Silmor . de
Site Links:
Impressum / Publisher

IPv6 Services

Enabling IPv6 in some Common Services

Most software by now supports IPv6, if not per default then per explicit configuration. This is just a list of a few examples that I encountered on Debian (etch and lenny) while experimenting with IPv6 - it is by no means complete.

A more exhaustive list of supporting software can be found for example on IPv6INT.

Browsers and Co.

Web browsers, like almost any common client side software, do not need to be configured for IPv6 - they just use it whenever necessary or convenient. The more interesting question (at least so far) was how to turn it off - but that is very program dependent if it is possible at all. Feel free to check the countless user forums for recipes - or better: connect your system to IPv6.

Exim 4.x MTA

Exim is the default mail transport agent (ie. SMTP server) under Debian. It comes with IPv6 support compiled in, but unfortunately turned off in the default config. Debian uses a rather complex configuration scheme for exim. The central node of it is in /etc/exim4/update-exim4.conf.conf - there the variable dc_local_interfaces configures on which interfaces exim will listen. For local configurations (the default) it will list '127.0.0.1' and for more complex server configurations '0.0.0.0' or all of the local IPv4 addresses.

To enable IPv6 simply change this variable to '::::0:0.0.0.0' for server configurations and '::::1:127.0.0.1' for local configurations. Exim needs the colons in IPv6 addresses to be doubled in order to differenciate them from the colon separators in its configuration.

Apache

For the Apache web server IPv6 addresses are just like any other address. Apache will automatically listen on both IPv4 and IPv6 if the "Listen" directives list only the ports.

In practice it is the easiest to assign hostnames via DNS or /etc/hosts and then use the hostnames instead of plain addresses - this will make writing "Listen" and "(Name)VirtualHost" directives easier, since then there is no fiddling around with colons that make up addresses versus those that separate the port from the address.

SSH, NTP

OpenSSH and XNTP will automatically bind to all IPv4 and IPv6 addresses that are available - no configuration required (except if you want to restrict them).

Inetd

Per default inetd (I'm using openbsd-inetd) only uses IPv4, but it can be easily configured to use IPv6 as well. Inetd is configured via /etc/inetd.conf with lines like this:

ident           stream  tcp     wait    identd  /usr/sbin/identd        identd

This example would configure it to listen on the ident service port (113), use a stream based protocol, namely TCP over IPv4, wait for it to finish, and use the UID identd for starting /usr/sbin/identd.

Inetd uses tcp4 and tcp as the same protocol: TCP via IPv4. The same is true for udp and udp4: UDP via IPv4. To configure IPv6 you simply use tcp6 and udp6 as protocol specifier:

ident           stream  tcp4    wait    identd  /usr/sbin/identd        identd
ident           stream  tcp6    wait    identd  /usr/sbin/identd        identd

This example does exactly the same as the first one, but lets identd listen on both IPv4 and IPv6.

Bind9

While nothing needs to be done to be able to configure IPv6 based zones, the Bind domain name server does not enable listening and answering on IPv6 per default. But it has IPv6 option equivalents for all IPv4 options. This configuration is done inside the "options" block in /etc/bind/named.conf (or /etc/bind/named.conf.options on Debian). An example could look like this:

options {
  //...
  listen-on-v6 { any; };
  notify yes;
  allow-notify { 10.0.0.1; 2001:db8::1;};
  notify-source 10.0.0.2;
  notify-source-v6 2001:db8::2;
  also-notify { 10.0.0.3; 2001:db8::3; };
};

Above the "listen-on-v6" option makes bind listen on all available IPv6 interfaces in addition to all IPv4 interfaces, which are turned on per default. I listed a few server notification examples as illustration (server notification lets slave zone servers know about changes): "allow-notify" and "also-notify" accept IPv4 and IPv6 addresses alike, so no special considerations are needed here. However the notification source needs separate configurations - in this example the source address 10.0.0.2 is used whenever an IPv4 based server is notified and the source 2001:db8::2 is used whenever an IPv6 based server is notified.


Webmaster: webmaster AT silmor DOT de