IPv6 solution for blocked PirateBay

Dutch ISPs Xs4all and Ziggo have been court ordered to block access to The Pirate Bay. I don't know how the blocking will be done (based on DNS lookups or IPv4 address), but I think there might be an easy way around this block: just use http://thepiratebay.org.ipv6.sixxs.org/ , which is an IPv6-ed, proxyfied access to TPB. You need to have IPv6 access to be able to access this URL. Luckily, Xs4all provides IPv6 to its customers.

So: problem solved?

C:\>nslookup thepiratebay.org.ipv6.sixxs.org

Server:  router.home

Address:  192.168.1.254

Non-authoritative answer:

Name:    ipv6.nginx.sixxs.net

Addresses:  2001:838:2:1::30:67

          2001:838:2:1:2a0:24ff:feab:3b53

          2001:960:800::2

          2001:1af8:4050::2

          2620:0:6b0:a:250:56ff:fe99:78f7

Aliases:  thepiratebay.org.ipv6.sixxs.org

C:\>

Update: See http://ipv6-or-no-ipv6.blogspot.nl/2012/06/blocked-piratebay-and-ipv6.html on this blog for other solutions for a blocked TPB

Dutch ISP Telfort conducting IPv6 pre-pilot based on 6RD

The Dutch ISP Telfort (www.telfort.nl) has started a IPv6 pre-pilot based on 6RD. 6RD stands for "IPv6 Rapid Deployment", and is an adapted 6to4 tunnel technology: in 6RD, the tunnel end point is defined, and is owned by the tunnel provider or ISP. This results in a more predictable and thus reliable IPv6 tunnel service. 6RD is used by the French ISP "Free", and others. More details on http://en.wikipedia.org/wiki/IPv6_rapid_deployment

Telfort offers the IPv6 service on two modems: the ZyXEL 2601HN-F1 (with BLV.7 test firmware) and the 2812HNU-F1 with TUE.2 firmware.

After applying for the pre-pilot, the user sets up the IPv6 service in his modem in two steps:

WAN-side: select IPv6, and then 6to4 tunneling with 6RD enabled:

Then IPv6 is actived on the LAN side:

The IPv6 address scheme is like this: 2a00:cd8:::/64. An example Telfort IPv6 address is thus 2a00:cd8:c3f1:66e2::1


... to be continued ...

Test your IPv6 speed via

Nice: test your IPv6 speed via http://ipv6-test.com/speedtest/

Fun with SOCKS, IPv6 and SSH

This is fun stuff with both IPv6 and SOCKS. And ... the IPv6 is a side effect of the SOCKS ... ;-)

First some info on SOCKS: I thought SOCKS was just some old-skool proxy protocol on corporate networks. But I learned you can also use SOCKS (in ssh) to prevent spying by ISPs, governments and other third paries. Here's how:

You need an external SSH-server (which hopefully does IPv6). There are service providers that offer SSH-server functionality for 15 US$ per year(!). I got my VPS with SSH server from Hexxeh (http://vps.hexxeh.net/) for 5 US$ per month. A bit more expensive, but I wanted a VPS anyway and Hexxeh provides IPv6 (on request).

Now set up a super simple SOCKS proxy server on your Linux system (in my case Ubuntu):

    ssh -D 1080 myaccount@theremotesshserver.blabla.com

You then need to fill out your password. If your logon is succesful, the local SOCKS proxy is running on port 1080, with its start point on your Linux machine, and its endpoint on the SSH server. So a loooong SOCKS proxy. ;-)

(Attention: stay logged on. As soon as you logout from the SSH session, the SOCKS proxy is gone.)

Now you can point your SOCKS enabled client to localhost and port 1080. I've done this for the webbrowser Chrome (see screendump), and I could browse the web. And suddenly my location had changed to the UK according to http://whatismyipaddress.com/ . And as Hexxeh provides IPv6 (on request), my IPv6 was working according to http://test-ipv6.com/ "Your IPv6 address on the public Internet appears to be 2001:41d0:2:bb58:...".

As my web traffic now goes through an SSH session, I'm quite sure it's encrypted, and it cannot be eavesdropped by my ISP.

Strangely enough, http://www.bbc.co.uk/iplayer/tv thinks I'm NOT in the UK. Maybe the BBC does blacklist IP addresses from (VPS) hosters ... :-(

EDIT: here is a command to check the SOCKS SSH tunnel:


$ sudo netstat -apon  | grep -i ssh | grep tcp
tcp        0      0 127.0.0.1:1080          0.0.0.0:*               LISTEN      8511/ssh         off (0.00/0/0)
tcp        0      0 192.168.1.53:44824      174.41.66.20:22       ESTABLISHED 8511/ssh         keepalive (5957.97/0/0)
tcp6       0      0 ::1:1080                :::*                    LISTEN      8511/ssh         off (0.00/0/0)
$

HTH

IPv6 Fun: "defa:ced"

Funny: Fun with IPv6 addresses ... see http://codingrelic.geekhold.com/2011/04/ipv6-addresses-for-fun-and-profit.html

There are much more options than just dead:beef:f00d !

