Archive for the ‘computers’ Category

Feb 4

Last year I wrote how to create and configure an IPv6 over IPv4 tunnel with Hurricane Electric.
Now I’m gonna write how to configure a Linux host with two NICs as an IPv6 router using an HE tunnel when behind a NAT-router.
The examples here are referred to a Debian 6 Linux distribution and may be sligthly different for other distros or *BSD OSs.

Let’s suppose your current IPv4 network is a classical with a netmask ( /16 in short ), and that your IPv4 NAT-router is located at
The first thing you need to do is to configure one of the interfaces of your IPv6 router, let’s say eth0, with a fixed IPv4 address in the same subnet of your router, like
Then you have to make sure that your NAT-router forward protocol 41 to your IPv6 router. If this is not the case, you can simply put you IPv6 router in the DMZ. Be careful when you do that! Be sure to apply strong IPv4 firewall policies and keep the daemons listening to that interface at the minimum, maybe on non-standard ports.
After configuring the IPv6 router default IPv4 route ( to your NAT-router of course ), test if you can reach an address outside the local subnet, like ( Google Domain Name Server ).
You’ll also like to assign an IPv4 address to the other network interface, for instance eth1, to allow some daemons to listen to an IPv4 local address ( like sshd or named for IPv4 ).

Debian and other Debian-related distros usually store the network configuration inside the /etc/network/interfaces file.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static

auto eth1
iface eth1 inet static

In the tunnel configuration page on the HE’s website you can find the routable /64 subnet. Mind the difference between the tunnel IPv6 addresses, that usually are something like 2001:1234:5678:abc::1 and 2001:1234:5678:abc::2, and your routable IPv6 subnet that will be something like 2001:1234:5679:abc::.
The IPv6 address of eth1 is static ( this is a router after all ) and  must belong to your routable subnet. You can choose of using a simple address, like 2001:1234:5679:abc::1, or, if you’re a bit paranoic, you can randomize it to something like 2001:1234:5679:abc:5f32:9b8c:d12e:15fa.
Because your routable subnet is not gonna change unless you destroy your HE’s tunnel and create a new one, you can configure the eth1 IPv6 address as static and put the configuration inside /etc/network/interfaces, by adding the following lines:

iface eth1 inet6 static
   pre-up /sbin/ip6tables-restore < /etc/iptables/ipv6firewall
   address 2001:1234:5679:abc:5f32:9b8c:d12e:15fa
   netmask 64

The second line is needed to enable the ip6tables firewall.

The configuration for ip6tables is based on a more or less ‘standard’ requirement: all the hosts behind the router have unlimited access to the internet on every protocol or port while they’re not reachable from the rest of world with the exception of some ICMPv6 messages.
Just to avoid some types of DOS attack, I’ve decided to limit the amount of ICMPv6 echo requests the router ( and the network behind ) is gonna receive.
The content of the /etc/iptables/ipv6firewall file is the following:

# Generated by ip6tables-save
:INPUT DROP [23:2392]
:OUTPUT ACCEPT [30:2888]
-A INPUT -i lo -j ACCEPT
-A INPUT -i sit1 -p ipv6-icmp --icmpv6-type echo-request -m limit --limit 5/sec -j ACCEPT
-A INPUT -i sit1 -p ipv6-icmp --icmpv6-type echo-request -j DROP
-A INPUT -i sit1 -p ipv6-icmp -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i sit1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o sit1 -j ACCEPT
-A FORWARD -i sit1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i sit1 -p ipv6-icmp --icmpv6-type echo-request -m limit --limit 5/sec -j ACCEPT
-A FORWARD -i sit1 -p ipv6-icmp --icmpv6-type echo-request -j DROP
-A FORWARD -i sit1 -p ipv6-icmp -j ACCEPT

Then you need to enable IPv6 forwarding at boot time by putting the following file ( you can name it as you want, as long as it ends with .conf; I’ve called it ipv6_forwarding.conf ) inside the /etc/sysctl.d/ directory:

