pantz.org banner
pantz.org is now IPv6
Posted on 02-12-2012 23:02:08 UTC | Updated on 02-12-2012 23:23:44 UTC
Section: /software/tcpip/ | Permanent Link

Getting IPv6 connected

I thought it would be fun to get pantz.org up and rolling on IPv6 before the next world IPv6 day. My hosting company Linode offers IPv6 now, and they made it real easy to get it going. I just clicked on a link to turn it in my control panel and then rebooted. The address was assigned by dhcp to the interface on boot. Below is an ifconfig example of a interface running both IPv4 and IPv6 on the same interface.

eth0      Link encap:Ethernet  HWaddr ff:ff:de:ad:be:ef  
          inet addr:74.207.225.175  Bcast:74.207.225.255  Mask:255.255.255.0
          inet6 addr: 2600:3c02::f03c:91ff:fe93:9678/64 Scope:Global
          inet6 addr: fe80::f03c:91ff:fe93:9678/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          ....

Now that we have an native IPv6 IP address we need to test to see if it works. Google has an IPv6 website that you can use to test this. Just use the IPv6 version of ping, and you should see a response if everything is setup correctly. Example: ping6 IPv6.google.com.

IPv6 firewall

Let's get some IPv6 firewalling going. In Linux iptables is what you use for IPv4 as a packet filter. With IPv6 you need to use ip6tables. It's very close to the same so you can use most of your current rules from IPv4. Just an intresting note, as of right now ip6tables does not support NAT. According to the devs it is unlikely it will ever be supported so just keep that in mind.

Below is an example of firewalling with ip6tables. It is a bash script written to be put in the /etc/init.d dir. It responds to the stop,start,restart commands to load the rules. I called my rules ip6tables. Make the file and put it in the /etc/init.d dir. If your running a Debian based system (Ubuntu and such) then you can run chmod 700 /etc/init.d/ip6tables;update-rc.d ip6tables defaults on the file to have it start on boot.

#!/bin/bash
#
# Firewall rules
# 

######################################################################
function on {
    echo "Firewall: enabling filtering"
       	
    # Clear any previous rules.
    ip6tables -F
    ip6tables -F -t mangle
    ip6tables -X
    # Default drop policy.
    ip6tables -P INPUT DROP
    ip6tables -P OUTPUT DROP
    ip6tables -P FORWARD DROP

    # Allow anything over loopback.
    ip6tables -A INPUT  -i lo -s ::1/128 -j ACCEPT
    ip6tables -A OUTPUT -o lo -d ::1/128 -j ACCEPT

    # allow link-local
    ip6tables -A INPUT -s fe80::/10 -j ACCEPT

    # Drop packets with a type 0 routing header
    ip6tables -A INPUT -m rt --rt-type 0 -j DROP
    ip6tables -A OUTPUT -m rt --rt-type 0 -j DROP
    ip6tables -A FORWARD -m rt --rt-type 0 -j DROP

    # Drop any tcp packet that does not start a connection with a syn flag.
    ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

    # Drop any invalid packet that could not be identified.
    ip6tables -A INPUT -m state --state INVALID -j DROP

    # Drop invalid packets.
    ip6tables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
    ip6tables -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN              -j DROP
    ip6tables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST              -j DROP
    ip6tables -A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST              -j DROP
    ip6tables -A INPUT -p tcp -m tcp --tcp-flags ACK,FIN FIN                  -j DROP
    ip6tables -A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG                  -j DROP

    # Reject link-local all nodes multicast group 
    ip6tables -A INPUT -d ff02::1 -j REJECT

    # Allow TCP/UDP connections out. Keep state so conns out are allowed back in.
    ip6tables -A INPUT  -p tcp -m state --state ESTABLISHED     -j ACCEPT
    ip6tables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
    ip6tables -A INPUT  -p udp -m state --state ESTABLISHED     -j ACCEPT
    ip6tables -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT

    # Allow ICMP In/Out. ICMP has a much more significant and essential role because of
    # new functionality that is now performed within IPv6. Allow open for now.
    ip6tables -A INPUT   -p IPv6-icmp -j ACCEPT
    ip6tables -I OUTPUT  -p IPv6-icmp -j ACCEPT
    ip6tables -I FORWARD -p IPv6-icmp -j ACCEPT

