LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-19-2016, 01:47 PM   #1
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,056

Rep: Reputation: 78
How to make my website reachable via IPV6?


I got a complaint from a collaborator today that he cannot reach our website from his ipv6 address.

I sniffed around a bit and found recommendations for getting one's site up for IPV6 visitors. Unfortunately it's not very detailed in certain respects. I checked and apparently my website has no AAAA dns record. I figured this is fairly easily done but, unfortunately, I have no idea what my server's public IPV6 address might be. If I login to this ubuntu machine (hosted via Amazon EC2) via ssh and type ifconfig then I get this output:
Code:
eth0      Link encap:Ethernet  HWaddr 11:22:33:44:55:66  
          inet addr:10.x.x.x  Bcast:10.x.x.255  Mask:255.255.255.x
          inet6 addr: fe80::2000:xxx:xxxx:xxxx/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:386547248 errors:0 dropped:0 overruns:0 frame:0
          TX packets:297080927 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:262840761379 (262.8 GB)  TX bytes:138099117346 (138.0 GB)
The addresses have been redacted to protect the innocent.

Is that inet6 addr my server's public address? Should this one be added as an AAAA record for my server?
 
Old 02-19-2016, 02:07 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
This is up to your provider to provide and tell you. You will have to consult Amazon's documentation and/or support.
By the way, both IPs in that output are private (so no, that inet6 address is not what you want). Even if you did not block them out, bad actors could to little to nothing with them.
 
Old 02-19-2016, 02:21 PM   #3
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,056

Original Poster
Rep: Reputation: 78
EDIT: thank you for your response!

Quote:
Originally Posted by AlucardZero View Post
This is up to your provider to provide and tell you. You will have to consult Amazon's documentation and/or support.
UGH. I was afraid someone would say that. Apparently IPV6 transport for EC2 instances is still not supported? Unfortunately, I'm not entirely sure because it's nearly impossible to get real help for AWS:
https://forums.aws.amazon.com/thread...ssageID=536049

Quote:
Originally Posted by AlucardZero View Post
By the way, both IPs in that output are private (so no, that inet6 address is not what you want). Even if you did not block them out, bad actors could to little to nothing with them.
I can't help but wonder if that's actually the case. Wouldn't these "private" IP addresses be accessible by other EC2 instances running on the same network?

EDIT: How is it clear that fe80::2000:xxx:xxxx:xxxx/64 is a "private" address? I'm vaguely familiar with how 192.x.x.x and 10.x.x.x are reserved for local subnets, but my understanding of IPV6 is quite limited.

Last edited by sneakyimp; 02-19-2016 at 02:28 PM.
 
Old 02-19-2016, 03:27 PM   #4
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
Yes, depending on Amazon's exact setup (thus the "little")
The IP being in fe80::/10 and saying "Scope:Link" means it is link-local: https://en.wikipedia.org/wiki/Link-local_address#IPv6
 
Old 02-19-2016, 06:10 PM   #5
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,056

Original Poster
Rep: Reputation: 78
Thanks for the detail.

I'm starting to think this is not going to work. While I might be able to set up IPV6 transport for http/https traffic using an elastic load balancer, I'm wondering if I'll be able to set up IPV6 transport for SSH access to my server.
 
Old 02-22-2016, 12:32 PM   #6
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,056

Original Poster
Rep: Reputation: 78
Soooooo it looks like the recommended workaround of setting up an Elastic Load Balancer (ELB) will not work in my case. It certainly allows one to route HTTP/HTTPS traffic to one's EC2 instances but it won't let you route port 22 for SSH. One still needs IPV4 transport to connection to one's EC2 instance to make changes (e.g., upload website files). Trying to set up a 'listener' for port 22 results in this error: EC2-Classic load balancer port must be 25, 80, 443, 465, 587 or 1024 to 65535 inclusive.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: 8 reasons to make the switch to IPv6 LXer Syndicated Linux News 0 01-21-2016 09:10 PM
Cannot connect to ipv6 website with ipv6 address superweijiafeng Linux - Networking 3 07-08-2014 03:55 PM
Why ipv6 route are deleted while interface make down and up ukkreddy Linux - Enterprise 1 05-25-2012 08:56 AM
IPv4 -IPv6 How can LU make the transition? What can they do? xologist Linux - Networking 1 09-21-2010 10:24 AM
[SOLVED] How to make practical use of link scope IPv6 addresses? Dulcinea Linux - Networking 3 06-24-2010 09:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration