)
\end_layout
@@ -7394,10 +7765,12 @@ cat
\end_layout
\begin_layout Code
+
# cat /proc/sys/net/ipv6/conf/all/forwarding
\end_layout
\begin_layout Code
+
0
\end_layout
@@ -7419,6 +7792,7 @@ echo
\end_layout
\begin_layout Code
+
# echo "1" >/proc/sys/net/ipv6/conf/all/forwarding
\end_layout
@@ -7467,6 +7841,7 @@ Das sysctl-Interface muss im Kernel aktiviert sein.
\end_layout
\begin_layout Code
+
CONFIG_SYSCTL=y
\end_layout
@@ -7479,10 +7854,12 @@ Der Wert eines Eintrags kann nun angezeigt werden:
\end_layout
\begin_layout Code
+
# sysctl net.ipv6.conf.all.forwarding
\end_layout
\begin_layout Code
+
net.ipv6.conf.all.forwarding = 0
\end_layout
@@ -7496,10 +7873,12 @@ Ein neuer Wert kann wie folgt zugewiesen werden (wenn der Eintrag beschreibbar
\end_layout
\begin_layout Code
+
# sysctl -w net.ipv6.conf.all.forwarding=1
\end_layout
\begin_layout Code
+
net.ipv6.conf.all.forwarding = 1
\end_layout
@@ -7519,10 +7898,12 @@ Anmerkung: Verwenden Sie beim setzen eines Wertes keine Leerzeichen vor
\end_layout
\begin_layout Code
+
# sysctl -w net.ipv4.ip_local_port_range="32768 61000"
\end_layout
\begin_layout Code
+
net.ipv4.ip_local_port_range = 32768 61000
\end_layout
@@ -8005,10 +8386,12 @@ target "http://www.zebra.org/"
\end_layout
\begin_layout Code
+
ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24),
\end_layout
\begin_layout Code
+
¬ seq=426, pid=0
\end_layout
@@ -8484,22 +8867,27 @@ net/ipv6/addrconf.c
\end_layout
\begin_layout Code
+
# cat /proc/net/if_inet6
\end_layout
\begin_layout Code
+
00000000000000000000000000000001 01 80 10 80 lo
\end_layout
\begin_layout Code
+
+------------------------------+ ++ ++ ++ ++ ++
\end_layout
\begin_layout Code
+
| | | | | |
\end_layout
\begin_layout Code
+
1 2 3 4 5 6
\end_layout
@@ -8593,22 +8981,27 @@ net/ipv6/route.c
\end_layout
\begin_layout Code
+
# cat /proc/net/ipv6_route
\end_layout
\begin_layout Code
+
00000000000000000000000000000000 00 00000000000000000000000000000000 00
\end_layout
\begin_layout Code
+
+------------------------------+ ++ +------------------------------+ ++
\end_layout
\begin_layout Code
+
| | | |
\end_layout
\begin_layout Code
+
1 2 3 4
\end_layout
@@ -8617,18 +9010,22 @@ net/ipv6/route.c
\end_layout
\begin_layout Code
+
¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo
\end_layout
\begin_layout Code
+
¬ +------------------------------+ +------+ +------+ +------+ +------+ ++
\end_layout
\begin_layout Code
+
¬ | | | | | |
\end_layout
\begin_layout Code
+
¬ 5 6 7 8 9 10
\end_layout
@@ -8688,22 +9085,27 @@ Statistiken über verwendete IPv6 Sockets.
\end_layout
\begin_layout Code
+
# cat /proc/net/sockstat6
\end_layout
\begin_layout Code
+
TCP6: inuse 7
\end_layout
\begin_layout Code
+
UDP6: inuse 2
\end_layout
\begin_layout Code
+
RAW6: inuse 1
\end_layout
\begin_layout Code
+
FRAG6: inuse 0 memory 0
\end_layout
@@ -8897,307 +9299,375 @@ Beispiel:
\end_layout
\begin_layout Code
+
# netstat -nlptu
\end_layout
\begin_layout Code
+
Active Internet connections (only servers)
\end_layout
\begin_layout Code
+
Proto Recv-Q Send-Q Local Address Foreign Address State
\end_layout
\begin_layout Code
+
¬ PID/Program name
\end_layout
\begin_layout Code
+
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN
\end_layout
\begin_layout Code
+
¬ 1258/rpc.statd
\end_layout
\begin_layout Code
+
tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN
\end_layout
\begin_layout Code
+
¬ 1502/rpc.mountd
\end_layout
\begin_layout Code
+
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
\end_layout
\begin_layout Code
+
¬ 22433/lpd Waiting
\end_layout
\begin_layout Code
+
tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN
\end_layout
\begin_layout Code
+
¬ 1746/smbd
\end_layout
\begin_layout Code
+
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
\end_layout
\begin_layout Code
+
¬ 1230/portmap
\end_layout
\begin_layout Code
+
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
\end_layout
\begin_layout Code
+
¬ 3551/X
\end_layout
\begin_layout Code
+
tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN
\end_layout
\begin_layout Code
+
¬ 18735/junkbuster
\end_layout
\begin_layout Code
+
tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN
\end_layout
\begin_layout Code
+
¬ 18822/(squid)
\end_layout
\begin_layout Code
+
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
\end_layout
\begin_layout Code
+
¬ 30734/named
\end_layout
\begin_layout Code
+
tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN
\end_layout
\begin_layout Code
+
¬ 6742/xinetd-ipv6
\end_layout
\begin_layout Code
+
tcp 0 0 :::13 :::* LISTEN
\end_layout
\begin_layout Code
+
¬ 6742/xinetd-ipv6
\end_layout
\begin_layout Code
+
tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN
\end_layout
\begin_layout Code
+
¬ 6742/xinetd-ipv6
\end_layout
\begin_layout Code
+
tcp 0 0 :::53 :::* LISTEN
\end_layout
\begin_layout Code
+
¬ 30734/named
\end_layout
\begin_layout Code
+
tcp 0 0 :::22 :::* LISTEN
\end_layout
\begin_layout Code
+
¬ 1410/sshd
\end_layout
\begin_layout Code
+
tcp 0 0 :::6010 :::* LISTEN
\end_layout
\begin_layout Code
+
¬ 13237/sshd
\end_layout
\begin_layout Code
+
udp 0 0 0.0.0.0:32768 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ 1258/rpc.statd
\end_layout
\begin_layout Code
+
udp 0 0 0.0.0.0:2049 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ -
\end_layout
\begin_layout Code
+
udp 0 0 0.0.0.0:32770 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ 1502/rpc.mountd
\end_layout
\begin_layout Code
+
udp 0 0 0.0.0.0:32771 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ -
\end_layout
\begin_layout Code
+
udp 0 0 1.2.3.1:137 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ 1751/nmbd
\end_layout
\begin_layout Code
+
udp 0 0 0.0.0.0:137 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ 1751/nmbd
\end_layout
\begin_layout Code
+
udp 0 0 1.2.3.1:138 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ 1751/nmbd
\end_layout
\begin_layout Code
+
udp 0 0 0.0.0.0:138 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ 1751/nmbd
\end_layout
\begin_layout Code
+
udp 0 0 0.0.0.0:33044 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ 30734/named
\end_layout
\begin_layout Code
+
udp 0 0 1.2.3.1:53 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ 30734/named
\end_layout
\begin_layout Code
+
udp 0 0 127.0.0.1:53 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ 30734/named
\end_layout
\begin_layout Code
+
udp 0 0 0.0.0.0:67 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ 1530/dhcpd
\end_layout
\begin_layout Code
+
udp 0 0 0.0.0.0:67 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ 1530/dhcpd
\end_layout
\begin_layout Code
+
udp 0 0 0.0.0.0:32858 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ 18822/(squid)
\end_layout
\begin_layout Code
+
udp 0 0 0.0.0.0:4827 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ 18822/(squid)
\end_layout
\begin_layout Code
+
udp 0 0 0.0.0.0:111 0.0.0.0:*
\end_layout
\begin_layout Code
+
¬ 1230/portmap
\end_layout
\begin_layout Code
+
udp 0 0 :::53 :::*
\end_layout
\begin_layout Code
+
¬ 30734/named
\end_layout
@@ -9230,26 +9700,32 @@ Router Advertisement
\end_layout
\begin_layout Code
+
15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router
\end_layout
\begin_layout Code
+
¬ advertisement(chlim=64, router_ltime=30, reachable_time=0,
\end_layout
\begin_layout Code
+
¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20,
\end_layout
\begin_layout Code
+
¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000,
\end_layout
\begin_layout Code
+
¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr:
\end_layout
\begin_layout Code
+
¬ 0:12:34:12:34:50) (len 88, hlim 255)
\end_layout
@@ -9302,10 +9778,12 @@ Router Anfrage
\end_layout
\begin_layout Code
+
15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation
\end_layout
\begin_layout Code
+
¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255)
\end_layout
@@ -9374,10 +9852,12 @@ fe80:212:34ff:fe12:3456
\end_layout
\begin_layout Code
+
15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has
\end_layout
\begin_layout Code
+
¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255)
\end_layout
@@ -9395,15 +9875,18 @@ Der Knoten will seine globale Adresse
\end_layout
\begin_layout Code
+
15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has
\end_layout
\begin_layout Code
+
¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len
32,
\end_layout
\begin_layout Code
+
¬ hlim 255)
\end_layout
@@ -9421,15 +9904,18 @@ Der Knoten will seine globale Adresse
\end_layout
\begin_layout Code
+
15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has
\end_layout
\begin_layout Code
+
¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32,
hlim
\end_layout
\begin_layout Code
+
¬ 255)
\end_layout
@@ -9451,15 +9937,18 @@ Der Knoten möchte Pakete an die Adresse
\end_layout
\begin_layout Code
+
13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6:
\end_layout
\begin_layout Code
+
¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len
32,
\end_layout
\begin_layout Code
+
¬ hlim 255)
\end_layout
@@ -9476,10 +9965,12 @@ fe80::10
\end_layout
\begin_layout Code
+
13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor
\end_layout
\begin_layout Code
+
¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255)
\end_layout
@@ -9607,6 +10098,7 @@ Sie können überprüfen, ob Ihre Distribution eine permanente IPv6 Konfiguratio
\end_layout
\begin_layout Code
+
/etc/sysconfig/network-scripts/network-functions-ipv6
\end_layout
@@ -9615,11 +10107,13 @@ Automatischer Test:
\end_layout
\begin_layout Code
+
# test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo
"Main
\end_layout
\begin_layout Code
+
¬ IPv6 script library exists"
\end_layout
@@ -9631,14 +10125,17 @@ Die Versionsnummer der Library ist von Interesse, wenn Sie Features vermissen
\end_layout
\begin_layout Code
+
# source /etc/sysconfig/network-scripts/network-functions-ipv6 &&
\end_layout
\begin_layout Code
+
¬ getversion_ipv6_functions
\end_layout
\begin_layout Code
+
20011124
\end_layout
@@ -9682,10 +10179,12 @@ Kurze Anleitung zum aktivieren von IPv6 bei RHL 7.1, 7.2, 7.3, ...
\end_layout
\begin_layout Code
+
# modprobe -c | grep net-pf-10
\end_layout
\begin_layout Code
+
alias net-pf-10 off
\end_layout
@@ -9703,6 +10202,7 @@ twork
\end_layout
\begin_layout Code
+
NETWORKING_IPV6=yes
\end_layout
@@ -9712,6 +10212,7 @@ Rebooten bzw.
\end_layout
\begin_layout Code
+
# service network restart
\end_layout
@@ -9720,10 +10221,12 @@ Nun sollte das IPv6 Modul geladen sein
\end_layout
\begin_layout Code
+
# modprobe -c | grep ipv6
\end_layout
\begin_layout Code
+
alias net-pf-10 ipv6
\end_layout
@@ -9792,6 +10295,7 @@ Editiere Datei /etc/sysconfig/network/ifcfg- und setze folgende
\end_layout
\begin_layout Code
+
IP6ADDR="/"
\end_layout
@@ -9827,6 +10331,7 @@ Editiere Datei /etc/sysconfig/network/ifcfg- und setze folgende
\end_layout
\begin_layout Code
+
IPADDR="/"
\end_layout
@@ -9881,44 +10386,54 @@ Konfiguriere die Schnittstelle (hier im Beispiel: eth0).
\end_layout
\begin_layout Code
+
iface eth0 inet6 static
\end_layout
\begin_layout Code
+
pre-up modprobe ipv6
\end_layout
\begin_layout Code
+
address 2001:0db8:1234:5::1:1
\end_layout
\begin_layout Code
+
# To suppress completely autoconfiguration:
\end_layout
\begin_layout Code
+
# up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf
\end_layout
\begin_layout Code
+
netmask 64
\end_layout
\begin_layout Code
+
# The router is autoconfigured and has no fixed address.
\end_layout
\begin_layout Code
+
# It is magically
\end_layout
\begin_layout Code
+
# found.
(/proc/sys/net/ipv6/conf/all/accept_ra).
Otherwise:
\end_layout
\begin_layout Code
+
#gateway 2001:0db8:1234:5::1
\end_layout
@@ -9929,6 +10444,7 @@ Danach rebooten oder folgendes Kommando ausführen
\end_layout
\begin_layout Code
+
# ifup --force eth0
\end_layout
@@ -10005,18 +10521,22 @@ Beispiel:
\end_layout
\begin_layout Code
+
# ip -6 addr show dev eth0 scope link
\end_layout
\begin_layout Code
+
2: eth0: mtu 1500 qlen1000
\end_layout
\begin_layout Code
+
inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link
\end_layout
\begin_layout Code
+
valid_lft forever preferred_lft forever
\end_layout
@@ -10592,6 +11112,7 @@ Wechseln Sie in das Source-Verzeichnis:
\end_layout
\begin_layout Code
+
# cd /path/to/src
\end_layout
@@ -10600,10 +11121,12 @@ Entpacken sie die Kernel-Quellen und vergeben diesen einen neuen Namen
\end_layout
\begin_layout Code
+
# tar z|jxf kernel-version.tar.gz|bz2
\end_layout
\begin_layout Code
+
# mv linux linux-version-iptables-version+IPv6
\end_layout
@@ -10612,6 +11135,7 @@ Entpacken Sie die iptables Quellen
\end_layout
\begin_layout Code
+
# tar z|jxf iptables-version.tar.gz|bz2
\end_layout
@@ -10624,6 +11148,7 @@ Wechseln Sie in das iptables Verzeichnis
\end_layout
\begin_layout Code
+
# cd iptables-version
\end_layout
@@ -10632,6 +11157,7 @@ Fügen Sie relevante Patches hinzu
\end_layout
\begin_layout Code
+
# make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/
\end_layout
@@ -10642,6 +11168,7 @@ Fügen Sie zusätzliche IPv6 relevante IPv6 Patches hinzu (die nach wie vor
\end_layout
\begin_layout Code
+
# make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/
\end_layout
@@ -10680,10 +11207,12 @@ REJECT.patch.ipv6
\end_layout
\begin_layout Code
+
# make print-extensions
\end_layout
\begin_layout Code
+
Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport
\end_layout
@@ -10696,6 +11225,7 @@ Wechseln Sie zu den Kernel-Quellen
\end_layout
\begin_layout Code
+
# cd /path/to/src/linux-version-iptables-version/
\end_layout
@@ -10704,10 +11234,12 @@ Editieren Sie das Makefile
\end_layout
\begin_layout Code
+
- EXTRAVERSION =
\end_layout
\begin_layout Code
+
+ EXTRAVERSION = -iptables-version+IPv6-try
\end_layout
@@ -10716,80 +11248,99 @@ Starten Sie configure und aktivieren Sie IPv6 relevante Optionen
\end_layout
\begin_layout Code
+
Code maturity level options
\end_layout
\begin_layout Code
+
Prompt for development and/or incomplete code/drivers
: yes
\end_layout
\begin_layout Code
+
Networking options
\end_layout
\begin_layout Code
+
Network packet filtering: yes
\end_layout
\begin_layout Code
+
The IPv6 protocol: module
\end_layout
\begin_layout Code
+
IPv6: Netfilter Configuration
\end_layout
\begin_layout Code
+
IP6 tables support: module
\end_layout
\begin_layout Code
+
All new options like following:
\end_layout
\begin_layout Code
+
limit match support: module
\end_layout
\begin_layout Code
+
MAC address match support: module
\end_layout
\begin_layout Code
+
Multiple port match support: module
\end_layout
\begin_layout Code
+
Owner match support: module
\end_layout
\begin_layout Code
+
netfilter MARK match support: module
\end_layout
\begin_layout Code
+
Aggregated address check: module
\end_layout
\begin_layout Code
+
Packet filtering: module
\end_layout
\begin_layout Code
+
REJECT target support: module
\end_layout
\begin_layout Code
+
LOG target support: module
\end_layout
\begin_layout Code
+
Packet mangling: module
\end_layout
\begin_layout Code
+
MARK target support: module
\end_layout
@@ -10815,6 +11366,7 @@ Benennen sie das ältere Verzeichnis um
\end_layout
\begin_layout Code
+
# mv /usr/src/linux /usr/src/linux.old
\end_layout
@@ -10823,6 +11375,7 @@ Erstellen Sie einen neuen symbolischen Link
\end_layout
\begin_layout Code
+
# ln -s /path/to/src/linux-version-iptables-version /usr/src/linux
\end_layout
@@ -10831,6 +11384,7 @@ Erstellen Sie ein neues SRPMS
\end_layout
\begin_layout Code
+
# rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm
\end_layout
@@ -10852,6 +11406,7 @@ Freshen
\end_layout
\begin_layout Code
+
# rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
\end_layout
@@ -10868,6 +11423,7 @@ install
\end_layout
\begin_layout Code
+
# rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
\end_layout
@@ -10886,6 +11442,7 @@ nodeps
\end_layout
\begin_layout Code
+
# rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
\end_layout
@@ -10895,6 +11452,7 @@ Damit iptables die Libraries finden kann, ist es eventuell notwendig, einen
\end_layout
\begin_layout Code
+
# ln -s /lib/iptables/ /usr/lib/iptables
\end_layout
@@ -10911,6 +11469,7 @@ Laden Sie das Modul (falls dies im Kernel so kompiliert wurde):
\end_layout
\begin_layout Code
+
# modprobe ip6_tables
\end_layout
@@ -10919,10 +11478,12 @@ Laden Sie das Modul (falls dies im Kernel so kompiliert wurde):
\end_layout
\begin_layout Code
+
# [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support
\end_layout
\begin_layout Code
+
¬ 'ip6tables' firewalling (IPv6)!"
\end_layout
@@ -10939,6 +11500,7 @@ Kurze Auflistung:
\end_layout
\begin_layout Code
+
# ip6tables -L
\end_layout
@@ -10947,6 +11509,7 @@ Erweiterte Auflistung:
\end_layout
\begin_layout Code
+
# ip6tables -n -v --line-numbers -L
\end_layout
@@ -10955,6 +11518,7 @@ Auflistung angegebener Filter
\end_layout
\begin_layout Code
+
# ip6tables -n -v --line-numbers -L INPUT
\end_layout
@@ -10963,10 +11527,12 @@ Hinzufügen einer Log-Regel zum Input-Filter mit Optionen
\end_layout
\begin_layout Code
+
# ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:"
\end_layout
\begin_layout Code
+
¬ --log-level 7
\end_layout
@@ -10975,6 +11541,7 @@ Hinzufügen einer Drop-Regel zum Input-Filter
\end_layout
\begin_layout Code
+
# ip6tables --table filter --append INPUT -j DROP
\end_layout
@@ -10983,6 +11550,7 @@ Löschen einer Regel mit Hilfe der Regelnummer
\end_layout
\begin_layout Code
+
# ip6tables --table filter --delete INPUT 1
\end_layout
@@ -11001,6 +11569,7 @@ Seit Kernel-Version 2.6.20 ist die Auswertung des IPv6-Verbindungsstatus gut
\end_layout
\begin_layout Code
+
# ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
\end_layout
@@ -11018,6 +11587,7 @@ Eingehender ICMPv6 Verkehr durch Tunnel erlauben
\end_layout
\begin_layout Code
+
# ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT
\end_layout
@@ -11026,6 +11596,7 @@ Ausgehenden ICMPv6 Verkehr durch Tunnel erlauben
\end_layout
\begin_layout Code
+
# ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT
\end_layout
@@ -11034,6 +11605,7 @@ Neuere Kernel erlauben das Spezifizieren des ICMPv6-Typs:
\end_layout
\begin_layout Code
+
# ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT
\end_layout
@@ -11052,10 +11624,12 @@ n Patitionen entgegenzuwirken.
\end_layout
\begin_layout Code
+
# ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request
\end_layout
\begin_layout Code
+
¬ -j ACCEPT --match limit --limit 30/minute
\end_layout
@@ -11074,10 +11648,12 @@ Eingehende SSH Verbindungen werden von der Adresse 2001:0db8:100::1/128
\end_layout
\begin_layout Code
+
# ip6tables -A INPUT -i sit+ -p tcp -s 2001:0db8:100::1/128 --sport 512:65535
\end_layout
\begin_layout Code
+
¬ --dport 22 -j ACCEPT
\end_layout
@@ -11092,10 +11668,12 @@ nicht mehr notwendig, wenn der IPv6-Verbindungsstatus ausgewertet wird!
\end_layout
\begin_layout Code
+
# ip6tables -A OUTPUT -o sit+ -p tcp -d 2001:0db8:100::1/128 --dport 512:65535
\end_layout
\begin_layout Code
+
¬ --sport 22 ! --syn -j ACCEPT
\end_layout
@@ -11113,6 +11691,7 @@ Akzeptiere eingehende IPv6-in-IPv4 Daten am interface ppp0
\end_layout
\begin_layout Code
+
# iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT
\end_layout
@@ -11121,6 +11700,7 @@ Akzeptiere ausgehende IPv6-in-IPv4 Daten am interface ppp0
\end_layout
\begin_layout Code
+
# iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT
\end_layout
@@ -11135,6 +11715,7 @@ Akzeptiere eingehende IPv6-in-IPv4 Daten vom Tunnel-Endpunkt 192.0.2.2 am interf
\end_layout
\begin_layout Code
+
# iptables -A INPUT -i ppp0 -p ipv6 -s 192.0.2.2 -j ACCEPT
\end_layout
@@ -11144,6 +11725,7 @@ Akzeptiere ausgehende IPv6-in-IPv4 Daten vom Tunnel-Endpunkt 192.0.2.2 am interf
\end_layout
\begin_layout Code
+
# iptables -A OUTPUT -o ppp0 -p ipv6 -d 192.0.2.2 -j ACCEPT
\end_layout
@@ -11167,6 +11749,7 @@ Blockiere eingehende TCP-Verbindungs-Anfragen zu diesem Host
\end_layout
\begin_layout Code
+
# ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP
\end_layout
@@ -11175,6 +11758,7 @@ Blockiere eingehende TCP-Verbindungs-Anfragen zu Hosts hinter diesem Router
\end_layout
\begin_layout Code
+
# ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP
\end_layout
@@ -11207,6 +11791,7 @@ Blockiere eingehende UDP-Pakete, die nicht Antworten ausgehender Anfragen
\end_layout
\begin_layout Code
+
# ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP
\end_layout
@@ -11216,6 +11801,7 @@ Blockiere eingehende UDP-Pakete, die nicht Antworten auf Anfragen von hinter
\end_layout
\begin_layout Code
+
# ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP
\end_layout
@@ -11244,6 +11830,7 @@ system-config-firewall
\end_layout
\begin_layout Code
+
Datei: /etc/sysconfig/ip6tables
\end_layout
@@ -11252,70 +11839,87 @@ Datei: /etc/sysconfig/ip6tables
\end_layout
\begin_layout Code
+
*filter :INPUT ACCEPT [0:0]
\end_layout
\begin_layout Code
+
:FORWARD ACCEPT [0:0]
\end_layout
\begin_layout Code
+
:OUTPUT ACCEPT [0:0]
\end_layout
\begin_layout Code
+
:RH-Firewall-1-INPUT - [0:0]
\end_layout
\begin_layout Code
+
-A INPUT -j RH-Firewall-1-INPUT
\end_layout
\begin_layout Code
+
-A FORWARD -j RH-Firewall-1-INPUT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited
\end_layout
\begin_layout Code
+
COMMIT
\end_layout
@@ -11327,6 +11931,7 @@ Zwecks der Vollständigkeit ist hier auch die entsprechende Konfiguration
\end_layout
\begin_layout Code
+
Datei: /etc/sysconfig/iptables
\end_layout
@@ -11335,71 +11940,88 @@ Datei: /etc/sysconfig/iptables
\end_layout
\begin_layout Code
+
*filter :INPUT ACCEPT [0:0]
\end_layout
\begin_layout Code
+
:FORWARD ACCEPT [0:0]
\end_layout
\begin_layout Code
+
:OUTPUT ACCEPT [0:0]
\end_layout
\begin_layout Code
+
:RH-Firewall-1-INPUT - [0:0]
\end_layout
\begin_layout Code
+
-A INPUT -j RH-Firewall-1-INPUT
\end_layout
\begin_layout Code
+
-A FORWARD -j RH-Firewall-1-INPUT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
\end_layout
\begin_layout Code
+
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
\end_layout
\begin_layout Code
+
COMMIT
\end_layout
@@ -11422,10 +12044,12 @@ Aktivieren von IPv4 & IPv6 Firewalling
\end_layout
\begin_layout Code
+
# service iptables start
\end_layout
\begin_layout Code
+
# service ip6tables start
\end_layout
@@ -11436,10 +12060,12 @@ Aktivieren des automatischen Starts nach dem Reboot
\end_layout
\begin_layout Code
+
# chkconfig iptables on
\end_layout
\begin_layout Code
+
# chkconfig ip6tables on
\end_layout
@@ -11453,472 +12079,578 @@ Folgende Zeilen zeigen ein umfangreicheres Setup.
\end_layout
\begin_layout Code
+
# ip6tables -n -v -L
\end_layout
\begin_layout Code
+
Chain INPUT (policy DROP 0 packets, 0 bytes)
\end_layout
\begin_layout Code
+
pkts bytes target prot opt in out source destination
\end_layout
\begin_layout Code
+
0 0 extIN all sit+ * ::/0 ::/0
\end_layout
\begin_layout Code
+
4 384 intIN all eth0 * ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 ACCEPT all * * ::1/128 ::1/128
\end_layout
\begin_layout Code
+
0 0 ACCEPT all lo * ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 LOG all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ LOG flags 0 level 7 prefix `INPUT-default:'
\end_layout
\begin_layout Code
+
0 0 DROP all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
\end_layout
\begin_layout Code
+
Chain FORWARD (policy DROP 0 packets, 0 bytes)
\end_layout
\begin_layout Code
+
pkts bytes target prot opt in out source destination
\end_layout
\begin_layout Code
+
¬
\end_layout
\begin_layout Code
+
0 0 int2ext all eth0 sit+ ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 ext2int all sit+ eth0 ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 LOG all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ LOG flags 0 level 7 prefix `FORWARD-default:'
\end_layout
\begin_layout Code
+
0 0 DROP all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
\end_layout
\begin_layout Code
+
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
\end_layout
\begin_layout Code
+
pkts bytes target prot opt in out source destination
\end_layout
\begin_layout Code
+
¬
\end_layout
\begin_layout Code
+
0 0 extOUT all * sit+ ::/0 ::/0
\end_layout
\begin_layout Code
+
4 384 intOUT all * eth0 ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 ACCEPT all * * ::1/128 ::1/128
\end_layout
\begin_layout Code
+
0 0 ACCEPT all * lo ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 LOG all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ LOG flags 0 level 7 prefix `OUTPUT-default:'
\end_layout
\begin_layout Code
+
0 0 DROP all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
\end_layout
\begin_layout Code
+
Chain ext2int (1 references)
\end_layout
\begin_layout Code
+
pkts bytes target prot opt in out source destination
\end_layout
\begin_layout Code
+
¬
\end_layout
\begin_layout Code
+
0 0 ACCEPT icmpv6 * * ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 ACCEPT tcp * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02
\end_layout
\begin_layout Code
+
0 0 LOG all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ LOG flags 0 level 7 prefix `ext2int-default:'
\end_layout
\begin_layout Code
+
0 0 DROP tcp * * ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 DROP udp * * ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 DROP all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
\end_layout
\begin_layout Code
+
Chain extIN (1 references)
\end_layout
\begin_layout Code
+
pkts bytes target prot opt in out source destination
\end_layout
\begin_layout Code
+
¬
\end_layout
\begin_layout Code
+
0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0
\end_layout
\begin_layout Code
+
¬ tcp spts:512:65535 dpt:22
\end_layout
\begin_layout Code
+
0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0
\end_layout
\begin_layout Code
+
¬ tcp spts:512:65535 dpt:22
\end_layout
\begin_layout Code
+
0 0 ACCEPT icmpv6 * * ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 ACCEPT tcp * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02
\end_layout
\begin_layout Code
+
0 0 ACCEPT udp * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ udp spts:1:65535 dpts:1024:65535
\end_layout
\begin_layout Code
+
0 0 LOG all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:'
\end_layout
\begin_layout Code
+
0 0 DROP all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
\end_layout
\begin_layout Code
+
Chain extOUT (1 references)
\end_layout
\begin_layout Code
+
pkts bytes target prot opt in out source destination
\end_layout
\begin_layout Code
+
¬
\end_layout
\begin_layout Code
+
0 0 ACCEPT tcp * * ::/0
\end_layout
\begin_layout Code
+
¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02
\end_layout
\begin_layout Code
+
0 0 ACCEPT tcp * * ::/0
\end_layout
\begin_layout Code
+
¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02
\end_layout
\begin_layout Code
+
0 0 ACCEPT icmpv6 * * ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 ACCEPT tcp * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ tcp spts:1024:65535 dpts:1:65535
\end_layout
\begin_layout Code
+
0 0 ACCEPT udp * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ udp spts:1024:65535 dpts:1:65535
\end_layout
\begin_layout Code
+
0 0 LOG all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ LOG flags 0 level 7 prefix `extOUT-default:'
\end_layout
\begin_layout Code
+
0 0 DROP all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
\end_layout
\begin_layout Code
+
Chain int2ext (1 references)
\end_layout
\begin_layout Code
+
pkts bytes target prot opt in out source destination
\end_layout
\begin_layout Code
+
¬
\end_layout
\begin_layout Code
+
0 0 ACCEPT icmpv6 * * ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 ACCEPT tcp * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ tcp spts:1024:65535 dpts:1:65535
\end_layout
\begin_layout Code
+
0 0 LOG all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ LOG flags 0 level 7 prefix `int2ext:'
\end_layout
\begin_layout Code
+
0 0 DROP all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 LOG all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ LOG flags 0 level 7 prefix `int2ext-default:'
\end_layout
\begin_layout Code
+
0 0 DROP tcp * * ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 DROP udp * * ::/0 ::/0
\end_layout
\begin_layout Code
+
0 0 DROP all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
\end_layout
\begin_layout Code
+
Chain intIN (1 references)
\end_layout
\begin_layout Code
+
pkts bytes target prot opt in out source destination
\end_layout
\begin_layout Code
+
¬
\end_layout
\begin_layout Code
+
0 0 ACCEPT all * * ::/0
\end_layout
\begin_layout Code
+
¬ fe80::/ffc0::
\end_layout
\begin_layout Code
+
4 384 ACCEPT all * * ::/0 ff02::/16
\end_layout
\begin_layout Code
+
\end_layout
\begin_layout Code
+
Chain intOUT (1 references)
\end_layout
\begin_layout Code
+
pkts bytes target prot opt in out source destination
\end_layout
\begin_layout Code
+
¬
\end_layout
\begin_layout Code
+
0 0 ACCEPT all * * ::/0
\end_layout
\begin_layout Code
+
¬ fe80::/ffc0::
\end_layout
\begin_layout Code
+
4 384 ACCEPT all * * ::/0 ff02::/16
\end_layout
\begin_layout Code
+
0 0 LOG all * * ::/0 ::/0
\end_layout
\begin_layout Code
+
¬ LOG flags 0 level 7 prefix `intOUT-default:'
\end_layout
\begin_layout Code
+
0 0 DROP all * * ::/0 ::/0
\end_layout
@@ -11956,6 +12688,7 @@ Wie bei IPv4 können Systeme hinter einem Router versteckt werden mit Hilfe
\end_layout
\begin_layout Code
+
# ip6tables -t nat -A POSTROUTING -o sixxs -s fec0::/64 -j MASQUERADE
\end_layout
@@ -11973,6 +12706,7 @@ Eine dedizierte öffentliche IPv6-Adresse kann zu einer internen IPv6-Adresse
\end_layout
\begin_layout Code
+
# ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i sixxs
-j DNAT --to-destination fec0::5054:ff:fe01:2345
\end_layout
@@ -11991,6 +12725,7 @@ Ein dedizierter Port kann zu einem internen System weitergeleitet werden,
\end_layout
\begin_layout Code
+
# ip6tables -t nat -A PREROUTING -i sixxs -p tcp --dport 8080 -j DNAT --to-desti
nation [fec0::1234]:80
\end_layout
@@ -12040,62 +12775,64 @@ Basis-nftables Konfiguration
\begin_layout Standard
\lang english
-Laden der Kernel-Module
+Laden der Kernel-Module:
\end_layout
\begin_layout Code
+
# modprobe nf_tables
\end_layout
\begin_layout Code
+
# modprobe nf_tables_ipv4
\end_layout
\begin_layout Code
+
# modprobe nf_tables_ipv6
\end_layout
\begin_layout Code
+
# modprobe nf_tables_inet
\end_layout
\begin_layout Standard
\lang english
-Erzeugen der Filter-Tabellen
+Löschen der Regeln in iptables and ip6tables um Interferenzen zu vermeiden:
\end_layout
\begin_layout Code
-# nft add table ip filter
+
+# iptables -F
\end_layout
\begin_layout Code
-# nft add table ip6 filter
+
+# ip6tables -F
+\end_layout
+
+\begin_layout Standard
+
+\lang english
+Erzeugen der Filter-Tabelle:
\end_layout
\begin_layout Code
+
# nft add table inet filter
\end_layout
\begin_layout Standard
\lang english
-Erzeugen einer input chain in jeder Filter-Tabelle
+Erzeugen einer input chain in der Filter-Tabelle:
\end_layout
\begin_layout Code
-# nft add chain ip filter input { type filter hook input priority 1
-\backslash
-; }
-\end_layout
-\begin_layout Code
-# nft add chain ip6 filter input { type filter hook input priority 1
-\backslash
-; }
-\end_layout
-
-\begin_layout Code
# nft add chain inet filter input { type filter hook input priority 0
\backslash
; }
@@ -12121,6 +12858,7 @@ Tabelle gehören
\end_layout
\begin_layout Code
+
# nft add rule inet filter input ct state established,related counter accept
\end_layout
@@ -12132,13 +12870,15 @@ Erlauben von IPv4 und IPv6 ICMP echo-request (aka ping)
\end_layout
\begin_layout Code
-# nft add rule ip filter input icmp type { echo-request } counter accept
-
+
+# nft add rule inet filter input meta nfproto ipv4 icmp type { echo-request
+ } counter accept
\end_layout
\begin_layout Code
-# nft add rule ip6 filter input icmpv6 type echo-request counter accept
-
+
+# nft add rule inet filter input meta nfproto ipv6 icmpv6 type echo-request
+ counter accept
\end_layout
\begin_layout Standard
@@ -12149,45 +12889,35 @@ Erlauben einiger wichtiger IPv6 ICMP Pakete, ohne Zähler, dafür mit Hop-Limit-
\end_layout
\begin_layout Code
-# nft add rule ip6 filter input icmpv6 type
+
+# nft add rule inet filter input meta nfproto ipv6
\end_layout
\begin_layout Code
-¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
+
+¬ icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert}
+ ip6 hoplimit 1 accept
\end_layout
\begin_layout Code
-¬ ip6 hoplimit 1 accept
+
+# nft add rule inet filter input meta nfproto ipv6
\end_layout
\begin_layout Code
-# nft add rule ip6 filter input icmpv6 type
-\end_layout
-\begin_layout Code
-¬ { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert }
-\end_layout
-
-\begin_layout Code
-¬ ip6 hoplimit 255 accept
+¬ icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert}
+ ip6 hoplimit 255 counter accept
\end_layout
\begin_layout Standard
\lang english
-Erlauben von eingehenden SSH-Verbindungen für IPv4 und IPv6 unter Nutzung
- der IP-Version unabhängigen Tabelle
-\begin_inset Quotes sld
-\end_inset
-
-inet
-\begin_inset Quotes srd
-\end_inset
-
-
+Erlauben von eingehenden SSH-Verbindungen für IPv4 und IPv6
\end_layout
\begin_layout Code
+
# nft add rule inet filter input tcp dport 22 ct state new tcp flags
\backslash
&
@@ -12199,6 +12929,27 @@ inet
) == syn counter accept
\end_layout
+\begin_layout Standard
+
+\lang english
+Reject/drop anderer Pakete
+\end_layout
+
+\begin_layout Code
+
+# nft add rule inet filter input tcp dport 0-65535 reject
+\end_layout
+
+\begin_layout Code
+
+# nft add rule inet filter input udp dport 0-65535 counter drop
+\end_layout
+
+\begin_layout Code
+
+# nft add rule inet filter input counter drop
+\end_layout
+
\begin_layout Subsubsection
\lang english
@@ -12207,127 +12958,358 @@ Ergebnis
\begin_layout Standard
-\lang english
-Tabelle für IPv4 Filter
-\end_layout
-
-\begin_layout Code
-# nft list table ip filter
-\end_layout
-
-\begin_layout Code
-table ip filter {
-\end_layout
-
-\begin_layout Code
- chain input {
-\end_layout
-
-\begin_layout Code
- type filter hook input priority 1;
-\end_layout
-
-\begin_layout Code
- icmp type { echo-request} counter packets 0 bytes 0 accept
-\end_layout
-
-\begin_layout Code
- }
-\end_layout
-
-\begin_layout Code
-}
-\end_layout
-
-\begin_layout Standard
-
-\lang english
-Tabelle für IPv6 Filter
-\end_layout
-
-\begin_layout Code
-# nft list table ip6 filter
-\end_layout
-
-\begin_layout Code
-table ip6 filter {
-\end_layout
-
-\begin_layout Code
- chain input {
-\end_layout
-
-\begin_layout Code
- type filter hook input priority 1;
-\end_layout
-
-\begin_layout Code
- icmpv6 type echo-request counter packets 0 bytes 0 accept
-\end_layout
-
-\begin_layout Code
- ip6 hoplimit 1 icmpv6 type
-\end_layout
-
-\begin_layout Code
-¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
-\end_layout
-
-\begin_layout Code
- ip6 hoplimit 255 icmpv6 type
-\end_layout
-
-\begin_layout Code
-¬ { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
-\end_layout
-
-\begin_layout Code
- }
-\end_layout
-
-\begin_layout Code
-}
-\end_layout
-
-\begin_layout Standard
-
\lang english
Tabelle für IP unabhängigen Filter
\end_layout
\begin_layout Code
-# nft list table inet filter
-\end_layout
-\begin_layout Code
table inet filter {
\end_layout
\begin_layout Code
+
chain input {
\end_layout
\begin_layout Code
+
type filter hook input priority 0;
\end_layout
\begin_layout Code
- ct state established,related counter packets 44 bytes 2288 accept
+
+ ct state established,related counter packets 0 bytes 0 accept
\end_layout
\begin_layout Code
+
+ ip protocol icmp icmp type { echo-request} counter packets 0 bytes 0
+ accept
+\end_layout
+
+\begin_layout Code
+
+ ip6 nexthdr ipv6-icmp icmpv6 type echo-request counter packets 0 bytes
+ 0 accept
+\end_layout
+
+\begin_layout Code
+
+ ip6 nexthdr ipv6-icmp ip6 hoplimit 1 icmpv6 type { nd-neighbor-advert,
+ nd-neighbor-solicit, nd-router-advert} accept
+\end_layout
+
+\begin_layout Code
+
+ ip6 nexthdr ipv6-icmp ip6 hoplimit 255 icmpv6 type { nd-neighbor-advert,
+ nd-neighbor-solicit, nd-router-advert} accept
+\end_layout
+
+\begin_layout Code
+
tcp dport ssh ct state new tcp flags & (syn | ack) == syn counter packets
0 bytes 0 accept
\end_layout
\begin_layout Code
+
+ tcp dport >= 0 tcp dport <= 65535 counter packets 0 bytes 0 reject
+\end_layout
+
+\begin_layout Code
+
+ udp dport >= 0 udp dport <= 65535 counter packets 0 bytes 0 drop
+\end_layout
+
+\begin_layout Code
+
+ log prefix counter packets 0 bytes 0 drop
+\end_layout
+
+\begin_layout Code
+
}
\end_layout
\begin_layout Code
+
}
\end_layout
+\begin_layout Subsubsection
+
+\lang english
+Tipps für's Loggen
+\end_layout
+
+\begin_layout Standard
+
+\lang english
+Für Logging wird ein zusätzliches Kernelmodul benötigt:
+\end_layout
+
+\begin_layout Code
+
+# modprobe xt_LOG
+\end_layout
+
+\begin_layout Standard
+
+\lang english
+ACHTUNG, MOMENTAN KANN DER LOG-LEVEL NICHT ANGEGEBEN WERDEN, dadurch werden
+ nftables-Ereignisse mit Log-Level kern.emerg ausgegeben - ES BESTEHT DIE
+ GEFAHR, DASS DIE KONSOLE DADURCH ÜBERFLUTET WIRD!
+\end_layout
+
+\begin_layout Standard
+
+\lang english
+Für erste Tests mit der Log-Option kann es nützlich sein, das Loggens für
+ emergency-Ereignisse in z.B.
+ /etc/rsyslog.conf zu deaktivieren mit Hilfe eines
+\begin_inset Quotes sld
+\end_inset
+
+#
+\begin_inset Quotes srd
+\end_inset
+
+ am Anfang der Zeile und Neustart des logging-Daemons
+\end_layout
+
+\begin_layout Code
+
+#*.emerg :omusrmsg:*
+\end_layout
+
+\begin_layout Standard
+
+\lang english
+Regel von oben, welche SSH auf Port 22 erlaubt, nun mit Logging:
+\end_layout
+
+\begin_layout Code
+
+# nft add rule inet filter input tcp dport 22 ct state new tcp flags
+\backslash
+&
+\backslash
+(syn
+\backslash
+| ack
+\backslash
+) == syn log prefix
+\backslash
+"inet/input/accept:
+\backslash
+" counter accept
+\end_layout
+
+\begin_layout Subsection
+
+\lang english
+Filter-Policy mit nftables unter Benutzung der Tablellen
+\begin_inset Quotes sld
+\end_inset
+
+ip
+\begin_inset Quotes srd
+\end_inset
+
+,
+\begin_inset Quotes sld
+\end_inset
+
+ip6
+\begin_inset Quotes srd
+\end_inset
+
+ und
+\begin_inset Quotes sld
+\end_inset
+
+inet
+\begin_inset Quotes srd
+\end_inset
+
+
+\end_layout
+
+\begin_layout Standard
+
+\lang english
+Wie oben schon beschrieben, wenn die Regeln in den einzelnen Tabellen konfigurie
+rt werden, muss gesichert sein, dass frühere
+\begin_inset Quotes sld
+\end_inset
+
+accepts
+\begin_inset Quotes srd
+\end_inset
+
+ nicht aufgehoben werden.
+ Eine einfache Lösung ist die Benutzung von Markierungen.
+ Regeln, die Pakete erlauben, setzen die Marke mit
+\begin_inset Quotes sld
+\end_inset
+
+meta mark set xxxx
+\begin_inset Quotes srd
+\end_inset
+
+.
+ Eine generische Regel erlaubt Pakete mit gesetzter Marke
+\begin_inset Quotes sld
+\end_inset
+
+mark xxxx
+\begin_inset Quotes srd
+\end_inset
+
+.
+ Beispiel für ein resultierendes Filter-Regelwerk:
+\end_layout
+
+\begin_layout Code
+
+# for table in ip ip6 inet; do nft list table $table filter; done
+\end_layout
+
+\begin_layout Code
+
+table ip filter {
+\end_layout
+
+\begin_layout Code
+
+ chain input {
+\end_layout
+
+\begin_layout Code
+
+ type filter hook input priority 0;
+\end_layout
+
+\begin_layout Code
+
+ ct state established,related counter packets 241 bytes 25193 accept
+\end_layout
+
+\begin_layout Code
+
+ counter packets 2 bytes 120 mark 0x00000100 accept
+\end_layout
+
+\begin_layout Code
+
+ icmp type { echo-request} counter packets 0 bytes 0 meta mark set 0x00000100
+ accept
+\end_layout
+
+\begin_layout Code
+
+ }
+\end_layout
+
+\begin_layout Code
+
+}
+\end_layout
+
+\begin_layout Code
+
+table ip6 filter {
+\end_layout
+
+\begin_layout Code
+
+ chain input {
+\end_layout
+
+\begin_layout Code
+
+ type filter hook input priority 0;
+\end_layout
+
+\begin_layout Code
+
+ ct state established,related counter packets 14 bytes 4077 accept
+\end_layout
+
+\begin_layout Code
+
+ counter packets 4 bytes 408 mark 0x00000100 accept
+\end_layout
+
+\begin_layout Code
+
+ icmpv6 type echo-request counter packets 1 bytes 104 meta mark set 0x00000100
+\end_layout
+
+\begin_layout Code
+
+ icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert}
+ counter packets 2 bytes 224 meta mark set 0x00000100 accept
+\end_layout
+
+\begin_layout Code
+
+ }
+\end_layout
+
+\begin_layout Code
+
+}
+\end_layout
+
+\begin_layout Code
+
+table inet filter {
+\end_layout
+
+\begin_layout Code
+
+ chain input {
+\end_layout
+
+\begin_layout Code
+
+ type filter hook input priority 0;
+\end_layout
+
+\begin_layout Code
+
+ ct state established,related counter packets 307 bytes 31974 accept
+\end_layout
+
+\begin_layout Code
+
+ counter packets 6 bytes 528 mark 0x00000100 accept
+\end_layout
+
+\begin_layout Code
+
+ tcp dport ssh ct state new tcp flags & (syn | ack) == syn log prefix
+ "inet/input/accept: " meta mark set 0x00000100 counter packets 3 bytes
+ 200 accept
+\end_layout
+
+\begin_layout Code
+
+ log prefix "inet/input/reject: " counter packets 0 bytes 0 reject
+\end_layout
+
+\begin_layout Code
+
+ }
+\end_layout
+
+\begin_layout Code
+
+}
+\end_layout
+
\begin_layout Chapter
\begin_inset CommandInset label
LatexCommand label
@@ -12436,10 +13418,12 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se
\end_layout
\begin_layout Code
+
# nc6 ::1 daytime
\end_layout
\begin_layout Code
+
13 JUL 2002 11:22:22 CEST
\end_layout
@@ -12461,43 +13445,53 @@ target "http://www.insecure.org/nmap/"
\end_layout
\begin_layout Code
+
# nmap -6 -sT ::1
\end_layout
\begin_layout Code
+
Starting nmap V.
3.10ALPHA3 ( www.insecure.org/nmap/ )
\end_layout
\begin_layout Code
+
Interesting ports on localhost6 (::1):
\end_layout
\begin_layout Code
+
(The 1600 ports scanned but not shown below are in state: closed)
\end_layout
\begin_layout Code
+
Port State Service
\end_layout
\begin_layout Code
+
22/tcp open ssh
\end_layout
\begin_layout Code
+
53/tcp open domain
\end_layout
\begin_layout Code
+
515/tcp open printer
\end_layout
\begin_layout Code
+
2401/tcp open cvspserver
\end_layout
\begin_layout Code
+
Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds
\end_layout
@@ -12520,26 +13514,32 @@ target "http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#se
\end_layout
\begin_layout Code
+
# ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange .
\end_layout
\begin_layout Code
+
::1 2401 unassigned unknown
\end_layout
\begin_layout Code
+
::1 22 ssh Secure Shell - RSA encrypted rsh
\end_layout
\begin_layout Code
+
::1 515 printer spooler (lpd)
\end_layout
\begin_layout Code
+
::1 6010 unassigned unknown
\end_layout
\begin_layout Code
+
::1 53 domain Domain Name Server
\end_layout
@@ -12910,22 +13910,27 @@ Beispiel für eine Ende-zu-Ende verschlüsselte Verbindung im Transport-Modus
\end_layout
\begin_layout Code
+
#!/sbin/setkey -f
\end_layout
\begin_layout Code
+
flush;
\end_layout
\begin_layout Code
+
spdflush;
\end_layout
\begin_layout Code
+
spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require;
\end_layout
\begin_layout Code
+
spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require;
\end_layout
@@ -12940,30 +13945,37 @@ Beispiel für eine Ende-zu-Ende verschlüsselte Verbindung im Tunnel-Modus
\end_layout
\begin_layout Code
+
#!/sbin/setkey -f
\end_layout
\begin_layout Code
+
flush;
\end_layout
\begin_layout Code
+
spdflush;
\end_layout
\begin_layout Code
+
spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec
\end_layout
\begin_layout Code
+
¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require;
\end_layout
\begin_layout Code
+
spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec
\end_layout
\begin_layout Code
+
¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require;
\end_layout
@@ -13033,18 +14045,22 @@ Datei: /etc/racoon/racoon.conf
\end_layout
\begin_layout Code
+
# Racoon IKE daemon configuration file.
\end_layout
\begin_layout Code
+
# See 'man racoon.conf' for a description of the format and entries.
\end_layout
\begin_layout Code
+
path include "/etc/racoon";
\end_layout
\begin_layout Code
+
path pre_shared_key "/etc/racoon/psk.txt";
\end_layout
@@ -13053,18 +14069,22 @@ path pre_shared_key "/etc/racoon/psk.txt";
\end_layout
\begin_layout Code
+
listen
\end_layout
\begin_layout Code
+
{
\end_layout
\begin_layout Code
+
isakmp 2001:db8:1:1::1;
\end_layout
\begin_layout Code
+
}
\end_layout
@@ -13073,50 +14093,62 @@ listen
\end_layout
\begin_layout Code
+
remote 2001:db8:2:2::2
\end_layout
\begin_layout Code
+
{
\end_layout
\begin_layout Code
+
exchange_mode main;
\end_layout
\begin_layout Code
+
lifetime time 24 hour;
\end_layout
\begin_layout Code
+
proposal
\end_layout
\begin_layout Code
+
{
\end_layout
\begin_layout Code
+
encryption_algorithm 3des;
\end_layout
\begin_layout Code
+
hash_algorithm md5;
\end_layout
\begin_layout Code
+
authentication_method pre_shared_key;
\end_layout
\begin_layout Code
+
dh_group 2;
\end_layout
\begin_layout Code
+
}
\end_layout
\begin_layout Code
+
}
\end_layout
@@ -13125,34 +14157,42 @@ remote 2001:db8:2:2::2
\end_layout
\begin_layout Code
+
# gateway-to-gateway
\end_layout
\begin_layout Code
+
sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any
\end_layout
\begin_layout Code
+
{
\end_layout
\begin_layout Code
+
lifetime time 1 hour;
\end_layout
\begin_layout Code
+
encryption_algorithm 3des;
\end_layout
\begin_layout Code
+
authentication_algorithm hmac_md5;
\end_layout
\begin_layout Code
+
compression_algorithm deflate;
\end_layout
\begin_layout Code
+
}
\end_layout
@@ -13161,30 +14201,37 @@ sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any
\end_layout
\begin_layout Code
+
sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any
\end_layout
\begin_layout Code
+
{
\end_layout
\begin_layout Code
+
lifetime time 1 hour;
\end_layout
\begin_layout Code
+
encryption_algorithm 3des;
\end_layout
\begin_layout Code
+
authentication_algorithm hmac_md5;
\end_layout
\begin_layout Code
+
compression_algorithm deflate;
\end_layout
\begin_layout Code
+
}
\end_layout
@@ -13201,10 +14248,12 @@ Datei: /etc/racoon/psk.txt
\end_layout
\begin_layout Code
+
# file for pre-shared keys used for IKE authentication
\end_layout
\begin_layout Code
+
# format is: 'identifier' 'key'
\end_layout
@@ -13213,6 +14262,7 @@ Datei: /etc/racoon/psk.txt
\end_layout
\begin_layout Code
+
2001:db8:2:2::2 verysecret
\end_layout
@@ -13240,81 +14290,100 @@ Zum Schluss muss der Daemon gestartet werden.
\end_layout
\begin_layout Code
+
# racoon -F -v -f /etc/racoon/racoon.conf
\end_layout
\begin_layout Code
+
Foreground mode.
\end_layout
\begin_layout Code
+
2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net
)
\end_layout
\begin_layout Code
+
2005-01-01 20:30:15: INFO: @(#)This product linked
\end_layout
\begin_layout Code
+
¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/)
\end_layout
\begin_layout Code
+
2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7)
\end_layout
\begin_layout Code
+
2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2
\end_layout
\begin_layout Code
+
¬ queued due to no phase1 found.
\end_layout
\begin_layout Code
+
2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation:
\end_layout
\begin_layout Code
+
¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500]
\end_layout
\begin_layout Code
+
2005-01-01 20:31:06: INFO: begin Identity Protection mode.
\end_layout
\begin_layout Code
+
2005-01-01 20:31:09: INFO: ISAKMP-SA established
\end_layout
\begin_layout Code
+
¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40
1
\end_layout
\begin_layout Code
+
2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation:
\end_layout
\begin_layout Code
+
¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0]
\end_layout
\begin_layout Code
+
2005-01-01 20:31:10: INFO: IPsec-SA established:
\end_layout
\begin_layout Code
+
¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab)
\end_layout
\begin_layout Code
+
2005-01-01 20:31:10: INFO: IPsec-SA established:
\end_layout
\begin_layout Code
+
¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4)
\end_layout
@@ -13335,10 +14404,12 @@ tcpdump
\end_layout
\begin_layout Code
+
20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3)
\end_layout
\begin_layout Code
+
20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3)
\end_layout
@@ -13363,94 +14434,117 @@ setkey
\end_layout
\begin_layout Code
+
# setkey -D
\end_layout
\begin_layout Code
+
2001:db8:1:1::1 2001:db8:2:2::2
\end_layout
\begin_layout Code
+
esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000)
\end_layout
\begin_layout Code
+
E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd
\end_layout
\begin_layout Code
+
A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db
\end_layout
\begin_layout Code
+
seq=0x00000000 replay=4 flags=0x00000000 state=mature
\end_layout
\begin_layout Code
+
created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005
\end_layout
\begin_layout Code
+
diff: 577(s) hard: 3600(s) soft: 2880(s)
\end_layout
\begin_layout Code
+
last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s)
\end_layout
\begin_layout Code
+
current: 540(bytes) hard: 0(bytes) soft: 0(bytes)
\end_layout
\begin_layout Code
+
allocated: 3 hard: 0 soft: 0
\end_layout
\begin_layout Code
+
sadb_seq=1 pid=22358 refcnt=0
\end_layout
\begin_layout Code
+
2001:db8:2:2::2 2001:db8:1:1::1
\end_layout
\begin_layout Code
+
esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000)
\end_layout
\begin_layout Code
+
E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce
\end_layout
\begin_layout Code
+
A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e
\end_layout
\begin_layout Code
+
seq=0x00000000 replay=4 flags=0x00000000 state=mature
\end_layout
\begin_layout Code
+
created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005
\end_layout
\begin_layout Code
+
diff: 577(s) hard: 3600(s) soft: 2880(s)
\end_layout
\begin_layout Code
+
last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s)
\end_layout
\begin_layout Code
+
current: 312(bytes) hard: 0(bytes) soft: 0(bytes)
\end_layout
\begin_layout Code
+
allocated: 3 hard: 0 soft: 0
\end_layout
\begin_layout Code
+
sadb_seq=0 pid=22358 refcnt=0
\end_layout
@@ -13555,18 +14649,22 @@ Datei: /etc/ipsec.conf
\end_layout
\begin_layout Code
+
# /etc/ipsec.conf - Openswan IPsec configuration file
\end_layout
\begin_layout Code
+
#
\end_layout
\begin_layout Code
+
# Manual: ipsec.conf.5
\end_layout
\begin_layout Code
+
version 2.0 # conforms to second version of ipsec.conf specification
\end_layout
@@ -13575,22 +14673,27 @@ version 2.0 # conforms to second version of ipsec.conf specification
\end_layout
\begin_layout Code
+
# basic configuration
\end_layout
\begin_layout Code
+
config setup
\end_layout
\begin_layout Code
+
# Debug-logging controls: "none" for (almost) none, "all" for lots.
\end_layout
\begin_layout Code
+
# klipsdebug=none
\end_layout
\begin_layout Code
+
# plutodebug="control parsing"
\end_layout
@@ -13599,10 +14702,12 @@ config setup
\end_layout
\begin_layout Code
+
#Disable Opportunistic Encryption
\end_layout
\begin_layout Code
+
include /etc/ipsec.d/examples/no_oe.conf
\end_layout
@@ -13611,55 +14716,68 @@ include /etc/ipsec.d/examples/no_oe.conf
\end_layout
\begin_layout Code
+
conn ipv6-p1-p2
\end_layout
\begin_layout Code
+
connaddrfamily=ipv6 # Important for IPv6, but no longer needed
since StrongSwan 4
\end_layout
\begin_layout Code
+
left=2001:db8:1:1::1
\end_layout
\begin_layout Code
+
right=2001:db8:2:2::2
\end_layout
\begin_layout Code
+
authby=secret
\end_layout
\begin_layout Code
+
esp=aes128-sha1
\end_layout
\begin_layout Code
+
ike=aes128-sha-modp1024
\end_layout
\begin_layout Code
+
type=transport
\end_layout
\begin_layout Code
+
#type=tunnel
\end_layout
\begin_layout Code
+
compress=no
\end_layout
\begin_layout Code
+
#compress=yes
\end_layout
\begin_layout Code
+
auto=add
\end_layout
\begin_layout Code
+
#auto=up
\end_layout
@@ -13680,6 +14798,7 @@ Datei: /etc/ipsec.secrets
\end_layout
\begin_layout Code
+
2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret"
\end_layout
@@ -13706,6 +14825,7 @@ Wenn die Installation von Openswan erfolgreich war, sollte ein initscript
\end_layout
\begin_layout Code
+
# /etc/rc.d/init.d/ipsec start
\end_layout
@@ -13725,34 +14845,42 @@ IPsec SA established
\end_layout
\begin_layout Code
+
# ipsec auto --up ipv6-peer1-peer2
\end_layout
\begin_layout Code
+
104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate
\end_layout
\begin_layout Code
+
106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2
\end_layout
\begin_layout Code
+
108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3
\end_layout
\begin_layout Code
+
004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established
\end_layout
\begin_layout Code
+
112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate
\end_layout
\begin_layout Code
+
004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2,
\end_layout
\begin_layout Code
+
¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22}
\end_layout
@@ -13772,94 +14900,117 @@ setkey
\end_layout
\begin_layout Code
+
# setkey -D
\end_layout
\begin_layout Code
+
2001:db8:1:1::1 2001:db8:2:2::2
\end_layout
\begin_layout Code
+
esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001)
\end_layout
\begin_layout Code
+
E: aes-cbc 082ee274 2744bae5 7451da37 1162b483
\end_layout
\begin_layout Code
+
A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c
\end_layout
\begin_layout Code
+
seq=0x00000000 replay=64 flags=0x00000000 state=mature
\end_layout
\begin_layout Code
+
created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005
\end_layout
\begin_layout Code
+
diff: 348(s) hard: 0(s) soft: 0(s)
\end_layout
\begin_layout Code
+
last: hard: 0(s) soft: 0(s)
\end_layout
\begin_layout Code
+
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
\end_layout
\begin_layout Code
+
allocated: 0 hard: 0 soft: 0
\end_layout
\begin_layout Code
+
sadb_seq=1 pid=23825 refcnt=0
\end_layout
\begin_layout Code
+
2001:db8:2:2::2 2001:db8:1:1::1
\end_layout
\begin_layout Code
+
esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001)
\end_layout
\begin_layout Code
+
E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18
\end_layout
\begin_layout Code
+
A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b
\end_layout
\begin_layout Code
+
seq=0x00000000 replay=64 flags=0x00000000 state=mature
\end_layout
\begin_layout Code
+
created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005
\end_layout
\begin_layout Code
+
diff: 349(s) hard: 0(s) soft: 0(s)
\end_layout
\begin_layout Code
+
last: hard: 0(s) soft: 0(s)
\end_layout
\begin_layout Code
+
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
\end_layout
\begin_layout Code
+
allocated: 0 hard: 0 soft: 0
\end_layout
\begin_layout Code
+
sadb_seq=0 pid=23825 refcnt=0
\end_layout
@@ -13884,10 +15035,12 @@ ip
\end_layout
\begin_layout Code
+
# ip xfrm policy
\end_layout
\begin_layout Code
+
...
\end_layout
@@ -13896,10 +15049,12 @@ ip
\end_layout
\begin_layout Code
+
# ip xfrm state
\end_layout
\begin_layout Code
+
...
\end_layout
@@ -13949,32 +15104,39 @@ Vernünftig funktionierendes QoS ist nur an der ausgehenden Schnittstelle
\end_layout
\begin_layout Code
+
------------------->-------
\end_layout
\begin_layout Code
+
Queue 1
\backslash
\end_layout
\begin_layout Code
+
--->--- ---->--------->--------->-------------------
\end_layout
\begin_layout Code
+
Dicke Leitung Queue 2 Queue 1 / Queue 2 / Queue 3 Dünne Leitung
\end_layout
\begin_layout Code
+
--->---- ---->--------->--------->-------------------
\end_layout
\begin_layout Code
+
Queue 3 /
\end_layout
\begin_layout Code
+
------------------->-------
\end_layout
@@ -14056,6 +15218,7 @@ Definition einer root qdisc mit einer Bandbreite von 1000 MBit/s an eth1
\end_layout
\begin_layout Code
+
# tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1000Mbit
\end_layout
@@ -14072,6 +15235,7 @@ Definition einer Klasse 1:1 mit 1 MBit/s
\end_layout
\begin_layout Code
+
# tc class add dev eth1 parent 1: classid 1:1 cbq rate 1Mbit allot 1500
bounded
\end_layout
@@ -14083,6 +15247,7 @@ Definition einer Klasse 1:2 mit 50 MBit/s
\end_layout
\begin_layout Code
+
# tc class add dev eth1 parent 1: classid 1:2 cbq rate 50Mbit allot 1500
bounded
\end_layout
@@ -14094,6 +15259,7 @@ Definition einer Klasse 1:3 mit 10 MBit/s
\end_layout
\begin_layout Code
+
# tc class add dev eth1 parent 1: classid 1:3 cbq rate 10Mbit allot 1500
bounded
\end_layout
@@ -14105,6 +15271,7 @@ Definition einer Klasse 1:4 mit 200 kBit/s
\end_layout
\begin_layout Code
+
# tc class add dev eth1 parent 1: classid 1:4 cbq rate 200kbit allot 1500
bounded
\end_layout
@@ -14134,6 +15301,7 @@ match ip dport 5001 0xffff
\end_layout
\begin_layout Code
+
# tc filter add dev eth1 parent 1: protocol ip u32 match ip protocol
6 0xff match ip dport 5001 0xffff flowid 1:1
\end_layout
@@ -14153,6 +15321,7 @@ match ip6 protocol 6 0xff
\end_layout
\begin_layout Code
+
# tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 protocol
6 0xff match ip6 dport 5001 0xffff flowid 1:2
\end_layout
@@ -14168,6 +15337,7 @@ match ip6 flowlabel 0x12345 0x3ffff
\end_layout
\begin_layout Code
+
# tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 flowlabel
12345 0x3ffff flowid 1:3
\end_layout
@@ -14184,6 +15354,7 @@ handle 32 fw
\end_layout
\begin_layout Code
+
# tc filter add dev eth1 parent 1: protocol ipv6 handle 32 fw flowid 1:4
\end_layout
@@ -14195,6 +15366,7 @@ Die letzte Filterdefinition benötigt auch einen Eintrag in ip6tables um
\end_layout
\begin_layout Code
+
# ip6tables -A POSTROUTING -t mangle -p tcp --dport 5003 -j MARK --set-mark
32
\end_layout
@@ -14212,14 +15384,17 @@ Starten auf Serverseite in separaten Konsolen:
\end_layout
\begin_layout Code
+
# iperf -V -s -p 5001
\end_layout
\begin_layout Code
+
# iperf -V -s -p 5002
\end_layout
\begin_layout Code
+
# iperf -V -s -p 5003
\end_layout
@@ -14230,29 +15405,35 @@ Starten auf Clientseite und Vergleichen der Ergebnisse:
\end_layout
\begin_layout Code
+
# iperf -V -c SERVER-IPv4 -p 5001 (erwartet: 1 MBit/s)
\end_layout
\begin_layout Code
+
# iperf -V -c SERVER-IPv6 -p 5001 (erwartet: 50 MBit/s)
\end_layout
\begin_layout Code
+
# iperf -V -c SERVER-IPv4 -p 5002 (erwartet: >> 50 MBit/s && <= 1000
MBit/s)
\end_layout
\begin_layout Code
+
# iperf -V -c SERVER-IPv6 -p 5002 (erwartet: >> 50 MBit/s && <= 1000
MBit/s)
\end_layout
\begin_layout Code
+
# iperf -V -c SERVER-IPv4 -p 5003 (erwartet: >> 50 MBit/s && <= 1000
MBit/s)
\end_layout
\begin_layout Code
+
# iperf -V -c SERVER-IPv6 -p 5003 (erwartet: 200 kBit/s)
\end_layout
@@ -14336,18 +15517,22 @@ Folgende Optionen müssen geändert werden, damit IPv6 aktiviert wird
\end_layout
\begin_layout Code
+
options {
\end_layout
\begin_layout Code
+
# sure other options here, too
\end_layout
\begin_layout Code
+
listen-on-v6 { any; };
\end_layout
\begin_layout Code
+
};
\end_layout
@@ -14357,48 +15542,59 @@ Nach einem Neustart (des Dienstes) sollte z.B.
\end_layout
\begin_layout Code
+
# netstat -lnptu |grep "named
\backslash
W*$"
\end_layout
\begin_layout Code
+
tcp 0 0 :::53 :::* LISTEN 1234/named
\end_layout
\begin_layout Code
+
¬ # incoming TCP requests
\end_layout
\begin_layout Code
+
udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named
\end_layout
\begin_layout Code
+
¬ # incoming UDP requests to IPv4 1.2.3.4
\end_layout
\begin_layout Code
+
udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named
\end_layout
\begin_layout Code
+
¬ # incoming UDP requests to IPv4 localhost
\end_layout
\begin_layout Code
+
udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named
\end_layout
\begin_layout Code
+
¬ # dynamic chosen port for outgoing queries
\end_layout
\begin_layout Code
+
udp 0 0 :::53 :::* 1234/named
\end_layout
\begin_layout Code
+
¬ # incoming UDP request to any IPv6
\end_layout
@@ -14407,6 +15603,7 @@ Ein kleiner Test sieht wie folgt aus:
\end_layout
\begin_layout Code
+
# dig localhost @::1
\end_layout
@@ -14423,18 +15620,22 @@ Folgende Optionen müssen geändert werden, damit IPv6 deaktiviert wird:
\end_layout
\begin_layout Code
+
options {
\end_layout
\begin_layout Code
+
# sure other options here, too
\end_layout
\begin_layout Code
+
listen-on-v6 { none; };
\end_layout
\begin_layout Code
+
};
\end_layout
@@ -14449,54 +15650,67 @@ ACLs mit IPv6 Adressen sind realisierbar und sollten wann immer möglich
\end_layout
\begin_layout Code
+
acl internal-net {
\end_layout
\begin_layout Code
+
127.0.0.1;
\end_layout
\begin_layout Code
+
1.2.3.0/24;
\end_layout
\begin_layout Code
+
2001:0db8:100::/56;
\end_layout
\begin_layout Code
+
::1/128;
\end_layout
\begin_layout Code
+
::ffff:1.2.3.4/128;
\end_layout
\begin_layout Code
+
};
\end_layout
\begin_layout Code
+
acl ns-internal-net {
\end_layout
\begin_layout Code
+
1.2.3.4;
\end_layout
\begin_layout Code
+
1.2.3.5;
\end_layout
\begin_layout Code
+
2001:0db8:100::4/128;
\end_layout
\begin_layout Code
+
2001:0db8:100::5/128;
\end_layout
\begin_layout Code
+
};
\end_layout
@@ -14508,26 +15722,32 @@ Diese ACLs können für Client-Anfragen und Zonentransfers zu Secondary Nameserv
\end_layout
\begin_layout Code
+
options {
\end_layout
\begin_layout Code
+
# sure other options here, too
\end_layout
\begin_layout Code
+
listen-on-v6 { none; };
\end_layout
\begin_layout Code
+
allow-query { internal-net; };
\end_layout
\begin_layout Code
+
allow-transfer { ns-internal-net; };
\end_layout
\begin_layout Code
+
};
\end_layout
@@ -14553,6 +15773,7 @@ Diese Option ist nicht verpflichtend, ev.
\end_layout
\begin_layout Code
+
query-source-v6 address port ;
\end_layout
@@ -14573,6 +15794,7 @@ Die Transfer source Adresse wird für ausgehende Zonentransfers verwendet:
\end_layout
\begin_layout Code
+
transfer-source-v6 [port port];
\end_layout
@@ -14585,6 +15807,7 @@ Die Notify source Adresse wird für ausgehende notify Mitteilungen verwendet:
\end_layout
\begin_layout Code
+
notify-source-v6 [port port];
\end_layout
@@ -14741,22 +15964,27 @@ Eine IPv6 Verbindung kann durch Angabe eines dedizierten Server, der abgefragt
\end_layout
\begin_layout Code
+
$ host -t aaaa www.6bone.net 2001:0db8:200:f101::1
\end_layout
\begin_layout Code
+
Using domain server:
\end_layout
\begin_layout Code
+
Name: 2001:0db8:200:f101::1
\end_layout
\begin_layout Code
+
Address: 2001:0db8:200:f101::1#53
\end_layout
\begin_layout Code
+
Aliases:
\end_layout
@@ -14765,6 +15993,7 @@ Aliases:
\end_layout
\begin_layout Code
+
Host www.6bone.net.
not found: 5(REFUSED)
\end_layout
@@ -14774,14 +16003,17 @@ Ein entsprechender Log-Eintrag sieht wie folgt aus:
\end_layout
\begin_layout Code
+
Jan 3 12:43:32 gate named[12347]: client
\end_layout
\begin_layout Code
+
¬ 2001:0db8:200:f101:212:34ff:fe12:3456#32770:
\end_layout
\begin_layout Code
+
query denied
\end_layout
@@ -14800,22 +16032,27 @@ Eine erfolgreiche IPv6 Verbindung sieht wie folgt aus:
\end_layout
\begin_layout Code
+
$ host -t aaaa www.6bone.net 2001:0db8:200:f101::1
\end_layout
\begin_layout Code
+
Using domain server:
\end_layout
\begin_layout Code
+
Name: 2001:0db8:200:f101::1
\end_layout
\begin_layout Code
+
Address: 2001:0db8:200:f101::1#53
\end_layout
\begin_layout Code
+
Aliases:
\end_layout
@@ -14824,12 +16061,14 @@ Aliases:
\end_layout
\begin_layout Code
+
www.6bone.net.
is an alias for 6bone.net.
\end_layout
\begin_layout Code
+
6bone.net.
has AAAA address 3ffe:b00:c18:1::10
\end_layout
@@ -14874,42 +16113,52 @@ Wenn Sie nun einen "eingebauten" Service wie z.B.
\end_layout
\begin_layout Code
+
# diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime
\end_layout
\begin_layout Code
+
--- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001
\end_layout
\begin_layout Code
+
+++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001
\end_layout
\begin_layout Code
+
@@ -10,5 +10,5 @@
\end_layout
\begin_layout Code
+
protocol = tcp
\end_layout
\begin_layout Code
+
user = root
\end_layout
\begin_layout Code
+
wait = no
\end_layout
\begin_layout Code
+
- disable = yes
\end_layout
\begin_layout Code
+
+ disable = no
\end_layout
\begin_layout Code
+
}
\end_layout
@@ -14919,22 +16168,27 @@ dann sollten Sie nach einem Neustart des xinetd-Dienstes z.B.
\end_layout
\begin_layout Code
+
# netstat -lnptu -A inet6 |grep "xinetd*"
\end_layout
\begin_layout Code
+
tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6
\end_layout
\begin_layout Code
+
tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service
\end_layout
\begin_layout Code
+
¬ daytime/tcp
\end_layout
\begin_layout Code
+
tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6
\end_layout
@@ -14995,22 +16249,27 @@ Virtueller Host mit IPv6 Adresse
\end_layout
\begin_layout Code
+
Listen [2001:0db8:100::1]:80
\end_layout
\begin_layout Code
+
\end_layout
\begin_layout Code
+
ServerName ipv6only.yourdomain.yourtopleveldomain
\end_layout
\begin_layout Code
+
# ...sure more config lines
\end_layout
\begin_layout Code
+
\end_layout
@@ -15019,26 +16278,32 @@ Virtueller Host mit IPv4 und IPv6 Adresse
\end_layout
\begin_layout Code
+
Listen [2001:0db8:100::2]:80
\end_layout
\begin_layout Code
+
Listen 1.2.3.4:80
\end_layout
\begin_layout Code
+
\end_layout
\begin_layout Code
+
ServerName ipv6andipv4.yourdomain.yourtopleveldomain
\end_layout
\begin_layout Code
+
# ...sure more config lines
\end_layout
\begin_layout Code
+
\end_layout
@@ -15047,20 +16312,24 @@ Das Ergebnis sollten nach einen Neustart des Dienstes etwa Folgendes sein:
\end_layout
\begin_layout Code
+
# netstat -lnptu |grep "httpd2
\backslash
W*$"
\end_layout
\begin_layout Code
+
tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2
\end_layout
\begin_layout Code
+
tcp 0 0 2001:0db8:100::1:80 :::* LISTEN 12345/httpd2
\end_layout
\begin_layout Code
+
tcp 0 0 2001:0db8:100::2:80 :::* LISTEN 12345/httpd2
\end_layout
@@ -15167,42 +16436,52 @@ Die Konfigurationsdatei des radvd ist normalerweise die Datei /etc/radvd.conf.
\end_layout
\begin_layout Code
+
interface eth0 {
\end_layout
\begin_layout Code
+
AdvSendAdvert on;
\end_layout
\begin_layout Code
+
MinRtrAdvInterval 3;
\end_layout
\begin_layout Code
+
MaxRtrAdvInterval 10;
\end_layout
\begin_layout Code
+
prefix 2001:0db8:0100:f101::/64 {
\end_layout
\begin_layout Code
+
AdvOnLink on;
\end_layout
\begin_layout Code
+
AdvAutonomous on;
\end_layout
\begin_layout Code
+
AdvRouterAddr on;
\end_layout
\begin_layout Code
+
};
\end_layout
\begin_layout Code
+
};
\end_layout
@@ -15211,23 +16490,28 @@ Als Ergebnis auf der Client-Seite ergibt sich hieraus:
\end_layout
\begin_layout Code
+
# ip -6 addr show eth0
\end_layout
\begin_layout Code
+
3: eth0: mtu 1500 qdisc pfifo_fast qlen 100
\end_layout
\begin_layout Code
+
inet6 2001:0db8:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic
\end_layout
\begin_layout Code
+
valid_lft 2591992sec preferred_lft 604792sec
\end_layout
\begin_layout Code
+
inet6 fe80::2e0:12ff:fe34:1234/10 scope link
\end_layout
@@ -15254,54 +16538,67 @@ Seit der Version 0.6.2pl3 wird die automatische (Neu)-Erstellung des Präfixes
\end_layout
\begin_layout Code
+
interface eth0 {
\end_layout
\begin_layout Code
+
AdvSendAdvert on;
\end_layout
\begin_layout Code
+
MinRtrAdvInterval 3;
\end_layout
\begin_layout Code
+
MaxRtrAdvInterval 10;
\end_layout
\begin_layout Code
+
prefix 0:0:0:f101::/64 {
\end_layout
\begin_layout Code
+
AdvOnLink off;
\end_layout
\begin_layout Code
+
AdvAutonomous on;
\end_layout
\begin_layout Code
+
AdvRouterAddr on;
\end_layout
\begin_layout Code
+
Base6to4Interface ppp0;
\end_layout
\begin_layout Code
+
AdvPreferredLifetime 20;
\end_layout
\begin_layout Code
+
AdvValidLifetime 30;
\end_layout
\begin_layout Code
+
};
\end_layout
\begin_layout Code
+
};
\end_layout
@@ -15311,23 +16608,28 @@ Das Ergebnis auf Clientseite ist (unter der Annahme, dass ppp0 die lokale
\end_layout
\begin_layout Code
+
# /sbin/ip -6 addr show eth0
\end_layout
\begin_layout Code
+
3: eth0: mtu 1500 qdisc pfifo_fast qlen 100
\end_layout
\begin_layout Code
+
inet6 2002:0102:0304:f101:2e0:12ff:fe34:1234/64 scope global dynamic
\end_layout
\begin_layout Code
+
valid_lft 22sec preferred_lft 12sec
\end_layout
\begin_layout Code
+
inet6 fe80::2e0:12ff:fe34:1234/10 scope link
\end_layout
@@ -15346,6 +16648,7 @@ Achtung: wenn keine spezielle 6to4-Unterstützung der initscripts benutzt
\end_layout
\begin_layout Code
+
# /sbin/ip -6 route add 2002:0102:0304:f101::/64 dev eth0 metric 1
\end_layout
@@ -15375,86 +16678,107 @@ radvdump
\end_layout
\begin_layout Code
+
# radvdump
\end_layout
\begin_layout Code
+
Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255)
\end_layout
\begin_layout Code
+
AdvCurHopLimit: 64
\end_layout
\begin_layout Code
+
AdvManagedFlag: off
\end_layout
\begin_layout Code
+
AdvOtherConfigFlag: off
\end_layout
\begin_layout Code
+
AdvHomeAgentFlag: off
\end_layout
\begin_layout Code
+
AdvReachableTime: 0
\end_layout
\begin_layout Code
+
AdvRetransTimer: 0
\end_layout
\begin_layout Code
+
Prefix 2002:0102:0304:f101::/64
\end_layout
\begin_layout Code
+
AdvValidLifetime: 30
\end_layout
\begin_layout Code
+
AdvPreferredLifetime: 20
\end_layout
\begin_layout Code
+
AdvOnLink: off
\end_layout
\begin_layout Code
+
AdvAutonomous: on
\end_layout
\begin_layout Code
+
AdvRouterAddr: on
\end_layout
\begin_layout Code
+
Prefix 2001:0db8:100:f101::/64
\end_layout
\begin_layout Code
+
AdvValidLifetime: 2592000
\end_layout
\begin_layout Code
+
AdvPreferredLifetime: 604800
\end_layout
\begin_layout Code
+
AdvOnLink: on
\end_layout
\begin_layout Code
+
AdvAutonomous: on
\end_layout
\begin_layout Code
+
AdvRouterAddr: on
\end_layout
\begin_layout Code
+
AdvSourceLLAddress: 00 80 12 34 56 78
\end_layout
@@ -15520,54 +16844,67 @@ Die Konfigurationsdatei des dhcp6s ist normalerweise /etc/dhcp6s.conf.
\end_layout
\begin_layout Code
+
interface eth0 {
\end_layout
\begin_layout Code
+
server-preference 255;
\end_layout
\begin_layout Code
+
renew-time 60;
\end_layout
\begin_layout Code
+
rebind-time 90;
\end_layout
\begin_layout Code
+
prefer-life-time 130;
\end_layout
\begin_layout Code
+
valid-life-time 200;
\end_layout
\begin_layout Code
+
allow rapid-commit;
\end_layout
\begin_layout Code
+
option dns_servers 2001:db8:0:f101::1 sub.domain.example;
\end_layout
\begin_layout Code
+
link AAA {
\end_layout
\begin_layout Code
+
range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64;
\end_layout
\begin_layout Code
+
prefix 2001:db8:0:f101::/64;
\end_layout
\begin_layout Code
+
};
\end_layout
\begin_layout Code
+
};
\end_layout
@@ -15591,18 +16928,22 @@ Die Konfigurationsdatei von dhcp6c ist normalerweise /etc/dhcp6c.conf.
\end_layout
\begin_layout Code
+
interface eth0 {
\end_layout
\begin_layout Code
+
send rapid-commit;
\end_layout
\begin_layout Code
+
request domain-name-servers;
\end_layout
\begin_layout Code
+
};
\end_layout
@@ -15626,6 +16967,7 @@ Starten des Servers, z.B.
\end_layout
\begin_layout Code
+
# service dhcp6s start
\end_layout
@@ -15643,10 +16985,12 @@ Starten des Clients im Vordergrund, z.B.
\end_layout
\begin_layout Code
+
# dhcp6c -f eth0
\end_layout
\begin_layout Code
+
...
\end_layout
@@ -15670,6 +17014,7 @@ Der Server hat einen Vordergrund und zwei Debug-Schalter (von denen beide
\end_layout
\begin_layout Code
+
# dhcp6c -d -D -f eth0
\end_layout
@@ -15687,6 +17032,7 @@ Mit einem IPv6 Ping an die DHCP Multicast-Adresse kann getestet werden,
\end_layout
\begin_layout Code
+
# ping6 -I eth0 ff02::1:2
\end_layout
@@ -15697,47 +17043,58 @@ Der Client hat einen Vordergrund und zwei Debug-Schalter, hier ein Beispiel:
\end_layout
\begin_layout Code
+
# dhcp6c -d -f eth0
\end_layout
\begin_layout Code
+
Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776
\end_layout
\begin_layout Code
+
Oct/03/2005 17:18:16 doesn't support sit0 address family 0
\end_layout
\begin_layout Code
+
Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error
\end_layout
\begin_layout Code
+
Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error
\end_layout
\begin_layout Code
+
Oct/03/2005 17:18:17 status code for this address is: success
\end_layout
\begin_layout Code
+
Oct/03/2005 17:18:17 status code: success
\end_layout
\begin_layout Code
+
Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error
\end_layout
\begin_layout Code
+
Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error
\end_layout
\begin_layout Code
+
Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len is
not in any RAs prefix length using 64 bit instead
\end_layout
\begin_layout Code
+
Oct/03/2005 17:18:17 renew time 60, rebind time 9
\end_layout
@@ -15804,26 +17161,32 @@ Erstellen einer eigenen Konfigurationsdatei /etc/dhcp/dhcpd6.conf für den
\end_layout
\begin_layout Code
+
default-lease-time 600;
\end_layout
\begin_layout Code
+
max-lease-time 7200;
\end_layout
\begin_layout Code
+
log-facility local7;
\end_layout
\begin_layout Code
+
subnet6 2001:db8:0:1::/64 {
\end_layout
\begin_layout Code
+
# Range for clients
\end_layout
\begin_layout Code
+
range6 2001:db8:0:1::129 2001:db8:0:1::254;
\end_layout
@@ -15832,10 +17195,12 @@ subnet6 2001:db8:0:1::/64 {
\end_layout
\begin_layout Code
+
# Range for clients requesting a temporary address
\end_layout
\begin_layout Code
+
range6 2001:db8:0:1::/64 temporary;
\end_layout
@@ -15844,14 +17209,17 @@ subnet6 2001:db8:0:1::/64 {
\end_layout
\begin_layout Code
+
# Additional options
\end_layout
\begin_layout Code
+
option dhcp6.name-servers fec0:0:0:1::1;
\end_layout
\begin_layout Code
+
option dhcp6.domain-search "domain.example";
\end_layout
@@ -15860,10 +17228,12 @@ subnet6 2001:db8:0:1::/64 {
\end_layout
\begin_layout Code
+
# Prefix range for delegation to sub-routers
\end_layout
\begin_layout Code
+
prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56;
\end_layout
@@ -15872,27 +17242,33 @@ subnet6 2001:db8:0:1::/64 {
\end_layout
\begin_layout Code
+
# Example for a fixed host address
\end_layout
\begin_layout Code
+
host specialclient {
\end_layout
\begin_layout Code
+
host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:
23:45;
\end_layout
\begin_layout Code
+
fixed-address6 2001:db8:0:1::127;
\end_layout
\begin_layout Code
+
}
\end_layout
\begin_layout Code
+
}
\end_layout
@@ -15931,6 +17307,7 @@ dhcp6c
\end_layout
\begin_layout Code
+
# hexdump -e '"%07.7_ax " 1/2 "%04x" " " 14/1 "%02x:" "
\backslash
n"' /var/lib/dhcpv6/dhcp6c_duid 0000000 000e 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01
@@ -15956,46 +17333,56 @@ Starte den Server im Vordergrund:
\end_layout
\begin_layout Code
+
# /usr/sbin/dhcpd -6 -d -cf /etc/dhcp/dhcpd6.conf eth1
\end_layout
\begin_layout Code
+
Internet Systems Consortium DHCP Server 4.1.0
\end_layout
\begin_layout Code
+
Copyright 2004-2008 Internet Systems Consortium.
\end_layout
\begin_layout Code
+
All rights reserved.
\end_layout
\begin_layout Code
+
For info, please visit http://www.isc.org/sw/dhcp/
\end_layout
\begin_layout Code
+
Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not
specified in the config file
\end_layout
\begin_layout Code
+
Wrote 0 leases to leases file.
\end_layout
\begin_layout Code
+
Bound to *:547
\end_layout
\begin_layout Code
+
Listening on Socket/5/eth1/2001:db8:0:1::/64
\end_layout
\begin_layout Code
+
Sending on Socket/5/eth1/2001:db8:0:1::/64
\end_layout
@@ -16038,50 +17425,62 @@ Erstellen der Konfigurationsdatei /etc/dibbler/server.conf .
\end_layout
\begin_layout Code
+
log-level 8
\end_layout
\begin_layout Code
+
log-mode short
\end_layout
\begin_layout Code
+
preference 0
\end_layout
\begin_layout Code
+
iface "eth1" {
\end_layout
\begin_layout Code
+
prefered-lifetime 3600
\end_layout
\begin_layout Code
+
valid-lifetime 7200
\end_layout
\begin_layout Code
+
class {
\end_layout
\begin_layout Code
+
pool 2001:db8:0:1::/64
\end_layout
\begin_layout Code
+
}
\end_layout
\begin_layout Code
+
option dns-server fec0:0:0:1::1
\end_layout
\begin_layout Code
+
option domain domain.example
\end_layout
\begin_layout Code
+
}
\end_layout
@@ -16104,124 +17503,148 @@ Start Server im Vorgergrund:
\end_layout
\begin_layout Code
+
# dibbler-server run
\end_layout
\begin_layout Code
+
| Dibbler - a portable DHCPv6, version 0.7.3 (SERVER, Linux port)
\end_layout
\begin_layout Code
+
| Authors : Tomasz Mrugalski,Marek Senderski
\end_layout
\begin_layout Code
+
| Licence : GNU GPL v2 only.
Developed at Gdansk University of Technology.
\end_layout
\begin_layout Code
+
| Homepage: http://klub.com.pl/dhcpv6/
\end_layout
\begin_layout Code
+
2009.05.28 10:18:48 Server Notice My pid (1789) is stored in /var/lib/dibbler/s
erver.pid
\end_layout
\begin_layout Code
+
2009.05.28 10:18:48 Server Notice Detected iface eth0/3, MAC=54:52:00:01:23:45.
\end_layout
\begin_layout Code
+
2009.05.28 10:18:48 Server Notice Detected iface eth1/2, MAC=54:52:00:67:89:ab.
\end_layout
\begin_layout Code
+
2009.05.28 10:18:48 Server Notice Detected iface lo/1, MAC=00:00:00:00:00:00.
\end_layout
\begin_layout Code
+
2009.05.28 10:18:48 Server Debug Skipping database loading.
\end_layout
\begin_layout Code
+
2009.05.28 10:18:48 Server Debug Cache:server-cache.xml file: parsing started,
expecting 0 entries.
\end_layout
\begin_layout Code
+
2009.05.28 10:18:48 Server Notice Parsing /etc/dibbler/server.conf config
file...
\end_layout
\begin_layout Code
+
18:48 Server Debug Setting 0 generic option(s).
\end_layout
\begin_layout Code
+
18:48 Server Debug 0 per-client configurations (exceptions) added.
\end_layout
\begin_layout Code
+
18:48 Server Debug Parsing /etc/dibbler/server.conf done.
\end_layout
\begin_layout Code
+
18:48 Server Info 0 client class(es) defined.
\end_layout
\begin_layout Code
+
18:48 Server Debug 1 interface(s) specified in /etc/dibbler/server.conf
\end_layout
\begin_layout Code
+
18:48 Server Info Mapping allow, deny list to class 0:0 allow/deny
entries in total.
\end_layout
\begin_layout Code
+
18:48 Server Info Interface eth1/2 configuration has been loaded.
\end_layout
\begin_layout Code
+
18:48 Server Notice Running in stateful mode.
\end_layout
\begin_layout Code
+
18:48 Server Info My DUID is 00:01:00:01:11:aa:6d:a7:54:52:00:67:89:ab.
\end_layout
\begin_layout Code
+
18:48 Server Notice Creating multicast (ff02::1:2) socket on eth1/2 (eth1/2)
interface.
\end_layout
\begin_layout Code
+
18:48 Server Debug Cache: size set to 1048576 bytes, 1 cache entry size
is 87 bytes, so maximum 12052 address-client pair(s) may be cached.
\end_layout
\begin_layout Code
+
18:48 Server Notice Accepting connections.
Next event in 4294967295 second(s).
\end_layout
@@ -16286,6 +17709,7 @@ s.allow sowie /etc/hosts.deny.
\end_layout
\begin_layout Code
+
$ man hosts.allow
\end_layout
@@ -16300,11 +17724,13 @@ In dieser Datei wird ein Dienst pro Zeile eingetragen, der positiv gefiltert
\end_layout
\begin_layout Code
+
sshd: 1.2.3.
[2001:0db8:100:200::]/64
\end_layout
\begin_layout Code
+
daytime-stream: 1.2.3.
[2001:0db8:100:200::]/64
\end_layout
@@ -16325,6 +17751,7 @@ In dieser Datei werden alle Einträge negativ gefiltert.
\end_layout
\begin_layout Code
+
ALL: ALL
\end_layout
@@ -16336,10 +17763,12 @@ Sie können bei Bedarf obige Standardzeile auch durch Folgende ersetzen,
\end_layout
\begin_layout Code
+
ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`"
\end_layout
\begin_layout Code
+
| tee -a /var/log/tcp.deny.log | mail root@localhost)
\end_layout
@@ -16362,18 +17791,22 @@ Das Logging einer abgelehnten IPv4-Verbindung zu einem durch den xinetd
\end_layout
\begin_layout Code
+
Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap
\end_layout
\begin_layout Code
+
¬ from=::ffff:1.2.3.4
\end_layout
\begin_layout Code
+
Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap
\end_layout
\begin_layout Code
+
from=2001:0db8:100:200::212:34ff:fe12:3456
\end_layout
@@ -16384,22 +17817,27 @@ Das Logging einer abgelehnten IPv4-Verbindung zu einem durch den xinetd
\end_layout
\begin_layout Code
+
Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4
\end_layout
\begin_layout Code
+
¬ (::ffff:1.2.3.4)
\end_layout
\begin_layout Code
+
Jan 2 20:39:33 gate sshd[12345]: refused connect
\end_layout
\begin_layout Code
+
from 2001:0db8:100:200::212:34ff:fe12:3456
\end_layout
\begin_layout Code
+
¬ (2001:0db8:100:200::212:34ff:fe12:3456)
\end_layout
@@ -16413,18 +17851,22 @@ Das Logging einer akzeptierten IPv4-Verbindung zu einem durch den xinetd
\end_layout
\begin_layout Code
+
Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0
\end_layout
\begin_layout Code
+
¬ from=::ffff:1.2.3.4
\end_layout
\begin_layout Code
+
Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0
\end_layout
\begin_layout Code
+
from=2001:0db8:100:200::212:34ff:fe12:3456
\end_layout
@@ -16434,18 +17876,22 @@ Das Logging einer akzeptierten IPv4-Verbindung zu einem auf zwei Ports hörenden
\end_layout
\begin_layout Code
+
Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4
\end_layout
\begin_layout Code
+
¬ port 33381 ssh2
\end_layout
\begin_layout Code
+
Jan 2 20:42:19 gate sshd[12345]: Accepted password for user
\end_layout
\begin_layout Code
+
from 2001:0db8:100:200::212:34ff:fe12:3456 port 33380 ssh2
\end_layout
@@ -16481,6 +17927,7 @@ listen
\end_layout
\begin_layout Code
+
listen_ipv6=yes
\end_layout
@@ -16515,22 +17962,27 @@ Editiere die Konfigurationsdatei, üblicherweise /etc/proftpd.conf, allerdings
\end_layout
\begin_layout Code
+
\end_layout
\begin_layout Code
+
...
\end_layout
\begin_layout Code
+
Bind 2001:0DB8::1
\end_layout
\begin_layout Code
+
...
\end_layout
\begin_layout Code
+
\end_layout
diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.pdf
index 10c6fb448ab7bcda0ff94e9c7c0be82cc6296544..07eff8508b1a8af867d40a3d9aabef9c1bbebfdd 100644
GIT binary patch
delta 186838
zcmZs?1yGzpvjrO5-Q8hv*Wm8%?(Xi3LvV*6!QCxr2+rc}!6jI5*GKaI_tkrKZ*|qy
z)|u*WdU|@!oZa3{-646tCaGs;0OQUunTDiI(P2OUI*4h=O1q^rr^%+l*^4ICn@>1a
ze)mSZ!&S$osAEEXcoGl*A9kgTJQXxfC^>WMcy^ycOoGRNr&UcNrG3y#W_@u0XuJ@q
zQK~XPR?82>M2YX=M297JO;e)3Qk(M}+;QDZ?ER3y3&
z@X(P1YhExU_$*aR(2yca(Ai`V&C^r~FEJPanuz68gAGQw(Q4EStW?RntYlPKE~wr+
zMtBkx=4M5-3-Y$;vKUC_5dF#xDu^#ECRMoDo%>po`;fkc*;GPmpx
z15r^}2;@V0$l+?T`b7DP0+vxzZ;Se!VonZhx}8iBrc_JJRJ8|nPIGL;AS|A)9ei*g
zEQY8JQb{;kY{+z&Ndt#q*mmG7DSCskQF)y5GO}w-W~Y{z6Iz)*1S}JJZ+ApzvmbQ4
zItvU34y{*9!~yw!V-qIZO-tkf+l}|Mz9d6<#DTR-AoPSq>O)%J>4mhlHBeF~Zdn(+|@B>we9AhJ3#E
z^n7;NQUk(X53gq83u2gHM3x?gLeDccN7#=ZYrP3Yhs5ykZaJM2T%8S|Mqz`=G4ect
zE*2Te(mvt4Pf5oyV!dyT`*F?jRd#;+S0vNXj8f*VNp+f>j7&4+3(TAW40UyXkbUQ>
z!r+GxglqZ{_?pjT>UjeVE~*NF_3>8=b}x9^6SQ96@$zFs>Ua4jG!MJM2~>pV2rcRy
zr=voNC96AG_A3L~VT5ixE!Z=O`S&Ae=$^d%a@$XyMi-k1Hp3miFbw4^L|k8Q`R~@Y
zcWHg^keWiAQi37d_3)XirGKk$$}TljUtzNRdh<)1Mez^S)eIv~SvFxCFzjlo(UMT`
zPw!Y>xX^QIjbtw?eD;5|ldo>jp(3jxf+Ib(F^$Yv0YTpZ
zuOd{r3H@4&_FCO->5ZrNt9FlkGDafDUR5|sxJ^+BUr-MW4z3D8hh}H1byJAoHIE*I
z%Qr!TazPnWJ(h?(8z2%jn50oXLKIFf76oqeoMw-d7Vmh`oE+i=pvEU}x((R*bC!Cc
z(Njj>qEXBJt(hiIi(88+qEC5=3zdu=7+KtpDc7r$)_lA{lu~$n=X7pzLV9j~a#JZ1
zEe`2-CfvEJg&2Cji#O+iOb|byj=b!Umz@msl$VWOPGiNWfA~gE_}0S1ejiI&lf3IH
zT7UfUiFHF1Q}1ZT9|&RVOFT~xtdgHS_CJ%D6Ekk4C`FOei?*<
zc0T1Z>*H~8ONF%Udi#RJhwDLO$0g03rT!ZNMO
ziF7o)^o<>Xv{A^d!salI7a6TMMdEq@>u3bM>zO{Y&2`A%b__;M{uWh(pDLef^%9pN
zf31tb$M^+$O*4K;x&?p9ZDsHVg)2AYnliyA3&xq@
z!UaVO%+1hqT9ZT#-+ZONoAF6%Z}K9A&DWN}Xa1|PikOS)R)mqi)rBj)=O)fxgELE-iKv2lTG8PO-3MXW(s4AE
zrDHxt|4i1j5akV}mxW`bVs4(!DoVvzy_^^YB2YkJ>%yBoSSs{cM&n3orwKOp`6^b1
zI^(4%Q0E*Z#G+5~8s?jinD2%y$#WTcPZ82fNYgTWF@7YD;nx`wkNMm*|84r
zknkcHSso5#f~W>A$Wn3FbId+P#ec1zZb5A?K=cV3mBfN6qnU_BG7ZbfiYbbWz#iV&tmmK~#kr!$m@-)wuFlzrpLdP%@Fwtk
zh}rlpkR#Nx2w{dt8l{l`q#)UZ6DqReeM{Npbp~YU*MoxDKxMMqygvPDeQsA3M&62K
z3z4muQ9c(r;8PKyzcG{VF7z!1uzK9mN&>grlkx1JrqblI3h}5Iy^z%~sRp;(frazD
z{KNM!OZ@y=(Q#K7`m_^VJC-Gc*|8z&S@bAVX^Y#(w{|XWG>(DvLK!=j)U`57IXTir
z)HkwSK5iZg97z}gXnB>Y{){nzbeA+7pXw}tX2a0Qu+nCACR3I6QiC_A=s+Ngia=#f
z)YL*(xmE+ZM|&OiB`p5$OblcN;6R>5N?o9#{LGKH@!~(GcfWIaoKvd&G3+k64sMwe
zveDv?Tu#}4lM#;&!y*SY`CuUESD0=H*G^c59+MY$j@DX2`bth3l|TkzIlaKUEHGr-DKAakslKol_O2&;{|RxmfRZ
zbAK@UxA4nb>{o7|M{vnp2xh|a_zuf5j5fTCx6q3c_}8hCbF5+CbqmkoaqPhg?#zoX+NW7nZ+WGsEgoaqJoD9<
z5GRv5cFHUk&JuAfdPX|tss+BDtz}4oN@-8AWtroZ2|_7+nK_C6=zL3XCHm@OeE3~p
zjD(m4E!5?^-!EqfKd~|E_FLc{q1kSkSQ&6NnQ0KH;>w4XB&vPxn)kpDKaC1xMA<&55#p+sNqxknR3)v0q!0$|?n~KNf
zH|>d5JwhS`>@Hr8jMTkGV${z|%@4#+D$3dRS
z9qsc9vj>CBsZe8tD*2;wtCvgn4E_}$Y1dgCJBh8Fbpb1|QJticR8>v$thPiYG2Ia>
zkws8h5yKcNi&|+8q&8POtD$2$7#N(W13`>U*^Ty#~^JcK75zwA${fs%hj4k3mVIF4c$-{uk*`Ca#Is5hq
zmQEEFs6v`b!m(mnHA0~R5Vm5uXDYCKXj+Eav#*-T2x@N&8@AD>pH{cEXy_45mrDm9
z$dTOv|KY|Udu(hFv}wYQ6XIMhJ_!6yII5xIWuqmbLv*MS%%~VPr^AHCWp@(^Yt#}`
z1u{vk?&}-Z78Hei%3=43U~F$dCzE2@=Sw0#-X73EkYl6yu6xw~rA~9yV@6xY+5Vis
zoi0utM5f8h$RIl!l@=1M#;9k^T&7tWBA-Ls+h;uKN|Pjt>DFU73&*kCNUL_Y@rDFb;-hl21wshoj=>JsFP0!2jF2Ml2MuHxc67b*`rN
z*5{h7cG9tLN{!ir#j9>C^UYrPnb|kM=W9wb#MNu7|ab
z{>vjO#d=4L90dw%rwV}VnpIiYo++#G@9gmW4E`ra)i)>9?w?txWzK=0&PNp%p7Gh!
zrX|)G)?9zo`hO1FS5)s!_?kM;8!_E+e6%~gDH{ua=sSs={%bMh_c&!(f~TGDl2>uvm>N3Yq#ut~A=HOt*KSHlGjU`6wpm+>Dj?UZS)
z1k{P#$dgiojDQ75T)r?M)a&I@Kx<0Lbix(x(P@oQbN@o+y}N5gbp+ENx2%?cmaAL0
zC&qaV;RrpF4(aZUxq}39*mFnA4*o!*bdPYKPJhoRx+aN2Nq16ys9N4wSB%sLqb0eY
zcMHL@f6Co^`ESmZvMd(_4u$gq#iL9IBDUXkM|j1i_C1WWrh}P)5k3Yr#4jID<8E$s
zOCYMLJIHh<`8FpLF2L55oh{qFnQ`&Fb+Q^McGa!|hTAa3QxVW|<44_RuK<|^Tne+(
zCU!iRItslHz)FAaZL{`{`J}jgH{aR%Td$pT!a%L)ay_PBV?a;4_%Z0S$@bDEUs1}H
zEhh|E!1bT5z5*d2h*F{oEnD7xeSA#U-cZwEb7P&~U`c8arO5(=>kz=8fZA;|YBKkZ
zqWUdSw4PZEwp-99JIx6tbOAD!7xXMi0(}Gr>oxxPdnIFKFc3FEUu2Wyb!&z=V1R1P
z^w)C@{TD|Vy4`TX!)hHQyM(p#Ab4Bxz~qIRehVF&x|ZH3RsIZuoA1V-rh;e!A+oW60cF)w#Q~
zXX$_HSNJvBauciG6P|4(sPaa|L76;?qZBE499;TlgEV1QrOB7(A0B5-VdY=fhuSnDYkqF$g&X
zZN_SS`HFH$$rg_ku)bM0WaeLmO}0EZT)uoL()m%kkg*J#pABpX$nrYyP_Dn4EBU>F*)&`2%T!W$#MAX~+o@R6Nq
zXH9ojZBJqv3;FZ_f`Z_g#-+YO>pMg3o6LamB@qh1%AhwdNFVolpER_0CCV&&DIZP2
zFjUf!$!v%aNFhd%5KZNFSC~du^UTE{eyK-++37D$lT_@gT9SeuVh;jb7?HDk=5+k6t?Re}7B{vGMZAcU3SEJsP;kDA?r0Ru6d-R4v7^;*TD
zclF8jH9hyyNHiYTQzd$q2P>O+%FHN_{`y9OL;yE)Ukgz-U`1C
z6o|Wi2&_n{C3Oq+TA!ctn8YEJuU|E~AM;*c0QM>eUGx|oH7?2kw?4t<8od0mhKeb(
z$$pXz-VO?z9prEvync3_^CmsFkkPzZYzw}C4L3hA;u7Wc
zT(u870fls4ZJ2BH!o5fE_S@8r!i}pdufyjnX-nSOfapuDlw`C%<9f*5jg}WDthzl4
z09aw)<7Op|@Z+I*!?T}yLPI+Ms3rprE2Q*nVd!)o82_uW!uvXZ`tUG6@Rrh(U!l=XKFu`5tkvz2OEqPtFAm9Hs@-#gf
z3hV6B&%OWnyRn&=lcv(S?Azvd$X{gQXTvY^LvkQ-O!QQDq+QJDsnRS09GacBC(pU^afhhIj3N&
zu?>Zf48Nz@*IA(}*S6zGg?liR;7A%HFx@^;0KA2xxtqJIg^9!8cTT3Z@NDdCENNh1
z7%58PZ(zI`+all?O(qhE5a8@w873oO7)>G4Nw9wcg+z)2RmR&
zE2kB@f>-c9CQKKeQkWxAykS9Ly(bhSS~=QGN`q@+d}(Txro}EtIX)9CJCb@$!>X?3
zu4J;LGHyl^U=oYm2mM4K;r?KkIvve~%jn*2mNPw*xE-!CDBZU#E{RQ@n8Ddc*8MunF^xFmvR~HY1j||DV?NJ1ddFSmNfYa8+8mO2!XXEHHfeV6frbF+DI|MN)D&n
zFPn-ix0GBukVq-LsEa0kRgYLu3RwlKsB@T1mx5HC-VmoU4o_hBXJ*yQTEqT_lv0f~XA&+X4v|G0>K-qJ)eZL%`yO3s!6#6yh>)>fe46
z*78N!dBRtX;TYH|99qGeOt*`!J5U6|{_06L%Xy3~CSX!w01KavHW?m|j#(V;3$X1I
z!zjoGu((H#C8@Uqx|nE-CPS>9mF-rfReZy#i-sBu5lG6%)1Mfz1FU(JQR}?O0ct}&
z90knXhoWk!sstT{m?ALE%sh#usNk1{3!>wD!FgnMJ3wJr72Yc(?A&Y_T90Z*c;%Br
z(RKpyo10T@*yx5m6mHY2!1E(DR{WTmu|ab(Ntm6aFKiMOP3c2WHY72dfop!|UGB58
zM8yw9l^GgpUq);N>nwM=bo4diQm-y0DJdrKqf>UgJF11Wb`EdcP+>ecoiY|eH<&hN
zwu_-9TYv*VVC&9$(eCcZQRgrUMX?{OWb~zi!2}&^ZPt{=b-h>jZ-){dKEF4{TElfW
zi3h7Wl-t6Z1Cq)EtxL;=MXg;6HHEsh$fO$qN~IPapt5*!hga_f_nfch6tfj4x**9N
z$c`9rH$sTKK%(Jxdv5EY<8U+LSu+%T%wDm&59EGm{~TC8I`gty*e)5$aPY@x!O%Y|
z@TD!w$Wijb3$>hWUb7A-hCYnWaI(}vuO)lEpU6x7w}!y;vZ9lt<*kNF1DTpmjRhU~
zhNbRQ@A6x8wEohy4Lc#{x2pFiD%!wai0Kj?!pRJh%8!RU$KVDQCabqjzGrT1vF4a8
z08@AFD{W{E&RN=XwI&{`yW7wyTv&3ATIS^Pw}*|Y>{z=WIP_ZnkTUSaTBKbenK-(S
zHz<+w_6GnL3>By73-&T#esmpWKP_T(N0x{&3vSPJ*_7hs32w^vh6d`I9H31dSBex?
z9b{hAteDCl>o%!&PL(LPH!C|a-g2S*!DGF?S_kk$JNXoDSIFa#3@nOKX#|-Zf
zCR#oI7_LUs?yQLoCqlxOSZu$cAQ())N)n!Bo$=dcOmPNLyyWxPz~EHa(Y=^PyFSmv
z7iTy3RR*RZZSqZWKN#i#Yt;aqXyAsEn(p57H;3~*7Z!-=(mA4w(cChZ<-k-#V6osR0)%P&~WoSP}U^%lP0@ijxCht
zM!%c}oBB5shNNhQl?;jEXlSf}>EHCHS|5!@9lL9bhl>^0>Yd6b4kcEObb+r1X|7!U
z8nhgv_gcr;yPkRLc)@WXNmB~12sL|aE<}QKBuUTMQ`{BSMl!oI0=H{AArZp=4!qN0wpC;P)JF}#}fVpO!o#rUy?8=
zXe1S5b8vZCf&Y-NN$eC>l9RDHc)aYcmV4u%uSsr^r>Ul5O(x6r_B>qt1pi_RP2!}m
zlU$6g#?xVMv^1XpW&H!VV(oEPSQ;CIT#z*agNgNHUF$QB&7IEXnsqPiWOlqHfloFa>>m
zzp{)5BoRU$+W(=>F-!3lRFs44nYekxIIwx?_R_g?zMHVTH+RAxE=I*AJYsSNobJEz
zLD=@X33&Ltvot9kX~FZrU=uLRBsq&P6x2Q+W)k=_?#k;W;N|m&ua`(Vch{tBD3Rrb
zwNx6+W9X*n3lWgyJ^rCHjZB-K$TJXM$`1msw}2?X*PCf0kFdL|_5EFBoANdGch}Dz~{^kpXDR-JgkHzoEr4rm$)Ih1t
z$e$E}$eTq-{-sk)va=QBfCN{>I=PY8hlj5}6M#}L{H#yKm$;NB?&
z(NEN@I@ADm<*2hT(VT(x3w)?N#^Pd(=`wRI@FyG5vMc-r3U?8m3)hE>tObwpB9QMd}XR(7QF@vSWoB1YIYVU0zYRTDEOGYB%2d6XgaEtGXw!5U)
zQw}NUiy}O{2?s0FcnL2Y9z7#X7zXx<9tKUbi887(vqU7qGFdiJ(q0p3HUYqBO*bv8
ziXsaUjy_KeP}a7{-vY8O1dB#Va2`R0E^;YLhu-xO_WD%(7hsfr|l7jna
zQ`y>B!c_+^GSPn7dgq88;d02;7NEBp3snk4ag-wxYC<+zvZ-i`j%96sdds>2(-Wol
z(dKN{g|R&u!Yf)CYITV*f0``s5A&=eV>&X(eD^ssJ+#Sp&CHK
zLEM@M5#+2s_jLDr!5b~%`5Sai#4iEMs9V_K}
zrl_fZ{pY&}2{I0ekf1;B=U;)Z&l#7G`^+ToKAzq$7e~LJm7FlrBW}(vcAP!DuhNGi
zoBAhSBbm1ujm@z4EJhow%$eQBdm?{Fjl}-!giRn0?*}^Y@B`cYU?a=6m9`##U-Y9`
zJ>0)z9HKiElIOE-(_qC99xB`CYW*5(b^9QWcefWmG*Vj?Ebw`33~D;9cnyann+Akj
z%8Qq)h5d=avFjynt*JW0-nM|(-HDVjBy}C>cDl_pOgJf8QWXwrOl;KXiLkk4Js~36
z0wi&r7od{L9XSh>a(wDAJSMA=Fl>AF8a&v#aBz5!x-m1jTjO4Qo-+eTDiu5!UHe`M
zW110D8&)3b!^bU1PQ14vPNdm29zP-R5I(pg7#tzEqQ?-j6kKuuTi%g%?OPmGA#NVE
z@+>qw!w2ezc9Hyb3+Dt?=F9iZ9!U%|9aeL2#
z9fO!fDDT#rLC}wvXG~!l9Ea9#yn`V>I786b>(mQ7dNG~B)q;L}!~&l#bknr#JM4%T
zypC~qLk~InKhtHx=RlE1r!|pb*
z#cRswXRb5qoSc{)xs*-FST&YY!hVC_qth2)mg4{U6Z6VY#%sQj&+GcG7MA|yNxU8C>@3)}|+2!;*L)Z_S(opRxcjW<;iyq-AJr0=4}p~;8;QueV1@Y~Bf
zhQ=S~j7Vs_28pf*NRT{FdAplq@2aRel%9>EQ59CqTN-8*2A4lYMBM*nWn2Q)B7be=
z6XErxgs1(!yTEAUzoFnCu;aAC!|S9=#14$c=9D!+hW^GuOzjsXu)k#>O-0?p7d1GH
z99cfl%?4u;!(0E52Y$M@IjkfgCA)}f(~JR73<;`EC0i$j$mzlSs1UW_bn=Q=V$QV+
zh2aflt)x866vV3!^nGylODKrwzn!z%
zcJ_K-%eXj8I5znCKK#0}4cD~}e7ORy6!zS8eYttuJ}E=F-}O3r==}NX{blTV80BYp
zLDi}cVOT$|DORxY(zy`W;NkIQFk1E$Da&MS+!9ZRVeF2iM^XC>4h0Q22+5OzS<)@%
zfM>!bYuA1FD1MHp?6aa*#5$g*)LHy5qIPDGC(94qJ?PG)byV*8xPPwOK+xX*VW*(~
z7%}s$cg3)rfZ_3_YC?u@*ZgkDUuXp?W6*i;6tt4mL}4X`{ePII)c-c7czwcl9#@yW
z9nfG>3j>Z(;oSqy3ll2HNVDBDD1i2N#P
zaAs+knQG6OoF++(ei;h1zoy6dMr#+-;26#SgvlsbsuFEj=ES(kgi2{NUCCH@QstU9
zC1Yv%*l&a$+=n*#^rH2W%67@>IGWc4+?=0n9Y6d6u7L+H$4_
z{m#a#b>$MoiA07&xO^P#)o$k!+A0SK9c*y5^uGsQHF}U~kt!bRBo}R`Yc{pH>wkzx
zKX}&H-m|IZ29zmOLZN06F8tf6E(pUJ%9DZxtK8E8_J{Cbj(R72)dv;mEpltK<@Nyo
zvfNm*&a^N`=a)>mW&@)J0xQ=J`jk{I)Q=+%^*4GJMTR7>nmC*V3BT%B_X$y{hTu;K
z!L%PtcR&c@>k#dAtSt1!p{;5am=STv|1ZB(d?NH}c3n;pmvqx~HT-c->w^IGv4D>Q
zC=Vq}xxY)q*V$;uGYDiVdmY10F}@UnS{`|yRR&-~bcQJ`_vm(NCajsYw{G)g1pR{t5bCS#z%MKO+?OX1tbht)?!AXqZuF%N=|>kJ`jqy#X6S8
z?;<|KBl_z3WpsV8$&V0>O!!j?W4ipqssSzp?Rp(yY1HJjaA1dhy_x5Kx?$6
zen}@ME?cr#DYS9_cTrvN1v&E0xX$rWybS=pmTh{;Y??wdKnA|M&MHD4+#^lXrqa12
zk($j>i}*^3YpPz{r~eVUJ+6EBKfaRU=EyJ}0mEv#cNm9-;9}uS39h0|Irl_LQ4yjA
z4(h2m5w@ZQ{xs?xzU$>jj@(NOLK9B1_$-}6NC{1~&M3uBVt)l8q_!+*VF9-8e*tBvf?Pn$;Dy-o?
zM1r<3yCd%f7rRkr&I|yZD>BnyG3cwlsY(~2!Klb3Tc>(6J1-3khOg5k)5798kdX<-
zwjOM-z~yHvAD~QNbRxKwya=I9QwNMxZu&$RuvG0GZs4eK=`2$)eGaM>PovD(fyY^>
zg#ERYs!>s!TFxcwCecVP=Uk#`LAOVlc!wj1&7-Jy!LzrZ=?acE*%-rzSF=;R2TpL<
zExq6eMpfem#%W^*5M_&O8Bs}uWwqxyK((V{KZUwLVUK~i@)@E_5*ZV`EoY*v2
zOHZQ)zPzP0kp6-W3SK9>x}ZD@=OGQe>O^+-(*%AM)VGp+fHk>zDCS_K6C9dq%NJ58
zNDlf7CbFCb$YyHOxH<55^pfJGzTSuKTP2gYu;-R~NewfwMq^CKVmr>Gl5
zMkGIZ4ZBO;4xGEXpDzwKfR^yzdf69_5iomRw(x$b+6lJCo-qBo{(a`X8(&B4Nb>74
z{262CeCn*K4*9RV3mWK7pdK;w%L~y0Q)MKsHEPKddv?8x{ABf9^zOGp^2$6DgPc5M
zh-xl_i@fatokBa;E`~niQ>M}WbV(M@;GWoaAbZL6nF|~oPh#!hfnD(hyWNLw1
zVUnf#3;xlJ+*-ZSM^9*(1pL$-cq3%F>5hM}2RA~$-QsFMlW6((i664d81RW4NrzkJ
z7VImF#8t~EUoe{)A_HW^hgxHSYAg6H?M-W5=fe#(K=~U99K*Ed-&Dreq*|B7c01Yy
zu$mo6B0wE()udv$50NJyybc?SiyHfG=w465pw`Z&-a1K-j&`#IKY1VAPvP|
zX%;4$dMmEJ6N{?-G1DEnaVV)MoDJNG@|Eu0y>gUIXipd_3%J+^H!qV$rCqEl$CKZ=
zD-{Gs*^i6yiv@=V(SFDoGzh4=;x)$d7_uOa1kR(5R}K@@%vZ9HTOb{%Lwa!P@vfv5
z8uuibs6>#WoK=s`^0AelS4iH5r2!po1|Bktty$X%ar~)1As?5=U$+Qw&}aO|q-VX4ob%
z0wKVje^jATNY|ko#Ko9JfL_%+9PI#XCTS-cF1)nlWuY4EW98JP@+8*^Ig5$g`hPb2
z1VD$j0zoewi#A&(F6uloL@8L5&-E`~vAEIzV+mkhHg;WtJ*^f=aW#4(i;33AKSvhR
zAdF+~nv=vS;V|?Nw%QDKbedB-yx@X=i$C-kF#Sdl`pGm1EtMd~=ZjCs$H#}iLqh=A
zh5KC?a>2vvb?AiZGU{!-3gZT$j|~qB7w*?B5i%TH70GMB`PooJ#&3eHU!4HlcsIFb
z{!f999>y2;d!42e7*f>IbChPH9&OF8{7=s`mf1N1dW@YR|YOU
zeg5UmAK?Gs>;}_#=IwhqOZ3qX@^e3b>wGV}2mbs_$Q%sxdVhdZNo}56TAffr$rB1}
zo12=vLmuY#5_-RSJBi%X*P`Y#8xNPSbseM=*NQ2-CkY0ZWzBOsJPrg84r~_nxlO_P
zQ2;}q9-&>N+h5Du#G6;4jX#5LA7>tCkCd|Y(V&eX`~O=u^XP>H=bkNSA+d@~ORP3R
zAE_PR^)E1ym`%nl<{0q{u^rEqeb4d(SPNkw(+;ghtLa^oUIZ-y7E$fg?Qq%f{{)|m5{t;B#Ns0ek$Ca{0rnuEJ?KB?FBy1mVP!fpqQ%3xpRc5Sdy$s$ot0qHd)Wcf
zo@*nnN3~U!eDj8qrJCZ31l3(iPc*RO(`<|;=3Nxf%A
z!Gig5P?dv}@hN~dGK7g#EZ(<}e@Vs!xb~mw3MB;^>*NoE^X3C&wnCv4^fnE#zoLEA
z!rwE(0GW8r-*5&;nU`pnl#iNHb*Ho>)YZ}LeSLZ}abFkxex-|>RxtRc&hXjzaT`t!
zX0pR;z_%L5QFoIyiOa+o7i`Xy`=e4rY;}}AwH~rl56|8wF3zdtHkg?F<2YOjiXx!=
zQs{-aVS-ggccgkCH?dP4GgDnH@Zs{#cJz}DE|Sc**qLeAef9TTky`-jtv$bg`Wtt_
z+~A)RTKL>Y#NcnyQ`1r;iuul8GDmN?5z8q8s$ZVNn3R|U{oS%iCq*sGuQAPsUPQem
zz9cqorQMccU;Ogjsj}${m7rjmUycC=(I)C$KgE2Fr3yMzz@gIQK2?%t?eB)GPkFUC
zO0&Cs$}YprmSWA$9_sZCsq*RbtY2w8JD2QvVm`g)7KyC@yQXs3n3+0yXJ0l{msRNsf3W7t+u^(6
zozy#C8aHPwm>`LV93HaHl(dGW{J&F4LUG}Q^FB84e+V-kUar5r!ltpHQy6eAmJeOV
z3C5Emaz_iC&{IhGP-Q>P>$X^V86pQwFCkD7tMB{K(dDw&ThJt?MUrrW(ag9LHG{6t
zU!&J0$a-#iqm~;WE3Iv>7~=#;Mx2OquooT%3h5std-$oK;CV%Bo`eiq(>y
z5_MxGZP-ssRYj=JOIZ}j{^)K{UTlN1KCsWDyCAxhFz#`V0zq94vM!b#}O-s1lANtQv!MJDD;gt*1Oxs#QFn
zyi$*OxNjqXZ9~532+$yf*K}bfs1i+4ciQCgL8gXERZ&-3tP-?=lIo7sL<73f?ywzI
z17%>PT+Q7%7eEe95Ww?=C>#V=)doc=5we5!d8FDq6Na|X+nGsYPzB9RnF;|bLne(u
z-5|cwydXjbVY+f)tFfM3%C%ii-_(8DC_vm(Sv<+i)mU=@J(9j79M9@V(}ilmQA3N(
zql%1JH5et4p#?xsttF;R;;bWM^^>I&-woKBT!pH^=%P^=Psm}5y+4eFO--e#uPUbz
zm}5X+Q-K0$aFS)JNgKul!&EHXl8r~L#*Hv;p_nCU9Zv^Wnl6g=04bK);)x*wALU3c
z%gT&eW9s{5OHC-8Tecv(P^4B@6EO+!+p&)zZBfCy2)h%`i51qeF4+>2Ov~7|+XXny
zYWfY%4dsy(Lw@8{%{wLrHq(|;_0)2aBkjZK-nu#yaz}bSjQgON`XHO8_6yQ2
zH%(;r^S#m;Qpus(WR(7ugiIvxnBV}e&zk|zb~Y~HcYxe_cCo&@Ui4YNO=toA{j~e>
z0225P1Q+dfD-{toy^;Tnjtd_oy+8^#aneXS@Bd}^bqNo=`YrO)=SP}K!}^|5>h6Q?
zFh3+NI6RD5E?7_o&W9NKt0vGAZLhMbX`h3}<>Lg{Zra`#Kjhj&EAaCC;3rjHN_yu(
zHdBZ;c(QecnDBxBJTS(l??DUvuk6YEq}sJ;i%vECI%oPRBmfNbdCP!nWN40{Gs<4lW>LNR;VgI40Vfl3G2!pu!6T1qNyU=764Rs2
zlF5Hm%EH1XiS;EDNV`hPQecVu-}^QS${pTWzT4#Uy8kjr>sy0y?Z)th*OgJol7JKZ
zOsjg!waB14YrXOCF2dd8b<;`bSoYkt7IU4U|9$_&%6g0zvyxHQfR&cj?+lD)oe?C5
zH`u+!@N~QDLIF6PrPUqpF&G#*xB^~>MIM)Drvfztk>p>E2&TuY6S8E6_wf^ZeAq7$dqcCi
zH1o*+bB)9-QN)0D&~T86>N4V91IO5tjj8@~!;n%NJ&i#7Nb<2!04f|&Gn1fz^#5JC
zc)9E$Z^InUerV>e)ypX!5AD~4%k%xsArcjDTS=c4Xo^!hU>3?^Kx)JNRp2a`
z!dEZ?bPg6HPy#`tK!WgcMINvJ2unn$fz7B)&
zq1Ue!Qa<%@tdxs6^r?iP{T1guTmyWr@T+KvO1^e6XeoL>?05gi3l}~tb_)hgMBZH@
z8l_R?izVSt{D13R+=a9SBkJ4;0t!2o7NEL2p#!Cc13g__+p`mO@PABPU79{c%y-VOwa)_v5gxQK9`W-J`i
zhX(8kEuqRYY8zSMJYu0~z0=0r(CM%_GaWYD)`yg-%Du&VjNt5SCKfD|z~#7J*wCmu
zPT(Y@fWg}G*vT9e2IYqW|NC_e<|niON()L+%JC1@$gEG}fEEi~$F2S{owZcPNN%Ds
zszQP^!+wDDZquh|OT_~DKm^J3D_gq_>~4tY?d^%=EY*K}Vqtt4r^)Z(W{lbC&ra2F
zWLdm-2}%RY+*J$xqTVu4|Bu0f7XoFsciY>=!`mIP`}+3N&M48@88E=r>0K-M#Ou97
zh&Kn~{cZcGNU$&E_L*-wAt6t&>*sl1$$r!MIq>Omy*1%yM{OL(Q0W(ai}~H+0^sWz
zgt9Qp=v8>_xfJRl3M6ga8~?N^L-|<0aFxkYvx@?!8J;E((wdV36l)EgoivWh-iS9C
zYa2n9^1m&`cnH%rK4Sd;WA<(;4oq|eYy_@sd*+~##1t|bF~x`+L|(jqfGOyI+e%^+
znU&aNL=F-!fh*UZJ?JlhBgPb=kJygu%DQI?8cdA&3#3e(-~qpr{(Nn`Ez3WfA1Z>(
zU?Bd|+47*kGtUkE{pD=f*gF5dPmPeXP5K5Dj0DYQ!fuNg0o}=}t+#^SwDenyBI*!5
z_%^@|!@0|-%jdR#J*;y_(jIW#@}(v_T@-NhBwe0pHD3ZA*xYWD>GF9R7tzAg%-AR8
zmfHW}7YI85l^tl`lH}7jf%;KS9|ba^<%0R;&9pDLjTIOFbm${~
zuU#RU5X|urO?m?wdrItgvzN}tRu1F4kN{V4v2aBoj5|6tjY
zB87iZ1&0T#Ur_}(Ru@ZHH>sptScO2-hhARCuHzyix&BEQ)uEHN$;4WrHf5ne{?82B
zboq!_uMWhOA*hQ7IZI~W%^(HeC3m=sm=}vP$Y8)QAXqqf|B0)(WH%Tv)|4b9nv_#d
z6fm}be+`(>Ge{t6MGDw7Dj2>q@sLnOr|N;-a$-(AV_MA4uh@oJ(!msga5DKU{B-VD
zj#nwYO^ZLz&XxFZH91N6jW-pbGP^&7uDUhEn}}EhS=(PO^2EY{Ni2!bf>;EzfDEB@
z!+{8&YOYNfWh)d)72L+%34Jl%PZunUr-`J#RuAM**8AoV>`T*hkp`-@;Mudkw|Egz
zpV;Z4qV+ci)5BYGHLmIJBWM<6=n~yAu|cIjj~A6`zKt#y<@&0F&(yWrG*L@VvQK^g|yp~4*U9>*zd3l%7Mn+*FSakf0(~M
z7>m>D5%T4z(qWgzqpDQ~WG-sf^!7Io^MQ}wp{!W2&**=F%kqE>k-ln+hL-aYQMTK)
zR%4klmmwpT_bzhmJ%izE`|Ittif{tl|Xj8Mx#pe4|Q2Ag8
zYTEb=K03mn{Gqx8xuI7~aG)Tx+Q*eKzr_Nr265J)Cp5}i2p6OhE&Y`MQQULd*n)+V
zCst&tft(h57H}Azqbe>0fhM8+gdN-+3P~SI+iQYo$u7-HjR!}*ny&!>QUDx6MM{Y{
zwDIJTkj;X4CC5SO?P~J4U&7q%C8JE8JYs|&U(k7i|2mdJt|mg+&~a!3qLXVVYIuP~bMH2TPBeqjvYqY?_dym-1hnt0rwi}}q=Y_Ogq)b9QG
zaQs}xEp$pcK57Sl9S-!V8DY1I!^5zweHf@F%fROD*H}gFsD>XLI*P`{5vl2G?6kV*v^?Sv?ADacHz%l_lY%1vj)@!@fgnJ
zKbNW0*!Ga+XfFwfv&uJ~I>p8>`pOhJY9Oc*LR(Twk(<$JY0+8O<@
z@?b3FaqHw2Gh7ZlT4Cm95<&L>Q0{+=*86)6yL#`)gLG;)Cjhu0fZw|Vgm=abZt>ol
zH*5GIJ+2AcBx$M6?_(#uT7>HbtrpUc>&;dizq3Rwb#jJHBO(7if^xlpgy&xjrO*nd
zEwA$)UNO^x(e_9(4w2xacx}+btlFL6HqmBIxZ=xPMFeDkJmREk(7S^NFu=pb$1l)t
zf5=b{ebN;;dZW>hGcoeLnzd~O5$ApF|6%JZ!0HH^Y;kwjAb}9vEx3o^Zoz{)1ec2j
zf(Lh(;O-vW-8}??JHg=%^6%UCcJF-O1!j7>tGl|IsZ*zGB(b2JEo}FAa3Tg}*R0;{KP>n9Tn*vWiJ7|Y&vSA4
zYK+{J%-8X^u6Imc+}_qP9<_6(l&13{<}Wts3VfSwi(R`JUOgOx5n`$TOji3DD)<ZW_RqF}50xM69sX?f4gW}f%gHKX9lk`=!2Nt?`A5@R
z_k