    # Allow http connections in. Uncomment if needed.
    ip6tables -A INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j ACCEPT

    # Drop everything that did not match above and log it.
    ip6tables -A INPUT   -j LOG --log-level 4 --log-prefix "IPT_INPUT: "
    ip6tables -A INPUT   -j DROP
    ip6tables -A FORWARD -j LOG --log-level 4 --log-prefix "IPT_FORWARD: "
    ip6tables -A FORWARD -j DROP
    ip6tables -A OUTPUT  -j LOG --log-level 4 --log-prefix "IPT_OUTPUT: "
    ip6tables -A OUTPUT  -j DROP

}
######################################################################
function off {
    # stop firewall
    echo "Firewall: disabling filtering (allowing all access)"
    ip6tables -F
    ip6tables -F -t mangle
    ip6tables -P INPUT ACCEPT
    ip6tables -P OUTPUT ACCEPT
    ip6tables -P FORWARD ACCEPT
}
######################################################################
function stop {
    # stop all external connections
    echo "Firewall: stopping all external connections"
    ip6tables -F INPUT
    ip6tables -F OUTPUT
    ip6tables -P INPUT DROP
    ip6tables -P FORWARD REJECT
    ip6tables -P OUTPUT REJECT

    # allow anything over loopback
    ip6tables -A INPUT -i lo -s ::1/128 -j ACCEPT
    ip6tables -A OUTPUT -o lo -d ::1/128 -j ACCEPT
}

case "$1" in
    start)
	on
    ;;
    stop)
	off
    ;;
    restart)
       off
       on
    ;;
    *)
	echo "$0 {start|stop|restart|off}"
	echo "Start executes primary ruleset."
	echo "Stop disables all filtering"
	echo "restart clears then enables"
	echo "Off disables all non-loopback connections"
    ;;
esac

Getting the webserver working

I use Nginx for my webserver so I had to change the config to have it listen for IPv6. First check that your Nginx supports IPv6 with the command nginx -V. It should show "--with-ipv6" in the output. After verfiying IPv6 is compiled in we can change the config. I put my IPv6 listen statement in the config and restarted. On restart the following error showed up:

[emerg]: bind() to [::]:80 failed (98: Address already in use)
[emerg]: bind() to [::]:80 failed (98: Address already in use)
[emerg]: bind() to [::]:80 failed (98: Address already in use)
[emerg]: bind() to [::]:80 failed (98: Address already in use)
[emerg]: bind() to [::]:80 failed (98: Address already in use)
[emerg]: still could not bind()

I believe this error relates to how a modern version of Linux uses a hybrid dual-stack implementation of IPv4 and IPv6. To fix this I had to put IPv6only=on in the IPv6 line or Nginx would throw that error and not start. The new line tells Nginx to open a port in hybrid sockets mode. The final working line is below. There are other lines in the server {} area I'm just showing the IPv6 and IPv4 line. Restart Nginx after you put the IPv6 line in.

server {
    ...
    listen      *:80;
    listen 	[::]:80 default IPv6only=on;
    ...
   }

For every virtual server after setting the default server (like above) you will just need the following listen lines that don't reference the default server or IPv6.

server {
    ...
    listen      *:80;
    listen      [::]:80;
    ...
   }

IPv6 DNS records

With IPv6 you have to use an AAAA record (quad A) instead of an A records. The DNS entry is the same but your just using 3 more A's for the new record. Update your DNS server with that record and then test it with dig. An example of that test would look like the following.

> dig @ns1.linode.com www.pantz.org aaaa 

....

;; QUESTION SECTION:
;www.pantz.org.			IN	AAAA

;; ANSWER SECTION:
www.pantz.org.		86400	IN	AAAA	2600:3c02::f03c:91ff:fe93:9678

....

Check if your site is working

After you get your quad A record entry in, people should be able to reach your website through IPv6. If you don't have an IPv6 connection you can check your sites connectivity with http://IPv6-test.com. If that website says it was successful then congrats your up and rolling. Check your webserver logs for access from an IPv6 address, then make sure the resulting code was 200 OK for that access.