# /etc/sysctl.d/ipv6_forwarding.conf

net.ipv6.conf.all.forwarding = 1

The next thing to configure is the router advertisement daemon, that can be installed ( as root ) using the command:

# apt-get install radvd

The configuration file is /etc/radvd.conf and should be similar to this one:

interface eth1
   AdvSendAdvert on;
   AdvManagedFlag on;
   MinRtrAdvInterval 5;
   MaxRtrAdvInterval 15;
   AdvLinkMTU 1280;
   prefix 2001:1234:5679:abc::/64

Some flags are required ( like ‘AdvLinkMTU’ set to 1280 ) for the tunnel to work, some are optional ( like ‘AdvManagedFlag’ ). Maybe next time I’ll wrote how to configure a DHCPv6 server. DHCPv6 is a little more complex than DHCPv4 also because it must be deployed side-to-side with router advertisement, but allows far greater flexibility than its IPv4 counterpart.
In the meantime, with IPv4-reachable nameservers answering with AAAA records, there’ll be no real need for IPv6-reachable nameservers on the short term ( that is, until IPv4 will be the mainstream protocol ).

The last part is to set up the tunnel using a shell script. Actually, two scripts are used. The first one contains only variables like the username, the tunnel ID and the password that should be passed via http on SSL to configure the firewall at Hurricane Electric and tell it our public IP.
The file I created is named and is stored inside /root with 0700 permission. The content is the following:



The other file is that contains the real commands needed to create the tunnel. I’ve decided to launch it manually ( must be executed as root ) but you can decide to launch it at boot time writing an init.d script or by simply using another ‘pre-up’ directive in /etc/network/interfaces. The content is the following:


. /root/

rm ipv4_end.php*
wget --no-check-certificate https://$USERNAME:$$TID

ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::123.45.678.90
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:1234:5678:abc::2/64
route -A inet6 add ::/0 dev sit1

The –no-check-certificate flag for wget is needed because of a little issue with an HE’s SSL certificate. Mind the prefix of the sit1 interface and the remote endpoint of the IPv4 tunnel.

After rebooting the IPv6 router, ip6tables and radvd should be already up and running. After launching the script the tunnel should be configured without issuing any other command.

To check if the hosts had received an IPv6 Link-Global address you can use:

$ ifconfig -a

under any UNIX, Unix-like or Linux operating system or

> ipconfig /all

under Windows ( any version after Windows XP SP0 ).

Then you can test if the hosts can reach the IPv6 internet using ping6 under any UNIX, Unix-like or Linux operating system ( excluding Oracle Solaris ) or using ping under Windows or Solaris.


Ott 3

Being a Microsoft Student Partner simply means I like most of Microsoft’s technologies and products because they work the way I expect them to work, my expectations based on a 17 years old experience with Microsoft’s products.

For instance, as far as other desktop OSs can arrive, nothing, in my opinion, beats Windows 7 nowadays.
MacOS X is a very good OS, but as long as it’ll run only on Apple hardware, I’ll never gonna use it.
GNU/Linux-based distros like Red Hat, Ubuntu, Fedora, OpenSUSE, Debian, etc. are today very good OSs, but there’s an overall lack of agreement between developers and, even worse, an incompatibility issue between licenses that lead to a “reinvention of wheel” time after time ( the Big example: ZFS and btrfs ).

So, while I usually like Microsoft products, sometimes I think that some little or big decisions have been made without thinking too much to a certain part of the users.

My first criticism was about Windows Phone 7, that is a really good mobile OS for the average user. But as long as I want to: sync my contacts with Outlook rather than Windows Live, join a domain, run native C++ applications and other things, Windows Phone 7 is not a choice for me. I’m still fine with Windows Mobile 6.x.

