IPv6 Pi

Posted on by

Just moved to a RSP (ISP) that provides rDNS for IPv6 addresses so I thought I would play around with a IPv6 only Raspberry Pi.

The Pi4 boots from a 500Gb USB SSD. The image was copied with the Pi imager tool with custom settings for the local wifi and SSH enabled.

The aim was a Pi running a HTTPS server and a SSH server.

After the first boot and connection via wired IPv4 the network is configured using the text user interface of NetworkManager.

sudo nmtui

First a manually assigned static IPv6 address, gateway and DNS server.

Then a reboot and then a SSH connection to the statically assigned IPv6 address.

Now we use nmtui again to disable the wired IPv4 address, deactivate the Pi imager preconfigured Wi-Fi profile and then it’s subsequent deletion.

Reboot once again.

nmtui is also used to set the host name.

Next the system is update as required.

sudo apt update && sudo apt upgrade -y

Next the apache2 webserver is installed.

sudo apt install apache2 -y

This gives us http. For https we will use Let’s Encrypt certificates via the Certbot tool.

Certbot will be installed using Snapcraft.

sudo apt install snapd

Followed by a reboot.

Then
sudo snap install core

Ensure the distro version of Certbot is not installed.

sudo apt-get remove certbot

Then install the new one…

sudo snap install --classic certbot

And finally…

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Now lets get a certificate for use with apache.

sudo certbot --apache

Disable the http config.

sudo a2dissite 000-default.conf

And restart the webserver.

sudo systemctl reload apache2

Next, install fail2ban.

sudo apt install fail2ban

We need to edit a few files to get fail2ban working.

sudo nano /etc/fail2ban/fail2ban.d/ipv6.conf

Enter and save the following…


[DEFAULT]
allowipv6 = auto

sudo nano /etc/fail2ban/jail.d/defaults-debian.conf

Enter…

[sshd]
enabled = true
backend = systemd

sudo systemctl enable fail2ban

sudo systemctl start fail2ban

And check the log…

cat /var/log/fail2ban.log

Posted in Pi

Networking Pi

Posted on by 
$ cat /etc/debian_version
12.5
$ nmcli con sho
NAME UUID TYPE DEVICE
Wired connection 1 d9f338e0-4b03-3577-90d4-76968372a617 ethernet eth0
Wi-Fi connection 5 17761da0-3919-442b-b736-ec640e4ac950 wifi wlan0
lo 3b78d5c1-8cf0-41e6-aef1-2d1d6d7230e2 loopback lo
Wi-Fi connection 2.4 b117bade-51b4-4c95-bde9-7cc44605ca3c wifi —

Times

Posted on by

Before 7am Start

-0:45 Wake Up/Dress/Breakfast/Pack
-1:15 Leave

At/After 7am Start

-0:45 Wake Up/Dress/Breakfast/Pack
-1:30 Leave

After 12pm Start

-1:00 Wake Up / Shower
-0:45 Lunch/Eat
-0:30 Dress/Pack
-1:30 Leave
-0:00 Start

Bedtimes

8Hrs before wakeup
16Hrs after last wakeup

Apache Log

Posted on by

Checking the apache log on a DS920+ NAS.

william@DiskStation:/volume1/@appdata/Apache2.4/log$ pwd
/volume1/@appdata/Apache2.4/log
william@DiskStation:/volume1/@appdata/Apache2.4/log$

X-Trail Radio

Posted on by

“With the key turned to ACC or on, and the radio off, press (6) and the (Tune Seek ▼) together. This toggles the clock display on and off.

Then, to set the time, press the (Audio) for more than 3 seconds. The time will flash. Press the (1) to advance the hours and (2) to advance the minutes. Press (Audio) again once you have the correct time and the clock will be set.”

Persistant iptables

Posted on by

For debian 10…

apt install iptables-persistent
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 87.121.72.216 -j ACCEPT
iptables -P INPUT DROP
dpkg-reconfigure iptables-persistent