Intresting things I learned about IPv6

List of port numbers
Posted on 09-16-2007 06:23:00 UTC | Updated on 09-16-2007 06:23:00 UTC
Section: /software/tcpip/ | Permanent Link

This is a link to a list of ports and the service registered to run on that port from IANA's website. I would list it here but I would never be able to keep it up to date and it's a damn big list (715k).

Reddit!

Related stories

Internet Protocol (IPv4) Subnet Chart
Posted on 08-16-2003 06:23:00 UTC | Updated on 03-02-2012 22:43:11 UTC
Section: /software/tcpip/ | Permanent Link

Ths is an Internet Protocol (IPv4) Subnet Chart. You can use this to quickly look up how your might need to subnet your network. At the bottom there is a quick how-to on calculating subnets.

For more information on subnetting, see RFC 1817 and RFC 1812.

Class address ranges:

Reserved address ranges for private (non-routed) use (see RFC 1918):

Other reserved addresses:

Chart notes:


Class A

Network Bits Subnet Mask Number of Subnets Number of Hosts
/8 255.0.0.0 0 16777214
/9 255.128.0.0 2 (0) 8388606
/10 255.192.0.0 4 (2) 4194302
/11 255.224.0.0 8 (6) 2097150
/12 255.240.0.0 16 (14) 1048574
/13 255.248.0.0 32 (30) 524286
/14 255.252.0.0 64 (62) 262142
/15 255.254.0.0 128 (126) 131070
/16 255.255.0.0 256 (254) 65534
/17 255.255.128.0 512 (510) 32766
/18 255.255.192.0 1024 (1022) 16382
/19 255.255.224.0 2048 (2046) 8190
/20 255.255.240.0 4096 (4094) 4094
/21 255.255.248.0 8192 (8190) 2046
/22 255.255.252.0 16384 (16382) 1022
/23 255.255.254.0 32768 (32766) 510
/24 255.255.255.0 65536 (65534) 254
/25 255.255.255.128 131072 (131070) 126
/26 255.255.255.192 262144 (262142) 62
/27 255.255.255.224 524288 (524286) 30
/28 255.255.255.240 1048576 (1048574) 14
/29 255.255.255.248 2097152 (2097150) 6
/30 255.255.255.252 4194304 (4194302) 2

Class B

Network Bits Subnet Mask Number of Subnets Number of Hosts
/16 255.255.0.0 0 65534
/17 255.255.128.0 2 (0) 32766
/18 255.255.192.0 4 (2) 16382
/19 255.255.224.0 8 (6) 8190
/20 255.255.240.0 16 (14) 4094
/21 255.255.248.0 32 (30) 2046
/22 255.255.252.0 64 (62) 1022
/23 255.255.254.0 128 (126) 510
/24 255.255.255.0 256 (254) 254
/25 255.255.255.128 512 (510) 126
/26 255.255.255.192 1024 (1022) 62
/27 255.255.255.224 2048 (2046) 30
/28 255.255.255.240 4096 (4094) 14
/29 255.255.255.248 8192 (8190) 6
/30 255.255.255.252 16384 (16382) 2

Class C

Network Bits Subnet Mask Number of Subnets Number of Hosts
/24 255.255.255.0 0 254
/25 255.255.255.128 2 (0) 126
/26 255.255.255.192 4 (2) 62
/27 255.255.255.224 8 (6) 30
/28 255.255.255.240 16 (14) 14
/29 255.255.255.248 32 (30) 6
/30 255.255.255.252 64 (62) 2



Supernetting (CIDR) Chart

Class C

CIDR Block Supernet Mask Number of Class C Addresses Number of Hosts
/14 255.252.0.0 1024 262144
/15 255.254.0.0 512 131072
/16 255.255.0.0 256 65536
/17 255.255.128.0 128 32768
/18 255.255.192.0 64 16384
/19 255.255.224.0 32 8192
/20 255.255.240.0 16 4096
/21 255.255.248.0 8 2048
/22 255.255.252.0 4 1024
/23 255.255.254.0 2 512





Quick Subnetting How-To (Thanks to Jason@ GeekVenue.)


[Understanding decimal - Base 10]

The first thing you must know is that the common number system used world wide is the decimal system (otherwise known as base 10). What makes the decimal system a base 10 system is that it is based on grouping numbers by 10's. It is believed that the system evolved because we have ten fingers and ten toes which over the years we have used for counting. I use mine all the time (grin). We name the ten digits: zero, one, two, three, four, five, six, seven, eight and nine.

The decimal system has a 1's place, a 10's place, a 100's place, a 1000's place and so on. We say the number places are grouped by 10's because multiplying each number place by 10 gives you the next number place. So: 1x10=10 (the 10's place), 10x10=100 (the 100's place), 100x10=1000 (the 1000's place) etc.

Let's look at the decimal number 103 by place.

103 <- read from right to left

We have a 3 in the 1's place
We have a 0in the 10's place
We have a 1 in the 100's place

Thus: 100+0+3=103

By now you probably feel like you have attended Kindergarten for the second time in your life? Sorry about that but it is very important that you understand the concept of what a number system is, and what it is based on before we look at binary.


[Understanding binary - base 2]

Binary is a base 2 system, and thus groups numbers by 2's and not by 10's like the decimal system. We name the two digits: zero and one. The binary system has a 1's place, a 2's place, a 4's place, an 8's place, a 16's place and so on. We say the number places are grouped by 2's because multiplying each number place by 2 gives you the next number place. So: 1x2=2 (the 2's place), 2x2=4 (the 4's place), 4x2=8 (the 8's place), 8x2=16 (the 16's place) etc.

Let's look at the decimal number Let's look at the decimal number 103 in binary format:

01100111 <- read from right to left

We have a 1 in the 1's place
We have a 1 in the 2's place
We have a 1 in the 4's place
We have a 0 in the 8's place
We have a 0 in the 16's place
We have a 1 in the 32's place
We have a 1 in the 64's place
We have a 0 in the 128's place

Thus: 0+64+32+0+0+4+2+1=103

Okay, Let's test your skills. Here is a list of binary numbers, try converting them to decimal and check your answers at the end of this post.

10000000
11000000
11100000
01000000
10000011
10010001
11111111

If you were able to convert these numbers to decimal then congratulations! You're ready to move on to the next section.


[Understanding a subnet mask]

Now that you understand what binary is, let's have a look at our two subnet masks from the beginning of my post:

192.168.1.0 / 255.255.255.0
192.168.1.0/24


The concept of a subnet mask is simple. You have a network and you have hosts on the network (anything with an IP address is a host). The subnet mask determines what portion of the TCP/IP address represents your network and what portion can be used for your hosts. Because I am a simple person, I think of it like this; The network number represents the street I live on, and the host portion is used for the numbers on all the houses on my street.

A subnet mask of 255.255.255.0 means that the first three octets of the address will be used for the network, and thus our network number is 192.168.1. This means we can have 254 computers on this network, because the fourth octet is not being used by the network portion of the address. We know this because of the 0 in the subnet mask (255.255.255.0).

We call each of the number sections an octet because we think of them in binary, and there are eight possible bits in each section. Eight bits is an octet. 11111111 in binary is 255 in decimal (did you do the conversions?). So our decimal subnet mask 255.255.255.0 displayed in binary is going to be:

11111111.11111111.11111111.00000000

If you count all the ones, you will find that there are 24 of them. Now look at the subnet mask examples again.

192.168.1.0/255.255.255.0
192.168.1.0/24


Do you see why both subnet masks are the same? The number 24 is the number of bits used in the network portion of the address, and is short-hand for writing the address/subnet mask combination. It becomes important to understand this when you start dividing your network into multiple sub networks.


[Understanding Subnetting]

Before reading this section, you should have a good understanding of what a subnet mask is and how binary bits represent the subnet mask.

Simply put, subnetting is dividing your network into multiple sub networks. To go back to my silly example about houses and streets, subnetting gives you multiple streets in your neighborhood.

There are two methods for dividing your network into multiple sub networks; One is to simply change your network numbers keeping the same subnet mask. The other is to subnet your network into smaller sub networks.

Keeping the same mask:
Your network could be divided into two or more networks by changing the network portion of the address such as 192.168.1 and 192.168.2 and keeping the same subnet mask.

Example:
192.168.1.0/255.255.255.0
192.168.2.0/255.255.255.0

Doing this would give you two separate networks with 254 hosts per network. This is a very common method of dealing with multiple networks. However, back in the good old days you had to pay for every IP address you used, and if you had 25 computers on your network you probably would not want to pay for 254 addresses! The answer to the problem is...subnetting.

Subnetting a network:
Subnetting is when you use bits from the host portion of your address as part of your network number. This let's you subdivide your network at the cost of host addresses, which is great if you're paying for every host IP address. It will save you money because you pay for fewer TCP/IP addresses. Confused? Here is where understanding binary is important.

Lets look at a new subnet mask:
255.255.255.224

As you can see in the fourth octet, some of the host portion of this subnet mask is now being used for part of the network address. Which means we are now using some of the binary bits in the fourth octet for our network numbers, and that gives us fewer hosts than our old mask (which gave us 254), but gives us more networks (which is why we call it subnetting).

How can we tell how many networks and hosts per network this new subnet mask will give us? Well... we shall have to use some of our newly acquired binary skills.

The first task is to find out how many bits in the fourth octet are being used? The decimal number is 224, what is the decimal number 224 as represented in binary?

The decimal number 224 in binary is:
11100000

We have a 0 in the 1's place
We have a 0 in the 2's place
We have a 0 in the 4's place
We have a 0 in the 8's place
We have a 0 in the 16's place
We have a 1 in the 32's place
We have a 1 in the 64's place
We have a 1 in the 128's place

Thus: 128+64+32+0+0+0+0+0=224

So our complete subnet mask in binary is:
1111111.11111111.11111111.11100000

We now know that three bits from the fourth octet are used. How can we tell how many sub networks we're going to have? This requires some math - sorry. The formula is: 2n-2, where n is the number of bits being used from the host portion of our subnet mask.

Important Note:We subtract 2 networks (the first and last subnets) from the total unless we have equipment that supports IP Subnet-Zero in which case we use the formula 2n - please see the addendum at the end of this lesson for more details.

The formula for three bits is:
23-2=6

In simpler terms:
(2x2x2)-2=6

So our network is sub divided into 6 networks. Next, we want to know what the network numbers are, and how many hosts we can have on each of the 6 networks?

What is the first subnet? Let's have a look at the bits in our fourth octet again. The bit that gives us the answer is the (1) closest to the first zero, and in this case it is the 3rd bit from the left.

11100000

The 3rd bit will start our first network, and the 3rd bit is in the 32's place (remember binary). Start adding the value 32 to itself six times to get the six network numbers.

Note: A quicker way to find our starting network number is to subtract our mask from 256.
256-224=32

Here are our network numbers:

32
64
96
128
160
192

A better way to display this is:

192.168.1.32
192.168.1.64
192.168.1.96
192.168.1.128
192.168.1.160
192.168.1.192

The host addresses will fall between the network numbers, so we will have 30 hosts per network. You're probably wondering why it's not 31? The answer is that the last address of each subnet is used as the broadcast address for that subnet.

Example:
Subnet:192.168.1.32 / 255.255.255.224
Address Range: 192.168.1.33 through 192.168.1.62 (30 hosts)
Subnet Broadcast Address:192.168.1.63

Quiz:
Let's test your skills- write the address range and broadcast address for the following subnet. You will find the answer at the end of this post.

Subnet: 192.168.1.128 / 255.255.255.224
Address Range?
Subnet Broadcast Address?

If we we're paying for our TCP/IP addresses, we would only pay for one network and host combination, thus paying for 30 hosts and not 254. It could mean some real savings, it also frees up the remaining addresses for other organizations to use.

Let's look at another subnet mask:
255.255.255.240

How many bits are used from the host portion? To find this out, we need to know how the decimal number 240 is represented in binary.

The answer is:
11110000

So four bits are taken from the host portion of our mask. We do the same math as before:

24-2=14

In simpler terms:
(2x2x2x2)-2=14

We will have 14 sub networks, and what will the network numbers be? Look at the fourth bit, it's in the 16's place:
11110000

Note: A quicker way to find our starting network number is to subtract the value of our mask from 256. So: 256-240=16

Start adding 16 to itself- fourteen times to get all 14 network numbers:

16
32
48
64
80
96
112
128
144
160
176
192
208
224

A better way to display our subnets is:

192.168.1.16
192.168.1.32
192.168.1.48
192.168.1.64
192.168.1.80
192.168.1.96
192.168.1.112
192.168.1.128
192.168.1.144
192.168.1.160
192.168.1.176
192.168.1.192
192.168.1.208
192.168.1.224

The host addresses fall between the network numbers. So we will have 14 host addresses on each of our 14 sub networks (remember: the last or 15th address is the broadcast address for that subnet).