But MetroUI caught my attention when I first tried the developers’ preview of Windows 8 some days ago.
The concept behind MetroUI is the “unification of the user experience”, a marketing expression used instead of “users are getting more and more lazy and they don’t want to bother about what’s under the hood” ( meaning they don’t care what they’re using: a mobile phone, a desktop computer, an ATM or a washing machine ).
Many people think touchscreens were one of the biggest revolution in the late ’00s market. Probably they’re the same people whose jaw drops on the floor when I tell them my first experience with a touchscreen was in 1994, in a ship command bridge on a green phosphor CRT monitor used to manage the course ( Yeah, I actually steered a 200 yards-long ship ). By the way, they’re right if considering only the consumer market.
The idea of unifying the UI between “handy” devices ( mobile phones and tablets ) is hardly new and, most important thing, it works. After all, they’re similar and they’re expected to work in a similar way.
But, in my opinion, if the differences between a mobile phone and a tablet are like the differences between a car and a van, those between a tablet and a PC are more like those between a GA aircraft and an airliner.
They’re not similar, they’re not expected to be used in the same way. I don’t expect to find a manifold pressure gauge in the cockpit of a Boeing 737 ( or an ATR-42 or an Airbus A380 ) in the same way I don’t expect to find a FMS console in a Cessna 172 ( or in a Piper PA28 ).

Saying that I don’t like MetroUI would be wrong. I just think that MetroUI has no reason to be the default UI on a desktop OS. I also think that standard utilities should remain non-Metro applications. I find unacceptable that the remote desktop connection client is available only as a MetroUI application on a desktop machine, as I find wrong not giving the user the option to actually kill the application, even by some abstruse key combination, I don’t care, and not just suspending it.
For seventeen years I closed an application in Windows by clicking on the top left ( top right starting with Windows 95 ) corner button of the application window, or by pressing Alt + F4. In MetroUI I can’t quit application like this. I find it a bit ( well more than just a bit ) disappointing.

In the end, considering that there’s a lot of research behind the dvelopment of an operating system ( and Microsoft really care about what users think, or wouldn’t have released Windows 8 Developer Preview publicly ), what I’m starting to think is that average users are beginning to be afraid ( I could have used the word “tired”, but I didn’t ) of the keyboard as well as, following Windows 95, users started to be afraid of the command line.

What I’d really like, as a power user, as an enthusiast and as an experienced user, is a choice. As there are six versions of Windows 7, I’d like the Professional and Enterprise versions of Windows 8 use explorer as the default UI instead of MetroUI.
We will wait for the beta versions to see what will appens.


Last night I wanted to try something new on Mirage, my Sun Ultra 5. After changing the configuration of the SCSI disks, moving some drives between the two channels of the controller ( and changing the correspondingly devaliases in the NVRAM with several nvunalias / nvalias commands ), I thought about installing NetBSD-current ( currently 5.99.55 ).

This wiki list a serie of commands that would compile and install NetBSD-current assuming that a release of NetBSD is already running. So because I already had a NetBSD 5.1 running on Mirage, I thought of following the “short way”… only to find out that fetching the sources via anoncvs took nearly 4 hours. I’m not blaming anoncvs, because trying to fetch the tarball and extracting all the files took nearly 2 hours two days later.

Now, the most “interesting” thing is that the build script, before compiling the kernel and the userland, need to compile the compiler, because NetBSD 5.99 need GCC 4.5 compiled for the target architecture ( in this case, sparc64 ).
I was just thinking to stay with 5.1 ( losing some opportunity offered by current, like some ZFS support etc. ), when I tought about doing some test on a VM in VirtualBox. During the installation process I choose to get the sets ( a bunch of tgz files ) from http rather than from the CD. Looking at the options for the http install, I tought of doing something “nasty”:

using the 5.1 installer to install 5.99.

It’s longer to explain than actually doing it, but this is possible because on the nyftp http mirror ( ) inside the pub/NetBSD-daily/HEAD/ directory are stored the last five build of NetBSD-current. Inside each directory ( named after the date and time of build ), there are the directories for each architecture, containing the binary sets ( the bunch of tgz files ) that will be used from the installer.
So, after changing the options in the installer accordingly to what is needed, the installation can start and will end with only two minor problems.

The first one is that it’s not possible to set the root password, the second is that the rc_configured variable in /etc/rc.conf will not be changed by the setup program, resulting in a single user boot after reboot, with the root filesystem mounted in read-only.
But these are problems that even a NetBSD newbie know how to solve ( If someone is interested in something like NetBSD-current, then a basic knowledge of vi and of the standard UNIX commands, like mount or passwd is take for granted ).

Mirage is now running NetBSD-current with a LVM volume ( not as powerful as ZFS but require a lower overhead ) in the Sun StorEdge FlexiPack 599, and has been configured as a NFS ( Nightmare Network File System ) Server.


This article is a sort of “Post-it®”, a brief explanation of how to configure a network bridge with two NICs under CentOS 5.x / 6.x. After spending more than 10 minutes googling how to perform this task ( mainly reading about ( l ) users that didn’t have a clue about what a network bridge is or, worse, asking how to bridge n-thousand VM while performing routing having iptables misconfigured… ), I thought it was better to write everything down in “safe place”: what’s better than my blog?

So, this is how I have made the bridge on Nighthawk ( a double Pentium III – 800 MHz with a Gig of RAM and a pair of UWSCSI3 disks ), under CentOS 6.0.
The two NICs are both based on an Intel 82559 chip. The first one is integrated into the motherboard, while the second one is on a PCI slot.

OBVIOUSLY, a network bridge has ONE MAC address ( could be the same of one of the two NIC or could be a different one ) and ONE IP address, unless your playing with aliased interface over a bridge, but this is not the case.

The integrated NIC is eth0, the NIC on the PCI slot is eth1 while the network bridge is nbr0.

So, these are the configuration files:

# /etc/sysconfig/network-scripts/ifcfg-eth0

# /etc/sysconfig/network-scripts/ifcfg-eth1

# /etc/sysconfig/network-scripts/ifcfg-nbr0

The bridge takes its IP address via DHCP. If a static address is required, file ifcfg-nbr0 must be changed according to what is reported into the RHEL Deployment Guide.


Lug 27

I know, it’s been a long long time. I’m sorry, but I’ve actually got many things to do and I’m unable to find the time to turn the 3 / 4 draft I already wrote into “real” articles.
Probably you were expecting something on the end of the Shuttle era, the anniversary of the first landing on the moon, recent hauls… and you’re more or less right, just wait a little more.

This post is just a reminder that was set 17 years ago ( yes, in 1994 A.D. ), when Lightning ( Intel 486DX2 ) was pretty new and when I first “flew” using Microsoft’s Flight Simulator 5.0, Spectrum HoloByte’s Falcon 3.0 and – the reason this post exists – Origin’s Strike Commander, the CD edition that included the “Speek Pack”, the “Tactical Operations” expansion and, of course, the July 2011 issue of Sudden Death… yeah, the July 2011 issue in 1994.

Cover of Sudden Death - July 2011 issue


Mar 18

This is my first post about IPv6 and, as you can read in the title, is gonna be the first of a serie.

One thing that is driving me mad during these days is that on many sites, blogs, forums etc. there are a lot of explanations about how IPv6 works, but really few explanations on how to make it working.

So now I’m not gonna explain what IPv6 is, or how it works, because I’ll assume that the reader has at least a basic IPv6, IPv4 and UNIX / NetBSD understanding.
I’m gonna write down the steps I performed to get IPv6 connectivity ( assuming your ISP isn’t already giving you native IPv6 connectivity, otherwise you can stop reading now ) using a D-Link DSL-2640B aDSL modem-router with a standard firmware ( support IPv4 only ) and a NetBSD/i386 5.1 based router ( any computer with two NICs ).
I currently have no firewall on the DSL-2640 and no services / daemons running on the NetBSD router.

In this first post I will illustrate how to get IPv6 connectivity via a tunnel broker. There are many free services availables. I choose Hurricane Electric ( HE from now on ) just because a pair of friends already use it and told me that it works.

The tunnel created with an HE’s endpoint is static and request that you have a public pingable IPv4 address.
If you are behind a router that does NAT, like me, this could represent a problem, so I created this page to test if I can ping my public IPv4 address.
The solution I found was to move the NetBSD router to the DMZ, so when someone ping my public address, actually it sends ICMPv4 requests to my NetBSD router.

Creating a tunnel on the HE website is pretty simple, just look at the image below:

Create tunnel with HE

  1. Click;
  2. Insert your public pingable IPv4 address

HE tunnel details

Just remember, for this specific configuration, when configuring the tunnel interface on the router, not to use your public IPv4 address but to use the private address of your IPv4 gateway. So, to create a tunnel in NetBSD ( 4.x or 5.x ) type the following as root:

# ifconfig gif0 create
# ifconfig gif0 tunnel $Your_IPv4_gateway $Server_IPv4_address
# ifconfig gif0 inet6 $Client_IPv6_address $Server_IPv6_address prefixlen 128
# route -n add -inet6 default $Server_IPv6_address

The tunnel should be up and ready. Just try to send an ICMPv6 echo request to someone using ping6, like ( you have to create and configure /etc/resolv.conf first ).

If you succeed, congratulations! You’re now on the IPv6 internet and halfway in configuring the router!

In the next part I’m gonna explain how to enable routing, configure the router advertisement daemon and make the configuration permanent.


Feb 24

Let’s start saying I’m really not a space enthusiast, although in my opinion the exploration of space and other planets is the future of humanity, so it could be interesting to know something about astronomy, astrophysics and space technologies.

Back in 1994 Microsoft released Space Simulator. I’ve never used it but, as I’ve found on various sites and forums, seems that the space vehicles the user could fly were all fictional, and that atmospheric flight was not simulated.

NASA reported that budget for the last STS mission, STS-135 / Atlantis, has been approved. Anyway, that means 2011 will be the year in which the Space Shuttle fleet will be decommissioned, after the final flights for Discovery, Endeavour and Atlantis.

While looking for some Space Shuttle’s videos, I found some videos made with Orbiter, so I started searching some info about this program.

Orbiter ( current version as of writing is Orbiter 2010 ), is a space flight simulator released for the first time in 2000. It simulates both space and atmospheric flight, it’s modular, so a large number of plugins and add-ons already exists, and it’s very realistic.
It’s also free, and you can download it following the link on the official site.
Without AA at low resolutions runs even on tomcat ( a laptop with a Pentium 4 2.4 GHz and 1 GB of RAM ).

Atlantis in orbit with Canadarm ( in Orbiter 2010 )
Coming from more than 15 years of flight simulators doesn’t help very much during the first flights. It’s actually better to forget how to fly aircrafts and start to learn almost everything from scratch. Furthermore, Orbiter use the metrical system while in aviation, apart from Russia and some other former Soviet republics, the most used system is the US customary one, especially for distance ( nm ), speed ( kts ) and altitude ( ft ).

Let’s start saying that using orbiter is all but easy, so for the first flights, the Delta-glider is the best choice. This rocket-spacecraft is able to take off and land like an aircraft and has enough thrust not only to reach Earth orbit without using any booster, but also to change the orbit plane by several degrees ( something the OMS of an Orbiter can’t do ).
After learning how to get into orbit, change the orbit plane and period in order to synchronize it with that of another spacecraft / satellite / space station ( it takes some weeks… ) and last but not least, how to perform a correct re-entry manouver ( to land where you want, when you want, possibly without burning ), it is possible to do simulate other stuffs, like flying with the Space Shuttle to repair Hubble or simulating a transfer to another planet ( using time warp of course ) or to the moon, maybe with the Apollo add-on.

If you like new challenges and you don’t bother about learning a lot of things before even leaving the ground, I strongly recommend you to try Orbiter.

Atlantis departure ( in Orbiter 2010 )


The procedure I’m gonna explain is mainly a remainder to myself.

But first of all a little introduction.

Back in the good ol’ days of MS-DOS there were four types of soundcard:

  • AdLib Pro Audio Spectrum ( and compatible chips/cards )
  • Creative Sound Blaster 16 ( and compatible chips/cards )
  • Creative Sound Blaster Pro ( and compatible chips/cards, I own one * )
  • Windows Sound System ( and compatible chips/cards )

* An Oak Technology Mozart Sound System 16 bit, Sound Blaster Pro compatible.

The way to install the driver files for a Sound Blaster card under MS-DOS, although not really easy, was more or less standard.
Launching a setup ( the easy part ), followed by some tweaking of the autoexec.bat and config.sys files ( the complicated part ) and hopefully nothing more.
Under Windows, things became a little more complicated and with the begin of the PnP ( actually, that means PLUG and PRAY ) era, things got even more complicated.
The final user is unaware of this because, over the time, setup programs became “smarter” and got the job ( installing the drivers and configuring the operating system ) done well almost always. That simply means sometimes they fail.

Some days ago, I had to install a Creative Sound Blaster Live! 5.1 Digital into Eagle, my 2.66 GHz Pentium 4 HT. Eagle already has an integrated audio chip, which works, but is not powerful enough for some tasks and doesn’t support ASIO drivers very well.

Picture of a Creative Sound Blaster Live! 5.1 Digital sound card

The SB Live! 5.1 instead is built around the EMU10K1 audio processor that, ten years ago, was one of the most powerful audio processors on the market and was used also on semi-professional equipment, so the decision to put the SB Live! 5.1 into Eagle was rather straightforward.

I already had the drivers for the card, downloaded from the Creative website three or four years ago ( they are 8 years old now and, no, Creative didn’t released a new version since 2003, so these are still the same NT 5.x drivers ) and I have already installed it once upon a time, so I knew just one or two things about the setup…

As I wrote, just above, sometimes the drivers setup programs fail. Needless to say that this setup fails just at the beginning.
The setup downloaded from the Creative support website, LiveDrvUni-Pack_ENG.exe, usually fails to locate the SB Live! installed into the system and quit without doing anything.
Although is an executable, actually is a self expanding archive that can be opened, for example, using WinZip.
Inside the audio\drivers directory there are some files that should be the drivers needed to use the card with Windows NT 5.x.

But using the Windows wizard to install the drivers doesn’t work for me as the OS tells that drivers for the device can’t be located in the folder… in which they actually are.
So I launched ctzapxx.exe, and that seemed to work, but the system failed to reboot ( Windows XP hanged during shutdown ). At the next boot, no drivers were installed in the system.
The solution was to launch ctzapxx.exe and, when asked to reboot the system, power-off the system using the switch of the power supply. At the next boot, drivers were installed and working.


Dic 31

/* A truly complicated way to... do it :) */


int main( int argc, char* argv[] )
   int values[] =
      0, 25, 15, 0, 9,
      -89, 46, 23, 18, -87,
      57, 12, -4, 17, -82,
      18, -2, 1, 0, -16
   char c = ( 'N' + 'C' ) / 2;
   int i;
   for( i = 0; i < 20; i++ )
      c += values[ i ];
      printf( "%c", c );
   return 0;

/* Bye */

Ott 31

Recently I needed a *BSD machine to test a software I’m developing with two friends for an university research project.
My choice went for NetBSD of course ( latest version is 5.0.2, but the 5.1 is coming, anyway…).
But I can’t use Mirage, my UNIX (Oracle Solaris) server, for two reasons:

  • The only disk inside has Solaris on it and I don’t want to remove it, install NetBSD, then reinstall Solaris again;
  • I need two network cards and  Mirage has only one ( the Happy Meal ).

Because Raptor is powerful enough, I decided to virtualize NetBSD on VirtualBox, so I can have up to four network cards, as much RAM (and CPUs) as I wish, remote desktop, etc.

So, I created a virtual hard drive, then I created a virtual machine and tried to boot it… No way… Some strange errors at boot, during kernel loading…
Now, the NetBSD slogan is “Of course it runs NetBSD”, meaning it is able to runs on almost anything with a CPU and some RAM, including the toaster.
Being unable to run on one of the most used desktop virtualization software is unacceptable. It has to be my fault, I’m missing something.
Something critical for every OS I’ve used (and they’re many) is the / or the C: partition. The boot loader could be able to launch the kernel, but the kernel could not be able to find and mount the partition.

So, get my advice. When creating a virtual machine for NetBSD, add a SCSI controller to handle the virtual disk instead of using the classical IDE interface or the newer AHCI interface.