So today I finally allocated some time to enable IPv6 for the forum. I did this via HE tunnel broker free service (IPv6 /64 in ipv4 tunnel).
Since I chose to enable IPv6 in packet-mode on the SRX (packets are forwarded without security inspection), the server needed some security hardening: disable all daemons on IPv6, except for web server.
Few useful notes:
1. Use following
lsof commands to check your IPv6 running daemons:
-
lsof -i 6 shows all IPv6 enabled services (UDP + TCP)
-
lsof -i 6TCP shows all IPv6 enabled services only TCP. Change this to UDP
2. NTPD should be started with "-4" argument (check
http://forum.ivorde.ro/how-to-force-ntp-in-debian-ubuntu-to-synchronize-to-ipv4-servers-not-ipv6-default-w-both-proto-t18741.html)
3. rsyslogd should be started with "-4" argument to disable IPv6.
All other daemons should be disabled from listening IPv6 (bind: listen-on-v6 { none; };).
More notes coming as I discover more things.
So today I finally allocated some time to enable IPv6 for the forum. I did this via HE tunnel broker free service (IPv6 /64 in ipv4 tunnel).
Since I chose to enable IPv6 in packet-mode on the SRX (packets are forwarded without security inspection), the server needed some security hardening: disable all daemons on IPv6, except for web server.
Few useful notes:
1. Use following [b][i]lsof[/i][/b] commands to check your IPv6 running daemons:
- [b]lsof -i 6[/b] shows all IPv6 enabled services (UDP + TCP)
- [b]lsof -i 6TCP[/b] shows all IPv6 enabled services only TCP. Change this to UDP
2. NTPD should be started with "-4" argument (check [url]http://forum.ivorde.ro/how-to-force-ntp-in-debian-ubuntu-to-synchronize-to-ipv4-servers-not-ipv6-default-w-both-proto-t18741.html[/url])
3. rsyslogd should be started with "-4" argument to disable IPv6.
All other daemons should be disabled from listening IPv6 (bind: listen-on-v6 { none; };).
More notes coming as I discover more things.
News 
Site map 
SitemapIndex 
RSS Feed 