Gathering initial info:
This can be done by following the following steps:
As we are using Linode, the Linode server is by default IPv6 enabled, to check and confirm that punch in the command as follows:
# ip -6 addr show
It will come up with this result:
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:DB8:2000:aff0::/32 scope global
valid_lft forever preferred_lft forever
inet6 ff32:20:2001:db8::/96 scope link
valid_lft forever preferred_lft forever
The line highlighted in yellow confirms that our server is IPv6 enabled. (The scope global is our IPv6 address which is accessible from any other machine which is also IPv6 enabled and ready)
On the fly testing:
If we don’t get to see the IPv6 scope global line, we can always go to the Linode Remote Panel, note the IPv6 and IPv6GW and add them on the fly like this:
# ip -6 addr add public_ipv6_address/64 dev eth0
# ip -6 route add default via public_ipv6_gateway dev eth0
Making the IPv6 Configuration Persistent:
To make it IPv6 ready we need to just change two files:
1. Modify the /etc/sysconfig/network to look like this:
NETWORKING=yes
NETWORKING_IPV6=yes
2. Modify the /etc/syscofig/network-scripts/ifcfg-eth0 to look exactly like this: ( use your ip that you have noted by using the above statement )
DEVICE='eth0'
TYPE=Ethernet
BOOTPROTO=none
ONBOOT='yes'
HWADDR=04:01:ab:c4:1e:01
IPADDR=82.196.8.192
NETMASK=255.255.255.0
GATEWAY=82.196.8.1
NM_CONTROLLED='no'
IPV6INIT=yes
IPV6ADDR=2A03:B0C0:0000:1010:0000:0000:00A7:E001/64
IPV6_DEFAULTGW=2A03:B0C0:0000:1010:0000:0000:0000:0001
IPV6_AUTOCONF=no
DNS1=2001:4860:4860::8844
DNS2=2001:4860:4860::8888
Once this is all done, we need to disable the network manager, which can interfere in our network settings; this can be done as follows:
# sudo systemctl stop NetworkManager
# sudo systemctl disable NetworkManager
Now enable the normal network service:
# sudo service network restart
Add Additional IP’s:
To add additional IP’s in linode one can request additional IPv6 addresses at any time by opening a support ticket.
To add it just modify the ifcfg-eth0 something like this:
IPV6INIT=yes
IPV6ADDR=primary_ipv6_address/64
IPV6_DEFAULTGW=ipv6_gateway
IPV6ADDR_SECONDARIES="second_ipv6_address/64 third_ipv6_address/64”
IPV6_AUTOCONF=no
To verify if our Server is now IPv6 ready and working, just issue the following command from the terminal:
# ping6 ipv6.google.com
If the reply is something like this:
PING ipv6.google.com(li-in-x8a.1e100.net) 56 data bytes
64 bytes from li-in-x8a.1e100.net: icmp_seq=1 ttl=42 time=150 ms
64 bytes from li-in-x8a.1e100.net: icmp_seq=2 ttl=42 time=150 ms
64 bytes from li-in-x8a.1e100.net: icmp_seq=3 ttl=42 time=150 ms
64 bytes from li-in-x8a.1e100.net: icmp_seq=4 ttl=42 time=150 ms
That means our Server is IPv6 enabled and ready and functional!
This is only the half of work done! Let’s go onward!
Making the Web Server IPv6 Ready:
To make the Web Server IPv6 ready i.e. serve our web content over IPv6, we need to follow the following steps:
Make a DNS entry:
We need to have the DNS record for IPv6 to resolve the IP. To add the record we put the IP into the AAAA record of the DNS entry.
Disabling the Centos 7 Firewall:
For our ease, we need to disable the default firewall, it is done as follows:
# systemctl mask firewalld
# systemctl stop firewalld
Enabling the Iptables service:
As we need to be serving our content on IPv6 as well as IPv4, therefore we will enable both the iptables service on our server, the steps are listed as follows:
# yum -y install iptables-services
# systemctl enable iptables
# systemctl enable ip6tables
Now, Finally let’s start the iptables services.
# systemctl start iptables
# systemctl start ip6tables
Open ports on Web Server:
In order to serve the content, we need to make our server start listening on port 80 & port 443 for Non-SSl and SSL connections respectively.
i. For IPv4:
# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# iptables -A INPUT -p tcp --dport 443 -j ACCEPT
ii. For IPv6
# ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
# ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT
Verify the tables by: (make sure the correct rules are added)
# cat /etc/sysconfig/iptables (IPv4)
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [24:2624]
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
COMMIT
# cat /etc/sysconfig/ip6tables (IPv6)
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
COMMIT
Now save the rules:
# service iptables save
# service ip6tables save
Verify that the server is listening:
i. For IPv4:
# nmap 82.196.0.141
Starting Nmap 6.40 ( http://nmap.org ) at 2016-02-20 21:19 EST
Nmap scan report for 82.196.0.141
Host is up (0.000011s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
ii. For IPv6:
# nmap -6 2a03:b0c0:0:1010::102:4001
Starting Nmap 6.40 ( http://nmap.org ) at 2016-02-20 21:19 EST
Nmap scan report for centos-512mb-ams2-01 (2a03:b0c0:0:1010::102:4001)
Host is up (0.000026s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
Keep going!
Making Apache Ready:
There are only slight changes to make on Apache to make apache serve the content over IPv6 and IPv4 simultaneously, they are listed as follows:
Go to httpd.conf and find the line like this:
Listen 80
And modify it to something like this:
Listen *:80
Then move onto file ssl.conf, and find the line something like this:
Listen 443 https
And change it to:
Listen *:443 https
Then go the virtual host file and make sure the vhost header is like this for 80 and 443 respectively:
<VirtualHost *:80>
<VirtualHost *:443>
Now give the server a restart:
# systemctl restart httpd
That’s It! Job Done! Now onwards for verification.
Verifying our IPv6 service:
Although there are multiple ways of verifying that our content is being served correctly over IPv6 or not, I’m listing few of them:
The ping method:
From any other IPv6 enabled server to this:
# yum -y install bind-utils
# host -t AAAA www.nasheikh.com
The response would be something like this:
www.nasheikh.com is an alias for nasheikh.com.
nasheikh.com has IPv6 address 2a03:b0c0:0:1010::102:4001
Now ping it:
# ping6 nasheikh.com
The response:
PING nasheikh.com(centos-512mb-ams2-01) 56 data bytes
64 bytes from centos-512mb-ams2-01: icmp_seq=1 ttl=64 time=0.080 ms
64 bytes from centos-512mb-ams2-01: icmp_seq=2 ttl=64 time=0.130 ms
64 bytes from centos-512mb-ams2-01: icmp_seq=3 ttl=64 time=0.090 ms
Now verified that domain is properly getting resolved, there is one more method of verifying that whether the content is getting properly served or not. This listed method is more comprehensive way of IPv6 testing.
Open the link:
http://ipv6-test.com/validate.php
Enter the domain name and click on validate and it will take you the next page, and show you the result of IPv6 support. If all done correctly you will be shown the result like ipv6 ready!
Congratulation! Your website is now IPv6!! Yay!...... This marks the end of tutorial as well!
