Home > IPv6, Linux, Network > An easy way to get IPv6 ready on the outside (IPv6 to IPv4 proxy)

An easy way to get IPv6 ready on the outside (IPv6 to IPv4 proxy)

Even now the time is getting closer and the world is really running out of IPv4 address space, still a lot of companies don’t spent time on getting ready for IPv6. While this lack of action can lead to a never ending discussion I instead give you a simple solution to get IPv6 ready (on the outside, especially the web) and gain some time for the LAN side.

The solution is really simple, there is even a chance you already make use of it in a certain way. A lot of companies use a reverse proxy to publish there websites to the internet. A reverse proxy is nothing else then a simple server which accept requests and gets the desired information for you from the appropriate webserver.

Below a simple example of a traditional IPv4 reverse proxy. The proxy accepts the requests from a client on the Internet and it is the reverse proxy which makes connection to the webserver(s), not the client!

image

Now there are two ways to make this solution IPv6 ready. We can make the reverse proxy dual stack, so it accepts IPv6 requests and on the inside it requests the webpages on IPv4, since the client is not talking to the webserver this will work without having the webservers IPv6 ready.

Unfortunately this will only work if your provider can give you an IPv6 connection* and not every provider is done or even started with the IPv6 implementation/transition. So another way could be, request another internet connection which is IPv6 capable and place a reverse proxy on this connection. This reverse proxy can do the requests on the already available IPv4 reverse proxy. This solution is off course a bit dirty but if you have customers in areas which already ran out of IPv4 addresses this can give you some time. (Besides you can also place this server in a hosting environment across the world) Below you see both solutions.

image image

* This will also work if you have other solutions to get connected to the IPv6 Internet, like tunneling.

Below I will explain how you can accomplishes this with Ubuntu server and Apache as reverse proxy. Of course you can take any other reverse proxy or OS as long as it is IPv6 capable. Unfortunately for the Microsoft guys, MS ISA and TMG don’t support IPv6 reverse proxying at this moment!

So let’s start, first off all, get your copy of Ubuntu Server (11.04) at http://www.ubuntu.com and install it. You can install it without selecting extra functionalities.

When the installation is done, we first give the server a static IP address, so it is save to bind DNS names to the IP address.

Open /etc/network/interfaces

sudo nano /etc/network/interfaces

Below you see an example of how it could look like.

iface eth0 inet static
address 192.168.1.1
netmask 255.255.255.0
gateway 192.168.1.254

iface eth0 inet6 static
pre-up modprobe ipv6
address 2001:DB8::1
netmask 64
gateway 2001:DB8::254

Now restart the network connection, so the new settings are loaded.

sudo /etc/init.d/networking restart

Now we need to install Apache and enable the proxy module(s).

sudo aptitude install apache2

sudo a2enmod proxy proxy_http

We disable the default website and we are going to create our own configuration.

sudo a2dissite default

sudo nano /etc/apache2/sites-enabled/000-rep

Let’s create a (minimal) rule which listens to a certain hostname and requests the appropriate site.

<VirtualHost *:80>
ServerName ipv6.yourdomain.com

ProxyRequests Off
ProxyPass / http://www.yourdomain.com/
ProxyPassReverse / http://www.yourdomain.com/
</VirtualHost>

Now you need to create a quadruple A record (AAAA) for ipv6.yourdomain.com which points to your IPv6 address, in this example it would be 2001:DB8::1

Before we can test, we need to restart the Apache service, so the settings are loaded.

sudo /etc/init.d/apache2 restart

Now test it, of course on a IPv6 enabled machine :-)

If everything is working fine, you can change the ServerName to www.yourdomain.com and add a AAAA record for it. (If you prefer you can also ad ServerAlias).

Categories: IPv6, Linux, Network Tags:
  1. jd
    May 20th, 2011 at 14:06 | #1

    > (Besides you can also place this server in a hosting environment across the world)

    Please don’t do this. If you can’t provide IPv6 from the same location as your IPv4 connectivity, then don’t do it at all. You’re just adding more latency and more points of failure. Even an ISP that has to NAT their customers will probably have a better path to your servers than doing something like that.

  2. May 20th, 2011 at 15:59 | #2

    @jd
    Definately true and I don’t want to encourage this, but I can imagine that it is difficult to get IPv6 connectivity, cause in my opinion most ISP’s (and maybe only overhere) just started to late with IPv6 implementation. I don’t believe in (free) tunneling or othere mechanism, which cause single points with lots of data and chances of failures. So if you really in need to publish your sites, then I think this could be solution, but it stays dirty and not fancy at all.

    The best way definately is just get native IPv6 in a dual stack solution and then the above example is in my opinion a good way to publish your websites over IPv6.

  3. AdminLin
    December 29th, 2013 at 09:56 | #3

    Great write up!

    I took your advice and attempted this on my apache config in RHEL 6.5 but when I tried to connect to the IPv6 website, it will connect to the right IPV4 website but it will not load the images properly. It only shows the links on the page. It does not show any of the javascript, any of the CSS, any of the images. How do I fix this?

    I placed this in the httpd.conf file:

    ServerName ipv6.yourdomain.com

    ProxyRequests Off
    ProxyPass / http://www.yourdomain.com/
    ProxyPassReverse / http://www.yourdomain.com/

    I used my own FQDNs for the IPV4 and IPV6 FQDNs.

    What am I missing in the code that is causing the images, CSS, and javascript to not display/run at all?

    Thanks!

  1. No trackbacks yet.