User Tools

Site Tools


Sidebar






newpage

linux:network:ipv6

ipv6

ipv6 works without NAT - all ports on every computer are reachable directly over lan and inet!!

check your firewalls! – use ip6tables - same syntax as iptables

Network config

OVH /etc/network/interfaes

iface eth0 inet6 static
      address main_ip_v6_here
      netmask 64
      post-up /sbin/ip -family inet6 route add gateway_v6_heref dev eth0
      post-up /sbin/ip -family inet6 route add default via mgateway_v6_here
      pre-down /sbin/ip -family inet6 route del default via gateway_v6_here
      pre-down /sbin/ip -family inet6 route del gateway_v6_here dev eth0
      
## additional ipv6 ips - in ipv6 on the same interface eth0 (no eth0.x aliases):
      post-up /sbin/ifconfig eth0 inet6 add 2001:41d0:8:5d66::144/64
      pre-down /sbin/ifconfig eth0 inet6 del 2001:41d0:8:5d66::144/64
      
## OR add another eth0 iface for an additional ipv6
iface eth0 inet6 static
      address 2001:41d0:8:5d66::144
      netmask 64

Manually add an IP:

ip -6 addr add ipv6_ip_here/64 dev eth

If it doen't work in /etc/network/interfaces, you can add a script in /etc/network/if-up.d/ like ipv6-add-ips:

#!/bin/sh
sleep 2
/sbin/ifconfig eth0 inet6 add ipv6_ip_here/64
exit 0

Nginx config

The ipv6 must be up and pingable, then you can add a listen directive in a server{.. block (keep the brackets):

listen   [ipv6_ip_here]:80;

SSL:

listen   [ipv6_ip_here]:443 ssl spdy;

Nginx reload doesn't show errors, you to restart!


Useful commands

scan ipv6 on localhost:

 nmap -6 -P0 ::1


drop ipv6 completly:

 ip6tables -A INPUT -j DROP


check chain policies:

 ip6tables -v -nL | grep DROP


drop one port (e.g. ssh) on ipv6:

 ip6tables -A INPUT -p tcp --dport 22 -j DROP
linux/network/ipv6.txt · Last modified: 2015/11/15 15:34 by tkilla