If you had a small company with 10 hosts and needed to have a static IP address for all of your hosts, you would be assigned a network/subnet mask and a valid IP address range.

Here is an example of what that might look like:

Network: 205.112.10.16/.255.255.255.240
Address Range: 205.112.10.17 through 205.112.10.30
Subnet Broadcast Address: 205.112.10.31


Important Addendum: There may be concerns about why the first and last subnets were not used in any of the examples above. What happened to them? Did they get scared and run away? The answer is simple - nothing happend to them it's just that some older routing equipment and software does not support the use of the first and last subnets. This is documented in the older TCP/IP doc rfc 950. The newer standard outlined in rfc 1812 allows for the use of the first and last subnets- making it the current standard in IPv4 subnetting.

[Answers to Binary Conversions]

10000000 = 128
11000000 = 192
11100000 = 224
01000000 = 64
10000011 = 131
10010001 = 145
11111111 = 255


[Answer to Subnet Question]

Subnet:192.168.1.128 / 255.255.255.224
Address Range: 192.168.1.129 through 192.168.1.158
Subnet Broadcast Address: 192.168.1.159


Reddit!

Related stories


RSS Feed RSS feed logo

About


3com

3ware

alsa

alsactl

alsamixer

amd

android

apache

areca

arm

ati

auditd

awk

badblocks

bash

bind

bios

bonnie

cable

carp

cat5

cdrom

cellphone

centos

chart

chrome

chromebook

cifs

cisco

cloudera

comcast

commands

comodo

compiz-fusion

corsair

cpufreq

cpufrequtils

cpuspeed

cron

crontab

crossover

cu

cups

cvs

database

dbus

dd

dd_rescue

ddclient

debian

decimal

dhclient

dhcp

diagnostic

diskexplorer

disks

dkim

dns

dos

dovecot

drac

dsniff

dvdauthor

e-mail

echo

editor

emerald

ethernet

expect

ext3

ext4

fat32

fedora

fetchmail

fiber

filesystems

firefox

firewall

flac

flexlm

floppy

flowtools

fonts

format

freebsd

ftp

gdm

gmail

gnome

google

greasemonkey

greylisting

growisofs

grub

hacking

hadoop

harddrive

hba

hex

hfsc

html

html5

http

https

hulu

idl

ie

ilo

intel

ios

iperf

ipmi

iptables

ipv6

irix

javascript

kde

kernel

kickstart

kmail

kprinter

krecord

kubuntu

kvm

lame

ldap

linux

logfile

lp

lpq

lpr

maradns

matlab

memory

mencoder

mhdd

mkinitrd

mkisofs

moinmoin

motherboard

mouse

movemail

mplayer

multitail

mutt

myodbc

mysql

mythtv

nagios

nameserver

netflix

netflow

nginx

nic

ntfs

ntp

nvidia

odbc

openbsd

openntpd

openoffice

openssh

openssl

openvpn

opteron

parted

partimage

patch

perl

pf

pfflowd

pfsync

photorec

php

pop3

pop3s

ports

postfix

power

procmail

proftpd

proxy

pulseaudio

putty

pxe

python

qemu

r-studio

raid

recovery

redhat

router

rpc

rsync

ruby

saltstack

samba

schedule

screen

scsi

seagate

seatools

sed

sendmail

sgi

shell

siw

smtp

snort

solaris

soundcard

sox

spam

spamd

spf

spotify

sql

sqlite

squid

srs

ssh

ssh.com

ssl

su

subnet

subversion

sudo

sun

supermicro

switches

symbols

syslinux

syslog

systemd

systemrescuecd

t1

tcpip

tcpwrappers

telnet

terminal

testdisk

tftp

thttpd

thunderbird

timezone

ting

tls

tools

tr

trac

tuning

tunnel

ubuntu

unbound

vi

vpn

wget

wiki

windows

windowsxp

wireless

wpa_supplicant

x

xauth

xfree86

xfs

xinearama

xmms

youtube

zdump

zeromq

zic

zlib