Hi Folks,
As many of us that use SolusVM and Xen and I assume KVM and possibly OpenVZ too SolusVM has had a major bug since IPv6 was implemented and that is that if you turn on IP Stealing detection for IPv4 apart from th fact that it does not even alert you it completely disables IPv6.
Initially SolusVM said that it was due to ebtables in CentOS 5 not supporting IPv6, ebtables have supported IPv6 since 2.6.16 so I found that hard to accept but assumed they tested it well to make that statement.
Now That I have moved in to CentOS 6 and the same problem exists the new reason is that "It must be a problem with ebtables" which is not the case either ebtables supports ipv6 just fine it is the eb_php that solusvm produce that seems to cause the issue.
They have worked around the issue by adding a '?' next to the feature saying it may cause an issue with ipv6
I understand this is probably a complicated thing to work on but it has been a bug that they have refused to acknowledge as such for over a year.
/rant
When this first started happening I wrote a script for detection, it was horrible and clunky and frankly I forgot about it hoping that solusvm would fix their ebtables implementation.
After yet another case of a spammer IP stealing I got sick and sat for an afternoon yesterday rewriting everything.
GET IT HERE: http://pastie.org/private/rrhexp7uqh8907oxpb3wtq
I am not a coder/script'r so it might not look pretty but it works, it checks all IP's you have assigned to customers, matches them up with their assigned mac address, touches every ip in your node range, dumps the arp cache, excudes the gateway etc and runs a diff, little bit of extra logic applied and emails you with detail if it finds a problem.
should not be hard to adapt for KVM/OpenVZ if required but wont be done by me unless someone provides a test bed:)
Thanks to @joepie91 for the python script to clean up the authorised list.
@KuJoe was asking about this a while back so hope its of use to you too.
I never usually release anything I write because its ugly but thought this might help others, I made plenty of comments so other people know what it is doing.
released under WTFPL i.e. do what you want with it.
Be Kind.
Anthony.