Archive

Archive for the ‘IPv6’ Category

How do I test my IPv6 capable mailserver? II

June 26th, 2012 No comments

Now you have IPv6 enabled on your mail server but you don’t know any email address what is actually IPv6 enabled as well?

Here are two – what I just tested:

  • ipv6@test-ipv6.veznat.com
  • bouncer@freenet6.net
  • my own… hehe.

Both are sending back the mail headers and the first one also shows you DNS info for the return path.

Categories: IPv6 Tags:

How do I test my IPv6 capable mailserver?

August 9th, 2011 No comments

Just a quick tip: You have Postfix running and want to enable IPv6 for your email as well? After quite some playing around I finally got it right:

inet_interfaces = 127.0.0.1, 94.229.77.82, 2a01:348:6:315::2, ::1
inet_protocols = ipv4, ipv6

This makes Postfix listen only where you actually need it to – I dont like daemons listening on interfaces where they are not serving any requests.

How do I test IPv6 enabled mail?

Just go to here and off you go. Dont forget to put a fancy text in there what you can show off with… *g

Categories: IPv6 Tags:

Dedicated IPv6 gateway – way to go deploying IPv6

April 16th, 2011 No comments

m0n0wall is a good product for running a firewall/gateway on an embedded device. It is based on BSD, very slick and reliable. I was using it a couple of years back, but unfortunately my hardware didnt had wireless integrated, so I had to give it up and get a WRT54GL – running OpenWRT of course.

Until now my IPv6 endpoint was this OpenWRT router, unfortunately it didnt had a full IPv6 firewall integrated – I never seriously tried the 2.6 branch of it, but this would support a proper ip6tables firewall.

When m0n0wall announced version 1.33 there was this “major ipv6 improvements” and I just couldnt resist to try it. The phoneline (not cable unfortunately) is connected to my ISP’s router which is then connected to my OpenWRT wireless router. I really didnt want to put the m0n0wall router (ie. “ipv6 router”) in line, so I decided to install it parallel to the OpenWRT router. The internal port of m0n0wall is connected to the switch on the OpenWRT router and the external to the ISP’s router.

Configuring IPv6 with a Hurricane Electric tunnel was easy going – the only problem I had was that I did not realized IPv6 was already enabled. I misinterpreted the interface configuration details of m0n0wall and expected to see some tunnel information (tunnel-endpoint information). I was wondering why the m0n0wall was always complaining about a duplicate IPv6 (nifty feature!) but then I saw that the same IPv6 was configured on the OpenWRT.

Removing then IPv6 completely from the OpenWRT and rebooting the m0n0wall box did the trick then – voila, IPv6 through a dedicated IPv6 only gateway works like a charm.

Thinking about it, this would be actually a good way to implement IPv6 in the business/enterprise, as this wouldnt cause any downtime, as long you ensure that your resolver doesnt give out IPv6 addresses *g.

Categories: IPv6 Tags:

Enabling IPv6 privacy on an Ubuntu box

April 16th, 2011 No comments

It was bugging me a bit that my (internal) IPv6 address was a static one, ie. it is forever and ever the same, unlike a dynamic DSL IP. I heard/read somewhere about “IPv6 Privacy Extensions” are dealing with this issue, so I looked into this.

I originally thought – without having read something about it – that the gateway/router (ie. the Router Advertisment Daemon or RAD) has to support this feature, it made kinda sense, as this one is responsible for assigning IPv6 addresses in an IPv6 network. But I was wrong.

I came back to it with this article (in German) how to enable the Privacy Extensions and I learnt very quickly that it is actually the client where this has to be enabled. So on Linux by doing a

net.ipv6.conf.IF.use_tempaddr = 2

in /etc/sysctl.conf whereby “IF” equals the interface name (most likely eth0 or wlan0) followed by a

sysctl -p

enables this for now and makes it even permanent. To enable this actually, you need to shutdown your interface and enable it again, this is the only way how to get a temporary interface. By setting

net.ipv6.conf.IF.temp_valid_lft

and

net.ipv6.conf.IF.temp_prefered_lft

lets you define how long these temporary addresses are valid. After getting a temporary address, have a look at

ip -6 addr  show

and you should see a line with “scope global temporary dynamic” in it… Thats it! Well done!

You can find more information in the RFC 4941.

PS: I am aware that right now IPv6 Privacy Extensions dont make a big difference as everybody has its own routed /64 range anyway.

Categories: IPv6 Tags:

Make your IPv6 accessible website known out there

January 28th, 2011 No comments

Dont forget, make your website accessible via IPv6 and submit them here:

It might be worth considering to make your already IPv6 enabled website accessible only via IPv6 on the World IPv6 day… join me in!

Categories: IPv6 Tags: