Category Archives: Linux

How to setup dual-stack IPv4 IPv6 Azure VM without a load-balancer

I wanted to document my Microsoft Azure saga in getting a public IPv6 address to work in a virtual machine without a load balancer in front of it. My needs were pretty simple and straightforward I wanted a virtual server that had a static IPv4 and IPv6 public addresses so that I can monitor my home network and other websites.

You would think this would be pretty easy, a few clicks and done? That wasn’t my experience on Azure and setting this up isn’t easy nor straightforward. Below is how to get it done, if this helps you – you can buy me a coffee or beer.

Continue reading

Linux IPv6 command cheatsheet

This post is intended to be a quick note to self on linux IPv6 commands, for quick reference when needed.

 

 

# Find the route decision for a given address.
ip route get 2a00:1450:4001:820::200e

ip -6 route
route -A inet6 (apt-get install net-tools) # equivalent to netstat -rn -A inet6
netstat -A inet6 -rn
netstat -r
ip -6 route show table 51820
ip -6 neigh
ip -6 neigh show proxy

# DHCPv6 release / renew
dhclient -6 -r ens18
dhclient -6 ens18

# Flush IPv6 neighbors cache
ip -family inet6 neigh flush any

# Find the route decision for a given address.
ip route get 2a00:1450:4001:820::200e

# Request a router advertisement (apt-get install -y ndisc6)
rdisc6 eth0

# Perform a Neighbor Solicitation (arp IPv4 equivalent) (apt-get install -y ndisc6)
ndisc6 2001:db8::42 eth0

# ping multicast address to have all link-local hosts to respond.
ping ff02::1%eth0

Good articles about IPv6:

Troubleshooting tools:

Bonus section ‘ufw’ firewall

Check status of firewall and enable or disable.
# ufw status
# ufw enable
# ufw disable

View firewall rules and number to delete a specific rule.
# ufw status verbose
# ufw status numbered

Delete a firewall rule (from number of last cmd)
# ufw delete 12

Rules needed to allow IPv6 routing via wireguard to endpoint (no iptables forwarding would be needed on IPv6 as the other peer carries the public IP – they also should implement a firewall before using the below command!)
# ufw route allow in on eth0 out on wghub to 2602:xxx:730b:xxx:cafe::12

IPv4 firewall and routing rule to open Plex Media Server port 32400 and internal IPv4 space of wireguard peer.
# ufw allow in on eth0 out on wghub to 10.100.100.11 port 32400
# ufw route allow in on eth0 out on wghub to 10.100.100.11 port 32400

Add rule and get logs for matches of that rule:
# ufw allow log proto any from any to 192.168.1.x

View logs:
# tail -f /var/log/ufw.log

Extra bonus iptables NAT forwarding

On VPS (public endpoint) forward IPv4 traffic on tcp/32400 to wireguard peer. (recall IPv6 doesn’t need a rule)
# iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 32400 -j DNAT –to 10.100.100.11:32400

Test your port forwards

For IPv6 I use:
http://www.ipv6scanner.com/cgi-bin/main.py

For IPv4:
https://www.yougetsignal.com/tools/open-ports/

Fix ZFSonLinux pool auto expanding

If you’re having issues with zfsonlinux and your pool not expanding after replacing your hard drives with larger ones then here is a trick to fix it. Continue reading

Fix zfs-mount.service failing after reboot on Proxmox

In my new homelab migration to Proxmox I came across a bug that will prevent you from being able to mount all your ZFS mount points and be a pain in the ass even more if you host containers in that folder.
Continue reading

LXC allow non-root users to bind to port 80 (couchpotato example)

A follow-up to my last post dealing with unprivileged port access on linux containers.

This time, I have a couchpotato container that I want to change its default port from 5050 to port 80, so that it is as simple as http://mycouch/ to access from the local network.
Continue reading

Allow non-root processes to bind to privileged (ports <1024) on linux

As I work on my homelab migration from FreeNAS into Linux containers, I need to move my freebsd jails to LXC.

In *nix any usage of well-known ports (aka 1024 or less) requires special privileges or a kernel setting. In FreeBSD a simple sysctl net.inet.ip.portrange.reservedhigh =1 was enough to allow the BSD jail to use any port on the jail.

On LXC, I had to figure out how to do the same thing and its quite different. My environment is a debian stretch LXC container but should work on other linux versions.

# apt-get install libcap2-bin
# setcap 'cap_net_bind_service=+ep' /usr/bin/transmission-daemon

In the example above, the binary /usr/bin/transmission-daemon is now able to open any port, or port 80 http in my case all while running a service as a non-root user.

Hopefully these helps folks out there, the answer took some digging but I already had an idea on what was needed thanks to my FreeBSD experience in zones 🙂

Install proxmox on a partition instead of a full-disk

By default, installing Proxmox with ZFS during the installation process will force you to use the entire disk for the root zpool. For most installs this is good enough. However, I like to do things differently sometimes.

I have a pair of Samsung 840 Pro 256GB SSDs that I wanted to use for my new homelab that I am currently building (moving from vmware to proxmox). You may be wondering why I want to install the operating system on a partition instead of an entire disk. Several reasons:
Continue reading

Xenserver 7.1 a good contender to replace esxi

I have been a big fan and user of vmware ESXi for years, I started playing with it since circa 2008. The bare metal hypervisor and its easy to use GUI on Windows makes virtualization management extremely easy.

However in the past couple of years the free version of esxi has moved to HTML5 web management, and in the latest ESXi version the Windows client (vSphere client) requires you to pay for a license a run a central vcenter server/vm in order to manage via GUI (non-web).

Continue reading

Troubleshooting networking issues after fresh install of proxmox VE 4.4

Writing a quick troubleshooting guide and informative post to address an issue I came across when installing Proxmox VE 4.4 on two of my machines.

On servers with more than two network interfaces Debian/Proxmox renames all interfaces and does not properly detect eth0 as the on-board ethernet as many other linux flavors. This may cause a mild headache if you just installed Proxmox with static IP addresses using the installer and upon reboot you can’t access any network resources. Continue reading

How to flash Seagate firmware onto HP enterprise MB2000EAMZF drives

In my previous post I talked about how HP locks down their hard drives (made by Seagate) with custom firmware that is exclusive to HP and with the huge caveat that if you do not have an HP storage controller the software update package provided by HP won’t work for you at all.

I spent the past 48 hours researching and trying different things. I unpacked the official HP firmware and tried to find the binary/firmware dump from within the .scexe file provided by HP on their website to no avail.  I even contacted HP for help and they would not be willing to help if the drives were not connected to HP hardware.

After some research I discovered that the HP MB2000EAMZF 2TB drive I had was almost exactly the same (part number) as the official Seagate ST32000644NS  drive after failing to be able to flash HPs firmware using HP’s bootable Firmware Update 8.3 (injecting the .scexe files inside this live CD) – I decided I really had nothing to lose but try the method I will explain below.
Continue reading