====== ipv6 ======

**ipv6 works without NAT - all ports on every computer are reachable directly over lan and inet!!**

**check your firewalls! -- use ip6tables - same syntax as iptables**

===== Network config =====

OVH /etc/network/interfaes


  iface eth0 inet6 static
        address main_ip_v6_here
        netmask 64
        post-up /sbin/ip -family inet6 route add gateway_v6_heref dev eth0
        post-up /sbin/ip -family inet6 route add default via mgateway_v6_here
        pre-down /sbin/ip -family inet6 route del default via gateway_v6_here
        pre-down /sbin/ip -family inet6 route del gateway_v6_here dev eth0
        
  ## additional ipv6 ips - in ipv6 on the same interface eth0 (no eth0.x aliases):
        post-up /sbin/ifconfig eth0 inet6 add 2001:41d0:8:5d66::144/64
        pre-down /sbin/ifconfig eth0 inet6 del 2001:41d0:8:5d66::144/64
        
  ## OR add another eth0 iface for an additional ipv6
  iface eth0 inet6 static
        address 2001:41d0:8:5d66::144
        netmask 64

Manually add an IP:
  ip -6 addr add ipv6_ip_here/64 dev eth


If it doen't work in /etc/network/interfaces, you can add a script in /etc/network/if-up.d/ like ipv6-add-ips:

  #!/bin/sh
  sleep 2
  /sbin/ifconfig eth0 inet6 add ipv6_ip_here/64
  exit 0

===== Nginx config =====

The ipv6 must be up and pingable, then you can add a listen directive in a server{.. block (keep the brackets):

  listen   [ipv6_ip_here]:80;

SSL:
  listen   [ipv6_ip_here]:443 ssl spdy;

Nginx reload doesn't show errors, you to restart!


\\
===== Useful commands =====

scan ipv6 on localhost:
   nmap -6 -P0 ::1
\\

drop ipv6 completly:
   ip6tables -A INPUT -j DROP
\\

check chain policies:
   ip6tables -v -nL | grep DROP
\\

drop one port (e.g. ssh) on ipv6:
   ip6tables -A INPUT -p tcp --dport 22 -j DROP