http://ipv6test.google.com/
Apache IPv6 Configuration: Dual Stacked IPv4 & IPv6 Virtual Hosts
How do I configure Apache IPv6 networking under UNIX / Linux / BSD operating systems? How do I configure httpd IPv6 and IPv4 under RHEL / CentOS / Fedora / Debian / Ubuntu Linux?
You need to update httpd.conf file with the Listen directive. It instructs Apache to listen to only specific IPv4 and IPv6 addresses or ports. By default it responds to requests on all IP interfaces including IPv4 and IPv6 addresses. Our sample setup is as follows:
- cyberciti.biz has address 74.86.48.99
- cyberciti.biz has IPv6 address 2607:f0d0:1002:11::4
httpd.conf configuration remains same under UNIX / BSD and Linux operating systems.
Linux Apache IPv6 Configuration
Open httpd.conf, enter:
# vi httpd.conf
To make the server accept connections on 74.86.48.99 and port 80, use:
Listen 74.86.48.99:80
IPv6 addresses must be surrounded in square brackets and port 80, use
Listen [2607:f0d0:1002:11::4]:80
Save and close the file. Restart / reload Apache:
# service httpd restart
Verify Apache Is Working In Dual Stack Mode
Use netstat command as follows:
# netstat -tulpn | grep :80
Sample Outputs:
tcp 0 0 74.86.48.99:80 0.0.0.0:* LISTEN 4473/httpd tcp 0 0 2607:f0d0:1002:11::4:80 :::* LISTEN 4473/httpd
Configure iptables to Allow Access to the Web Server Via IPv6
The default Ip6tables configuration does not allow inbound access to the HTTP (80) and HTTPS (443) ports used by the web server. This modification allows that access, while keeping other ports on the server in their default protected state. Edit /etc/sysconfig/ip6tables (IPv6 firewall configuration file under CentOS / RHEL / Fedora).
# vi /etc/sysconfig/ip6tables
Add the following lines, ensuring that they appear before the final LOG and DROP lines for the RH-Firewall-1-INPUT chain:
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 80 -j ACCEPT
Add the following if you have configured HTTPS port:
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 443 -j ACCEPT
Save and close the file. Restart firewall, enter:
# service ip6tables restart
Dual Stacked IPv4 and IPv6 Virtual Hosts Configurations
You need to update httpd.conf as follows for dual stacked httpd virtual hosting:
#IPv4 configuration <VirtualHost 74.86.48.99> ServerAdmin webmaster@cyberciti.com DocumentRoot /home/httpd/cyberciti.biz/http ServerName cyberciti.biz ServerAlias www.cyberciti.biz ErrorLog logs/cyberciti.biz-error_log TransferLog logs/cyberciti.biz-access_log ErrorLog "/home/httpd/cyberciti.biz/logs/error.log" CustomLog "/home/httpd/cyberciti.biz/logs/access.log" common ScriptAlias /cgi-bin/ "/home/httpd/cyberciti.biz/cgi-bin/" # For php5 fastcgi add +ExecCGI <Directory "/home/httpd/cyberciti.biz/http"> Options -Indexes FollowSymLinks +ExecCGI AllowOverride AuthConfig FileInfo AddHandler php5-fastcgi .php Action php5-fastcgi /cgi-bin/php.fcgi Order allow,deny Allow from all </Directory> # Default cgi-bin perms <Directory "/home/httpd/cyberciti.biz/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> </VirtualHost> # Ipv6 config, note down log files <VirtualHost [2607:f0d0:1002:11::4]> ServerAdmin webmaster@cyberciti.com DocumentRoot /home/httpd/cyberciti.biz/http ServerName cyberciti.biz ServerAlias www.cyberciti.biz ErrorLog logs/cyberciti.biz-error_log TransferLog logs/cyberciti.biz-access_log ErrorLog "/home/httpd/cyberciti.biz/logs/ipv6.error.log" CustomLog "/home/httpd/cyberciti.biz/logs/ipv6.access.log" common ScriptAlias /cgi-bin/ "/home/httpd/cyberciti.biz/cgi-bin/" # For php5 fastcgi add +ExecCGI <Directory "/home/httpd/cyberciti.biz/http"> Options -Indexes FollowSymLinks +ExecCGI AllowOverride AuthConfig FileInfo AddHandler php5-fastcgi .php Action php5-fastcgi /cgi-bin/php.fcgi Order allow,deny Allow from all </Directory> # Default cgi-bin perms <Directory "/home/httpd/cyberciti.biz/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> </VirtualHost>
Save and close the file. Restart Apache web server:
# service httpd restart
A Note About BSD PF Firewall
You need to update /etc/pf.conf as follows under OpenBSD / FreeBSD operating systems:
# define Ipv6 ips apache_ipv6 = "{ 2607:f0d0:1002:11::4 }" # Open port 80 pass in on $ext_if inet6 proto tcp from any to $apache_ipv6 port http keep state # Open port 443 pass in on $ext_if inet6 proto tcp from any to $apache_ipv6 port https keep state
Save and close the file. Reload pf firewall:
# /etc/rc.d/pf reload
OR
# /sbin/pfctl -nf /etc/pf.conf && /sbin/pfctl -f /etc/pf.conf
Additional Resources
Further resources should be consulted for more extensive configuration guidance, especially if particular applications need to be secured:
http://www.cyberciti.biz/faq/ipv6-apache-configuration-tutorial/
IPv6 sub-interfaces on Centos
This issue is solved of IPv6 sub-interfaces with adding multi IP addresses on the eth0 interfaces network script to be like the below:
#Intel Corporation 82576 Gigabit Network Connection
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:26:55:80:d0:ec
ONBOOT=yes
TYPE=Ethernet
NETMASK=255.255.255.240
IPADDR=8*.*35.*.**
GATEWAY=8*.*35.*.**
IPV6INIT=yes
IPV6ADDR=2001:16a0:*:*::11
IPV6_DEFAULTGW=2001:16a0:3:1::1
IPV6ADDR_SECONDARIES=”2001:16a0:*:*::12 \
2001:16a0:*:*::13 \
2001:16a0:*:*::14 \
2001:16a0:*:*::15 \
2001:16a0:*:*::16 \
2001:16a0:*:*::17 \
2001:16a0:*:*::18 \
2001:16a0:*:*::19 \
2001:16a0:*:*::20 \
2001:16a0:*:*::21″
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=37125&forum=58