Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Sat Nov 18, 2017 4:21 pm


Firewals, computer, server and network security, kernel and applications security of FreeBSD/Linux/AIX systems.

Author Message
mandrei99
Post  Post subject: IPv6 enablement for Ivorde.ro  |  Posted: Wed Jun 18, 2014 11:17 am

Joined: Tue Aug 04, 2009 9:16 am
Posts: 245

Offline
 

IPv6 enablement for Ivorde.ro

So today I finally allocated some time to enable IPv6 for the forum. I did this via HE tunnel broker free service (IPv6 /64 in ipv4 tunnel).

Since I chose to enable IPv6 in packet-mode on the SRX (packets are forwarded without security inspection), the server needed some security hardening: disable all daemons on IPv6, except for web server.

Few useful notes:
1. Use following lsof commands to check your IPv6 running daemons:
- lsof -i 6 shows all IPv6 enabled services (UDP + TCP)
- lsof -i 6TCP shows all IPv6 enabled services only TCP. Change this to UDP
2. NTPD should be started with "-4" argument (check http://forum.ivorde.ro/how-to-force-ntp-in-debian-ubuntu-to-synchronize-to-ipv4-servers-not-ipv6-default-w-both-proto-t18741.html)
3. rsyslogd should be started with "-4" argument to disable IPv6.

All other daemons should be disabled from listening IPv6 (bind: listen-on-v6 { none; };).


More notes coming as I discover more things.





Top
Display posts from previous:  Sort by  
E-mail friendPrint view
Who is online
Users browsing this forum: No registered users and 1 guest
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO