Supporting IPv6 on a Linux Server Node
There are several optional utilities that you can install on your system that extend their support for IPv6. For the purpose of this article we mention only three packages: libpcap, tcpdump and xinetd.
If you need to understand what is happening at the packet level of your IPv6 network/connection, you need to have IPv6 with libpcap and tcpdump. libpcap is a system-independent interface for user-level packet capture that provides a portable framework for low-level network monitoring. On the other hand, tcpdump is a tool that provides network monitoring and data acquisition.
If you want these functionalities, you need to download the latest versions and install them on your system. The versions we tested were tcpdump 3.6.2 and libpcap 0.6.2. First, download the packages from www.tcpdump.org and move them to /usr/src. Then unpack them with:
tar -xzf libpcap-0.6.2.tar.gz tar -xzf tcpdump-3.6.2.tar.gz
After unpacking, you will have two directories, one for each package. Next, you need to follow these steps for each package; however, you need to apply them first to libpcap and then to tcpdump. First, run the configuration script while enabling IPv6:
./configure --enable-ipv6Then compile with make clean and make. Lastly, install the binaries with make install.
After following these steps, you need to adjust your path to include the new binaries that support IPv6. You also may want to edit /etc/profile and include /usr/local/sbin and /usr/local/bin within your PATH variable, and reload /etc/profile for the new changes to take effect:
If you want to be able to telnet6 to your system, you need to compile xinetd with inet6 support. Normally, the installed inetd dæmon isn't ready to handle IPv6 addresses. Therefore, you need to upgrade to xinetd. To download the latest version of xinetd go to synack.net/xinetd. Our setup was tested with xinetd-184.108.40.206p3.tar.gz.
Download xinetd-220.127.116.11p3.tar.gz (or latest) into /usr/src and unpack it with:
tar -xzf xinetd-18.104.22.168p3.tar.gz
Next, run the configuration script:
./configure --with-inet6 --prefix=/usr/local/binThe --prefix=/usr/local/bin is used to specify that the resulting binaries should go under /usr/local/bin. Then compile and install:
make clean make make installNext, you need to create a configuration file from your old inet.conf:
/usr/sbin/xconv.pl < /etc/inetd.conf > /etc/xinetd.confwhere /usr/sbin is the path to the xinetd executable.
As a side note, you need to make sure that in the xconv.pl script, the first line contains the right path to the Perl binary to be able to execute.
Next, you need do some very minor changes in /etc/xinetd.conf to reflect the usage of the telnet6d and tftp6d, instead of the usual IPv4 Telnet and TFTP dæmons. Having done that, you will be set to Telnet and FTP to your system over IPv6.
There is a wide range of applications that support IPv6. However, we are going to mention only one server application, the Apache web server. Apache is the most popular web server on the Internet (source: Netcraft.com). The latest beta release, Apache 2.0.16 beta, includes support for IPv6, which makes it a good application for testing your IPv6 setup. If you download the latest version of the Apache web server and install it on your system, you will be able to serve web pages over IPv6.
Figure 6 presents a screenshot of the Mozilla browser when trying to access “http://[::1], which is the IPv6 local loopback.
For your convenience, you may want to update /etc/hosts file to include:
::1 ip6-localhost ip6-localhost
Then, instead of using ::1, you can use ip6-localhost.
Don't forget to check the /etc/protocols. If the below-mentioned entries are not there, you need to append them for IPv6-protocol support:
ipv6 41 IPv6 # IPv6 ipv6-route 43 IPv6-Route # Routing Header for IPv6 ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6 ipv6-crypt 50 IPv6-Crypt # Encryption Header # for IPv6 ipv6-auth 51 IPv6-Auth # Authentication Header # for IPv6 ipv6-icmp 58 IPv6-ICMP icmpv6 icmp6M # ICMP for # IPv6 ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6 ipv6-opts 60 IPv6-Opts # Destination Options # for IPv6
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- The Humble Hacker?
- The Death of RoboVM
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide