An easy way to get IPv6 ready on the outside (IPv6 to IPv4 proxy)
Even now the time is getting closer and the world is really running out of IPv4 address space, still a lot of companies don’t spent time on getting ready for IPv6. While this lack of action can lead to a never ending discussion I instead give you a simple solution to get IPv6 ready (on the outside, especially the web) and gain some time for the LAN side.
The solution is really simple, there is even a chance you already make use of it in a certain way. A lot of companies use a reverse proxy to publish there websites to the internet. A reverse proxy is nothing else then a simple server which accept requests and gets the desired information for you from the appropriate webserver.
Below a simple example of a traditional IPv4 reverse proxy. The proxy accepts the requests from a client on the Internet and it is the reverse proxy which makes connection to the webserver(s), not the client!
Now there are two ways to make this solution IPv6 ready. We can make the reverse proxy dual stack, so it accepts IPv6 requests and on the inside it requests the webpages on IPv4, since the client is not talking to the webserver this will work without having the webservers IPv6 ready.
Unfortunately this will only work if your provider can give you an IPv6 connection* and not every provider is done or even started with the IPv6 implementation/transition. So another way could be, request another internet connection which is IPv6 capable and place a reverse proxy on this connection. This reverse proxy can do the requests on the already available IPv4 reverse proxy. This solution is off course a bit dirty but if you have customers in areas which already ran out of IPv4 addresses this can give you some time. (Besides you can also place this server in a hosting environment across the world) Below you see both solutions.
* This will also work if you have other solutions to get connected to the IPv6 Internet, like tunneling.
Below I will explain how you can accomplishes this with Ubuntu server and Apache as reverse proxy. Of course you can take any other reverse proxy or OS as long as it is IPv6 capable. Unfortunately for the Microsoft guys, MS ISA and TMG don’t support IPv6 reverse proxying at this moment!
So let’s start, first off all, get your copy of Ubuntu Server (11.04) at http://www.ubuntu.com and install it. You can install it without selecting extra functionalities.
When the installation is done, we first give the server a static IP address, so it is save to bind DNS names to the IP address.
sudo nano /etc/network/interfaces
Below you see an example of how it could look like.
iface eth0 inet static
iface eth0 inet6 static
pre-up modprobe ipv6
Now restart the network connection, so the new settings are loaded.
sudo /etc/init.d/networking restart
Now we need to install Apache and enable the proxy module(s).
sudo aptitude install apache2
sudo a2enmod proxy proxy_http
We disable the default website and we are going to create our own configuration.
sudo a2dissite default
sudo nano /etc/apache2/sites-enabled/000-rep
Let’s create a (minimal) rule which listens to a certain hostname and requests the appropriate site.
Now you need to create a quadruple A record (AAAA) for ipv6.yourdomain.com which points to your IPv6 address, in this example it would be 2001:DB8::1
Before we can test, we need to restart the Apache service, so the settings are loaded.
sudo /etc/init.d/apache2 restart
Now test it, of course on a IPv6 enabled machine
If everything is working fine, you can change the ServerName to www.yourdomain.com and add a AAAA record for it. (If you prefer you can also ad ServerAlias).