a110:c8ed	I allocated an address, just for you.
defa:ced	I hate my web designer.
bad:fac:ade	Our CSS needs work.
bad:deed	Thank you for visiting my site. Really.
be:fa11	As in "what has befallen yon dead server?"
abba:ca:daba	Our network is powered by pure magic.
d00:bee	Network debugging probably qualifies as "medicinal purposes."
b0:cce:ba11	You know, I only discovered Bocce Ball in my 30s.
5ca1:ab1e	Ignore what you see elsewhere, the secret to scalability is in using clever IP addresses.
ca:b0b	yummy
fa1:afe1	even more yummy!
b1ab:bed	We might need to tighten up our HTML a bit.
bab:b1e	We might need to recompress our images a bit.
ba:b00	My sweet baboo!
10ad:ed	I bet it has an itchy trigger finger, too.
ba:11ad	The entire site is set in iambic pentameter.
a:100f	My site doesn't like me.
acc0:1ade	Network admins rarely, if ever, hear praise of their work.
aff:ab1e	An address for a social networking site if ever I heard one.
ba:ff1e	Don't blame me for the contents of this site. The web team reports to a whole different department from the network admins.
ba1:b0a	Its the Eye of the Tiger, baby!
ed1:f1ce	Look upon my network, ye Mighty, and despair.
5caf:f01d	This load balancing tier was intended to be temporary. That was four years ago. Such is the way of things.

SABnzbd with Bonjour patch

With a patch, SABnzbd will announce itself via Bonjour. That way, you can find SABnzbd's web interface easily on your LAN. No need to hassle with IP addresses and port numbers.

I've tested this patched SABnzbd on Ubuntu. Here's how to use it:

1. Make sure the plain SABnzbd is working on your system.
2. The "SABnzbd Host" under Config -> General should state 0.0.0.0 (or ::) so that SABnzbd listens on the LAN interface
3. Install an additional library: sudo apt-get install libavahi-compat-libdnssd1
4. Download the patched SABnzbd 0.6.10 here and unpack it. Go into that directory
5. Stop the plain SABnzbd if it is running
6. Start the patched SABnzbd called "SABnzbd-bonjour.py", which you can find in the unpacked directory

SABnzbd should now advertise itself via Bonjour. Install and start avahi-discover to see it. See the included screenshot.

If you want to see Bonjour services from within Chrome/Chromium or Firefox (on any OS), go to http://dnssd.me/ and install the DNSSD extension. This should work on Linux (with Avahi installed), Mac OS X, and Windows (with itunes installed). See the included screenshot for an example.

Some remarks about using this patched SABnzbd on other operating systems:

• Other Linux versions: it should work after you install the needed libraries for avahi and the avahi-compat stuff
• Unix versions (for example embedded on NAS devices): it all depends on the libraries
• Mac OS X: I guess the patched SABnzbd should work if you can get the plain SABnzbd-source-version working. Please give feedback
• Windows: I have no idea as I don't know how to run SABnzbd from source on Windows. If you're going to try this, first make sure itunes is installed

Feedback welcome in the comments

PS: there's very little IPv6 in this stuff, but it's quite network oriented, so I posted it here.

Easy NZB-downloading on Ubuntu 11.10 with nzbget via free IPv6-only Newsservers

Ubuntu 11.10 (also known as Oneiric Ocelot) has got the NZB-downloader nzbget in its repositories. Combined with IPv6 based on miredo, and the free IPv6-only Newsservers, downloading NZBs is easy and you don't need a newsserver account. Here's the howto:

Open a terminal and type:

sudo apt-get install nzbget miredo

zcat /usr/share/doc/nzbget/examples/nzbget.conf.example.gz > ~/.nzbget

nzbget -s  -o Server1.Host=weathergirl-ipv6.tele2.net 

The above will start the nzbget daemon.

Then, create a NZB, for example via http://binsearch.info/ and download it. Let's say its name is mynzb.nzb

Finally, open another terminal, add the NZB you want to download to nzbget's queue, for example: 

nzbget -A ~/Downloads/mynzb.nzb

Switch back to the 'daemon'-terminal, and you should see the nzgbet daemon downloading your request. It will end up in ~/download/dst/

If it doesn't work, check that your IPv6 is working; make sure you get an output like this:

ubuntu@ubuntu:~$ ping6 -c4 ipv6.google.com

PING ipv6.google.com(ey-in-x63.1e100.net) 56 data bytes

64 bytes from ey-in-x63.1e100.net: icmp_seq=1 ttl=57 time=115 ms

64 bytes from ey-in-x63.1e100.net: icmp_seq=2 ttl=57 time=25.8 ms

64 bytes from ey-in-x63.1e100.net: icmp_seq=3 ttl=57 time=27.2 ms

64 bytes from ey-in-x63.1e100.net: icmp_seq=4 ttl=57 time=205 ms

--- ipv6.google.com ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3004ms

rtt min/avg/max/mdev = 25.801/93.545/205.635/74.216 ms

ubuntu@ubuntu:~$

Remarks:

• Instead of weathergirl-ipv6.tele2.net, you can use the other IPv6-only accountless newsserver: newszilla6.xs4all.nl
• If you want to use a newsserver that requires an account, use something like "nzbget -s  -o Server1.Host=your.newsserver.com -o Server1.Username=user -o Server1.Password=pass" in the 'daemon'-terminal
• The plain nzbget does not take care of rar and par. However, there's a postprocessing script somewhere in the intall. EDIT: see /usr/share/doc/nzbget/examples/postprocess-example.* 
• If you prefer a more GUI-like NZB-downloader, check out SABnzbd: http://sabnzbd.org/
• Older Ubuntu's haven't got nzbget in the standard repositories. However, there's a PPA: http://ppa.launchpad.net/volkris/ppa/ubuntu/pool/main/n/nzbget/

Happy downloading!