Category Archives: IPv6

An issue with exim — mails not getting delivered to certain mail-servers

Facing an issue with exim, that it doesn’t send any mails to certain SMTP server’s like gmail etc?

First place to check is the /var/log/exim_mainlog and see if you can spot something like this

=============

-bash-3.2# grep 1W6OuM-0005cl-J8 /var/log/exim_mainlog
2014-01-23 19:21:42 1W6OuM-0005cl-J8 <= root@host.xxxx. U=root P=local S=350 T=”test mail” for test@gmail.com
2014-01-23 19:21:42 cwd=/var/spool/exim 4 args: /usr/sbin/exim -v -Mc 1W6OuM-0005cl-J8
2014-01-23 19:21:42 1W6OuM-0005cl-J8 gmail-smtp-in.l.google.com [xxxx:abcd:xxxx:xab::xa] Network is unreachable
2014-01-23 19:21:43 1W6OuM-0005cl-J8 Completed

============

You can see that exim is trying to send outgoing emails via IPv6 . It happens if the recipient server supports it, ( gmail supports it ) as a result mail delivery gets affected or the mails reach junk/spam folder.

If IPv6 delivery is not intended and DNS records for the same are not configured, then the recipient SMTP server would not be able to obtain a reverse DNS entry of the sending IP ( IP in IPv6 ) and as a result it affects the mail delivery.

To get around this, either configure your IPv6 DNS entries or just force exim to send mails only via IPv4 by adding the below line to the exim config file ( /etc/exim.conf

disable_ipv6 = true

Finally restart exim.

Enable IPv6 on Direct Admin

It was rather easy to get IPv6 working with DA if you have the IPv6 subnet allocated for your server.

Make sure that you have IPv6 enabled on your DA.

# grep ipv6 /usr/local/directadmin/conf/directadmin.conf
ipv6=1

Add the IPv6 Addresses to your direct admin, through IP Management (This will add IPv6 address to the interface).
Enter the IPv6 Address in IP field and keep the Netmask as 255.255.255.0

Add IPv6 address for your name servers,
go to DNS administration –> Select your name server domain –> Add AAAA records for your Name Servers. Make sure you have added the IPv6 addresses already to DA.

Check your name server is resolving/reachable via IPv6.

Now to add IPv6 Address to hosted domains, select the domain –> Modify user –> select the IPv6 address in “Add Additional IP”. If the IPv6 address is not visible, make sure it is added to DA and to the reseller account you are editing the domain.

Add the IPv6 address(AAAA) to the corresponding domains DNS configuration.

Here we go, ping666666

 

./arun

Configure IPv6 squid

Squid 3.1+ support IPv6

– Compile and install 3.1.x version of squid.

# useradd -d /opt/squid squid

# wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.11-20110228.tar.gz

# tar xvzf squid-3.1.11-20110228.tar.gz

# cd squid-3.1.11-20110228; ./configure –prefix=/opt/squid/

# make; make install

# /opt/squid/sbin/squid -z

Configure squid

edit /opt/squid/etc/squid.conf

cache_effective_user squid

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl to_ipv6 dst ipv6
http_access allow to_ipv6 !all
tcp_outgoing_address 2001:: to_ipv6
tcp_outgoing_address 12.34.56.78 !to_ipv6

And add necessary acls to allow access for your network to squid.

Testing:

$ telnet <v6_address> 3128
Trying 2001::…
Connected to 2001::..
Escape character is ‘^]’.
get http://ipv6.google.com/
HTTP/1.0 200 OK

Check the access.log to make sure

1298965141.719    477 2001:: TCP_MISS/200 25918 GET http://ipv6.google.com/ – DIRECT/2a00:1450:8002::6a text/html

IPv6 configuration for KVM guests

It is simple and straight forward to enable IPv6 on KVM guests

Configure the host machine with IPv6 Address on the bridge interface

cat ifcfg-br0

IPV6INIT=yes
IPV6ADDR=xxxx.xx::10
IPV6_DEFAULTGW=xxxx.xx::1
IPV6_AUTOCONF=no

Configure the interface on virutal machines with ipv6 address

cat ifcfg-eth0

IPV6INIT=yes
IPV6ADDR=xxxx.xx::11
IPV6_DEFAULTGW=xxxx.xx::1
IPV6_AUTOCONF=no

Add the the necessary firewall rules to ip6tables on the host machine

-A FORWARD -m physdev –physdev-is-bridged -j ACCEPT.

./arun

Issues with zone transfer in Dual stack IPv4 / IPv6

You might face issues with zone transfer to ipv4 secondaries on a dual stack server where the bind listening on IPv4 and IPv6 address,

client ::ffff:11.11.11.11#43253: zone transfer 'example.com/IN' denied

this happens because , once the v6 is enabled on bind it just try to make ipv4 address looks like v6 address.

Solution : just add the v6 formatted v4 address to the allowed list

allow transfer { ::ffff:11.11.11.11; };

./arun

Configure Apache over IPv6

Once your network interface is configured with IPv6, it is easy to configure the webserver. No real difference with IPv4 configuration.

Configure Apache to listen the IPv6 address:

Listen ipv6_address:port
NameVirtualHost ipv6_address:port

If the apache virtual host is configured with domain name , eg < VirtualHost arunns.com:80 >, just add AAAA record for arunns.com in dns and the website will work without any extra configurations other than the previous two lines.

Also we can specifically configure it :

< VirtualHost ipv4_address:80 ipv6_address:80 >

It is possible to have different contents for ipv4 and ipv6 sites, just create two different virtual hosts with different document root one for IPv4 and other for IPv6.

< VirtualHost ipv4_address:80 >
DocumentRoot /home/123/
< /VirtualHost >
< VirtualHost ipv6_address:80 >
DocumentRoot /home/456/
< /VirtualHost >

./arun

IPV6 Tunnel from MAC/Linux

It is really easy to establish an ipv6 network tunnel from your machine directly. Make your network/system/services IPv6 ready 🙂

Create a ipv6 regular tunnel from any connection brokers: List of IPV6 tunnel brokers

I have used Hurricane Electric which is free tunnel broker.
Tunnel Broker

With the tunnel broker, you can create a tunnel by specifying your public ipv4 address in their website.

Once the tunnel is created with tunnel broker, Configure your machine with required interfaces , tunnel and routing.

    For MAC OS X:

1) Configure tunnel
$ sudo ifconfig gif0 tunnel host_ip tunnel_broker_ipv4_ip

If you are behind a natd network specify your machine private address as host_ip, otherwise mention the current public ip assigned to your machine. If you are behind a nat’d network make sure that protocol 41 is allowed in the nat’d device.
eg:
$ sudo ifconfig gif0 tunnel 192.168.1.2 216.66.xxx.xxx

2) Setup the tunnel end points

$ sudo ifconfig gif0 inet6 host_ipv6_address tunnel_broker_ipv6_address prefixlen 128

Both these ipv6 addresses are assigned by the tunnel broker.
eg:
$ sudo ifconfig gif0 inet6 2001:470:xxxx:xxxx::2 2001:470:xxxx:xxxx::1 prefixlen 128

3) Add the default route for ipv6 traffic
$ sudo route -n add -inet6 default tunnel_broker_ipv6_address

eg:
$ sudo route -n add -inet6 default 2001:470:xxxx:xxxx::1

Now you should be able to access the ipv6 networks 🙂

Incase of any issues, just make sure that ipv6 is enabled on the interface using:

$ sudo ip6 -x gif0

Test your ip6 connectivity:


$ ping6 ipv6.google.com
$ telnet ipv6.google.com 80

    For Linux:

The procedure is exactly same on linux as well:

Make sure that the ipv6 module is present in the kernel:

$ sudo modprobe ipv6

Create the tunnel
$ sudo ip tunnel add he-ipv6 mode sit remote 216.66.xx.xx local 192.168.1.2 ttl 255
* use the public ip if it is directly assigned to your machine

Activate the tunnel
$ sudo ip link set he-ipv6 up

Assign ip address to interface:

$ sudo ip addr add 2001:470:xxxx:xxxx::2/64 dev he-ipv6

Add default route for ipv6:

$ sudo ip route add ::/0 dev he-ipv6

Add protocol family identifer:

$ sudo ip -f inet6 addr

./arun

IPv6 and Linux

It is straight forward to enable IPv6 on any linux system, since the latest kernel support it very well. This document is more relevant for Redhat linux but the idea is same for all.

Make sure the ipv6 support is not disabled in kernel
Comment out the following line in /etc/modprobe.conf if existing.

#alias ipv6 off
#alias net-pf-10 off

Enable IPv6 networking:
edit /etc/sysconfig/network

NETWORKING_IPV6=yes

Configure the IPv6 address:
edit /etc/sysconfig/network-scripts/ifcfg-eth0 (or bond0 for bond interfaces, ipv6 works as expected with bond interface as well)

IPV6INIT=yes
IPV6ADDR=
IPV6ADDR_SECONDARIES=
IPV6_DEFAULTGW=
IPV6_AUTOCONF=yes/no

Just restart network and you will be able to see the IPv6 address.

Incase if the ipv6 module doesnt exist in kernel, just do a modprobe:
# modprobe -a ipv6

Almost all softwares in linux works with IPv6,

For apache add the listen address to ipv6 address and enable name virtual host for ipv6 address if required.

You can test your ipv6 connectivity by:
$ ping6 ipv6.google.com

./arun