PXE boot a virtual machine with NAT connection to the host

If you have a notebook and you want to quickly deploy new virtual machines for testing, PXE boot is your friend. On notebooks people are usally not using a bridged network but NAT instead. The DHCP server on the host that is managed by Libvirt needs to configured with the TFTP server and the boot file. On my “mobile lab”, I’ve installed a virtual machine with a Redhat Satellite 5 where the other VMs get its content from. PXE boot ….Read More

Setting up a 6in4 tunnel with Fedora

Why using IPv6 Tunnels anyway? Today, most Internet access providers are IPv6 enabled. However, unfortunately the majority of them do not provide a static /64 prefix, you will get it dynamically assigned. Some providers can assign you a static prefix for a surcharge. That’s useless if you want to ensure end-to-end connectivity with your Gadgets at home. Choosing a tunnel provider Since 2004 I had my own IPv6 prefix from SixXS. Pretty sad that they are shutting down its services ….Read More

Using Unbound for recursive DNS lookup

Some organizations decide to use its internal authoritative DNS servers as recursive DNS because of easiness and reverse lookup of internal RFC 1918 networks works out of the box. That should be avoided for (at least) two reasons: Cache poisoning can cause security nightmares Authoritative answers are never cached and can cause a high load on the DNS servers. Cache poisoning is a problem that can lead to severe problems, as more and more information is stored in DNS. Examples: ….Read More

Disabling NetworkManager on Servers and Workstations

Why not using NetworkManager in some cases NetworkManager is a great tool for managing connectivity on Notebooks and other mobile devices, On server or desktop machines with a complex network setup such as a combination of bonding, bridging and VLAN its probably not the best choice, at least I was not able to configure it that way. This was some time ago (approx 1y), meanwhile it may have changed. Removing NetworkManager Unfortunately on a desktop system its impossible to get ….Read More

Configure SSSD to work on IPv6-only Hosts

SSSD is used for the client side of IPA and other centralized Identity Management Services. Unfortunately it does not behave as it should. The default is to look up first IPv4 addresses and if that fails IPv6 should be used. Well, if IPv4 fails, the whole request fails and you got weird error messages when joining an IPA domain. As the pool for IPv4 addresses is depleted, IPv6 is getting more and more important. Thus, IPv6-only hosts are on the ….Read More