Home > Tutorial, ipv6, linux, networking > IPv6 Tutorial – Part (II)

IPv6 Tutorial – Part (II)

July 1st, 2009
Goto comments Leave a comment

Many people I know run a dedicated server to run web-, DNS- and mail servers. In this article I’ll show you how to bring IPv6 to your server. The next part will concentrate on enabling IPv6 for different services like web and mail. As operating system I’ll concentrate on Debian GNU/Linux. I’ll also describe only the service I use: BIND9, Apache2, OpenSSH, Postfix and Dovecot.

If your no familar with IPv6 you should first learn the basics: http://en.wikipedia.org/wiki/IPv6

Warning: iptables will not filter IPv6 packets. For IPv6 you’ll have to use ip6tables. So if you activate IPv6 on a host without configuring your services correctly and / or setting up ip6tables rules you might have some serious security problems.

You should also think before blindly following what I’m writing. I maybe wrong and you might screw up your whole serer.

Some providers already offer IPv6 connectivity for their server but you might have to ask for it. If you’re provider doesn’t there are two alternatives:

  1. change the provider
  2. use a tunnel

I’ll describe tunneling in a bit.

To enable IPv6 on your Linux server just load the IPv6 module: modprobe ipv6. You can make this permanent by adding the ipv6 module to /ect/modules

If your provider offers native IPv6 enabling IPv6 is very simple. You get an IPv6 address (or a whole network) and a default gateway form your provider and configure it just as you would configure IPv4. Your provider might also run stateless auto configuration this makes it even easier, load the module and your done.

On a Debian box you have to edit /etc/network/interfaces. Here is an example for the ipv6 part:

....
iface eth0 inet6 static
address 2001:db8:ffff:ffff:0002:b387:786f:2
netmask 64
gateway 2001:db8:ffff:ffff:0002:b387:786f:1
....

Be careful not to make any mistakes. In order to activate your configuration you have to reload your interface configuration an might lose connectivity. Do this by typing ifdown eth0 && ifup eth0.

You can verify your configuration with ifconfig or ip

jens@calo-ila:~$ ip addr show dev eth0
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:16:17:90:b3:ed brd ff:ff:ff:ff:ff:ff
inet 10.198.11.141/27 brd 88.198.11.159 scope global eth0
inet6 2001:db8:1111::1/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::216:17ff:fe90:b3ed/64 scope link
valid_lft forever preferred_lft forever
ens@calo-ila:~$ ip -6 route show
2001:6f8:900:990::/64 via :: dev sixxs metric 256 mtu 1280 advmss 1220 hoplimit 64
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1220 hoplimit 64
fe80::/64 via :: dev sixxs metric 256 mtu 1280 advmss 1220 hoplimit 64
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1220 hoplimit 1
ff00::/8 dev sixxs metric 256 mtu 1280 advmss 1220 hoplimit 1
default dev eth0 proto kernel metric 256 mtu 1500 advmss 1220 hoplimit 64
default via 2001:db8:900:990::1 dev sixxs metric 1024 mtu 1280 advmss 1220 hoplimit 64
unreachable default dev lo proto none metric -1 error -101 advmss 1220 hoplimit 255

You can verify if everything works by using ping6 or traceroute6. Try a ping6/traceroute6 to www.kame.net and ipv6.google.com


jens@laphroig:~$ traceroute6 -n ipv6.google.com
traceroute to fx-in-x68.google.com (2001:4860:a003::68) from 2001:6f8:900:98f::2, port 33434, from port 39151, 30 hops max, 60 byte packets
1 2001:6f8:900:98f::1 46.283 ms 46.219 ms 46.469 ms
2 2001:6f8:800:1003::209:55 48.303 ms 47.341 ms 67.618 ms
3 2001:6f8:800:0:1:0:d4e0:49a 48.513 ms 70.531 ms 45.931 ms
4 2001:6f8:1:0:87:86:71:240 95.634 ms 47.058 ms 59.826 ms
5 2001:6f8:1:0:86:87:77:64 63.777 ms 76.877 ms 59.907 ms
6 2001:6f8:1:0:87:86:77:62 76.698 ms 57.544 ms 57.761 ms
7 2001:6f8:1:0:87:86:77:249 61.354 ms 59.799 ms 74.241 ms
8 2001:7f8::3b41:0:1 63.615 ms 78.677 ms 99.775 ms
9 * * *
10 2001:4860:a003::68 85.550 ms 94.387 ms *

If your provider doesn’t offer nativ IPv6 you can use a tunnel. The two most popular tunnel broker are

  • SIXXS
  • Hurricane Electric

      • After registering, you can request a tunnel and a subnet (/64 or /48). Setting up the tunnel is quite easy. On Debian edit /etc/network/interfaces again. Add the following code


      auto my-ipv6tunnel
      iface my-ipv6tunnel inet6 v4tunnel
      address your IPv6 address from your tunnel broker
      netmask mask. e.g 64
      endpoint tunnel broker ipv4 address
      local your ipv4 Address
      up ip route add ::/0 dev my-ipv6tunnel

      Tutorial, ipv6, linux, networking

  1. No comments yet.
  1. No trackbacks yet.