Links: IPv6 Traceroute Server IPv6 VPS Providers IPv6 Dedicated Providers IPv6 Accessible Websites

IPv6 VPS hosting

How to set up an IPv4/IPv6 accessible website

I found there wasn't much documentation about setting up an IPv4/IPv6 accessible website so I thought it couldn't hurt to post my experiences thus far. I just put up an IPv4/IPv6 traceroute server at www.4or6.com, so this will describe the steps I took to set this site up.


1. Search for a VPS provider that offers IPv6

I chose to use a VPS (Virtual Private Server) instead of a dedicated one mostly because its MUCH cheaper. Typical web hosting can be even cheaper, but they do not allow for root access which I will need to run commands like traceroute and other fun stuff.

Most of my searching consisted of google searches such as "ipv6 vps hosting in <a location>". I happen to be in the Los Angeles area, so when I typed that in, I stumbled across ARPNetworks which is the provider I am currently using for this site. I am happy about ARPNetworks for a couple of reasons:
  • its only $10/month
  • IPv6 was all setup when I logged in
  • their customer support is quick

    Feel free to try and search for a provider near you below or you can browse through my
    VPS PROVIDER LIST.

    Search for VPS providers offering IPv6 in your area:
    (Add your area/country to the query and click search)

    Please add any provider you discover to my list.

    2. Register a domain name

    You will need a domain name so that people will be able to reach your website by typing in a name (instead of an IP address) in the browser. The registration process can take some time (up to 24 hours) so you will want to do this ASAP. It can also take a while just to find an available domain name that you actually want.

    I purchased my domain through GoDaddy.com and was able to get the domain name 4or6.com.
    I would recommend purchasing private domain registration which makes your personal information unavailable to the public. It costs an extra $9/year but I think its worth it.
    In total, registering one domain name with domain privacy cost me $12 for the first year.

    3. Login to VPS and install required packages

    Once you have received login information from your VPS provider, its time to try logging in.

  • The login information should at least include the IP address of the VPS, the username, password, root username, and root password.

  • I had to use SSH to login to my VPS. My home computer is a Windows XP machine, so I installed putty.

  • When running putty, you will use the IP address as the "Host Name". When the terminal opens, you will need to enter your non-root username and password.

  • First thing you will want to do is to update your password as follows:
    prompt# passwd
    Enter new UNIX password: <type new password here>
    Retype new UNIX password: <type new password here>
    

  • Then you will want to login as root as follows:
    prompt# su
    Password: <type root password here>
    

  • My VPS server happens to run Ubuntu, so I used apt-get to install the minimum necessary packages as follows:
    prompt# apt-get install traceroute	//for doing traceroutes
    prompt# apt-get install dnsutils	//for doing dig (dns query)
    prompt# apt-get install whois		//for doing whois registry lookup
    prompt# apt-get install apache2		//for running webserver
    prompt# apt-get install iptables	//for firewalling
    prompt# apt-get install ufw		//for firewalling (uncomplicated firewall)
    prompt# apt-get install nmap		//for port scanner checking firewall
    prompt# apt-get install php5		//for creating traceroute server 
    prompt# apt-get install php5-cgi	//for creating traceroute server
    



    4. Check IPv4 and IPv6 connectivity and reachability

    Here is a list of things you can do to make sure you up and running and most importantly, reachable from the outside world.

  • Check IPv4 and IPv6 address information:
    prompt# ifconfig
    
    Look for the lines starting with "inet addr" and "inet6 addr" (most likely under eth0). These lines contain your IPv4 and IPv6 address information. If you don't have both these lines, you are not running both IPv4 and IPv6. An example of this server's info is below:
    inet addr:208.79.89.234  Bcast:208.79.89.235  Mask:255.255.255.252
    inet6 addr: 2607:f2f8:1600::2/48 Scope:Global
    

  • Check that we can reach IPv4 addresses by doing a traceroute in IPv4 from me to Hurricaine Electric:
    prompt# traceroute he.net
    
    traceroute to he.net (216.218.186.2), 30 hops max, 60 byte packets
     1  208.79.89.233 (208.79.89.233)  1.248 ms  1.623 ms  1.863 ms
     2  he.net.crgwest.com (206.223.143.122)  0.588 ms  0.657 ms  0.720 ms
     3  10gigabitethernet2-1.core1.lax1.he.net (72.52.92.121)  0.590 ms  0.693 ms  0.727 ms
     4  10gigabitethernet1-3.core1.pao1.he.net (72.52.92.21)  8.928 ms  8.983 ms  9.079 ms
     5  10gigabitethernet1-2.core1.fmt1.he.net (66.160.158.241)  15.294 ms  15.638 ms  15.843 ms
     6  he.net (216.218.186.2)  9.395 ms  9.561 ms  9.466 ms
    

  • Check that we can reach IPv6 addresses by doing a traceroute in IPv6 from me to Hurricaine Electric:
    prompt# traceroute -6 he.net
    
    traceroute to he.net (2001:470:0:76::2), 30 hops max, 80 byte packets
     1  2607:f2f8:1600::1 (2607:f2f8:1600::1)  0.799 ms  0.770 ms  0.962 ms
     2  2001:504:13::1a (2001:504:13::1a)  1.242 ms  1.237 ms  1.319 ms
     3  10gigabitethernet2-1.core1.lax1.he.net (2001:470:0:72::1)  1.208 ms  1.288 ms  1.282 ms
     4  10gigabitethernet1-3.core1.pao1.he.net (2001:470:0:34::1)  11.442 ms  11.592 ms  11.812 ms
     5  10gigabitethernet1-2.core1.fmt1.he.net (2001:470:0:2e::1)  10.064 ms  10.222 ms  10.205 ms
     6  he.net (2001:470:0:76::2)  10.008 ms  9.968 ms  9.950 ms
    

  • Check that your domain name is associated properly with your IPv4 and IPv6 addresses using a series of dig commands.
    prompt# dig +short -x 208.79.89.234
    4or6.com.
    prompt# dig +short -x 2607:f2f8:1600::2
    4or6.com.
    prompt# dig +short 4or6.com
    208.79.89.234
    prompt# dig +short 4or6.com AAAA
    2607:f2f8:1600::2
    

  • Check that we can be reached in IPv4. Find a traceroute server such as lg.he.net or mine and enter your domain name as the destination.
    Here is a result of a traceroute from Hurricaine Electric to 4or6.com in IPv4:
    Tracing the route to IP node  from 1 to 30 hops
      1     1 ms   <1 ms   <1 ms 66.160.158.242
      2    20 ms    9 ms   15 ms 72.52.92.22
      3    10 ms   14 ms   10 ms 72.52.92.122
      4    14 ms   11 ms   14 ms 206.223.143.166
      5    10 ms   14 ms   10 ms 208.79.89.234
    

  • Check that we can be reached in IPv6. Find a traceroute server capable of IPv6 such as lg.he.net or mine and enter your domain name as the destination.
    Here is a result of a traceroute from Hurricaine Electric to 4or6.com in IPv6:
    Tracing the route to IPv6 node 4or6.com from 1 to 30 hops
      1     8 ms   13 ms   11 ms 10gigabitethernet1-1.core1.pao1.he.net [2001:470:0:2e::2]
      2    25 ms    9 ms   19 ms 10gigabitethernet1-1.core1.lax1.he.net [2001:470:0:34::2]
      3    20 ms   10 ms   14 ms 10gigabitethernet1-3.core1.lax2.he.net [2001:470:0:72::2]
      4     9 ms   14 ms   10 ms 2001:504:13::6c
      5    15 ms   14 ms   10 ms 4or6.com [2607:f2f8:1600::2]
    


    5. Setup basic security

  • We need to activate IPv6 and make all default policies drop except for outgoing. Edit /etc/default/ufw as follows:
    IPv6=yes
    DEFAULT_INPUT_POLICY="DROP"
    DEFAULT_OUTPUT_POLICY="ACCEPT"
    DEFAULT_FORWARD_POLICY="DROP"
    DEFAULT_APPLICATION_POLICY="DROP"
    

  • Add rules for allowing access from your home computer through ssh and access from anyone over http (port 80/tcp). Then disable and then enable ufw to have changes take affect.
    prompt# ufw allow from <your home ip> to any port 22 proto tcp
    prompt# ufw allow 80/tcp
    prompt# ufw logging on
    prompt# ufw disable
    prompt# ufw enable
    

  • Check status of ufw to make sure that only 22 and 80 are open.
    prompt# ufw status
    
    Status: active
    To                         Action  From
    --                         ------  ----
    22/tcp                     ALLOW   <your home machine ip>
    80/tcp                     ALLOW   Anywhere
    80/tcp                     ALLOW   Anywhere (v6)
    

  • Double check your IPv4 firewall that only ssh and port 80 are open.
    prompt# nmap 208.79.89.234
    
    Starting Nmap 4.76 ( http://nmap.org ) at 2009-09-21 08:02 PDT
    Interesting ports on 4or6.com (208.79.89.234):
    Not shown: 998 closed ports
    PORT   STATE SERVICE
    22/tcp open  ssh
    80/tcp open  http
    

  • Double check your IPv6 firewall that only ssh and port 80 are open.
    prompt# nmap -6 2607:f2f8:1600::2
    
    Starting Nmap 4.76 ( http://nmap.org ) at 2009-09-21 08:02 PDT
    Interesting ports on 4or6.com (2607:f2f8:1600::2):
    Not shown: 998 closed ports
    PORT   STATE SERVICE
    22/tcp open  ssh
    80/tcp open  http
    


    6. Ready to create some content

    At this point, you should be ready to create your website.

  • If you would starter sample traceroute server in php, you can edit /var/www/index.php with the following code:
    <?php
    $ip = $_REQUEST["q"];
    print "	<form>
    	<input type=text name=q>
    	<input type=submit value=Submit>
    	</form>
    ";
    
    if (preg_match("/[^a-z0-9\.\:]+/", $ip)) {print "Invalid entry";}
    else if ($ip!="") {
    	print "<pre>";
    	print system("traceroute $ip");
    	print "</pre>";
    }
    ?>
    

  • Make sure that your apache2 server is configured and running:
    Edit /etc/apache2/apache2.conf by your domain name:
    ServerName "4or6.com"
    
    Then run the following command to restart the server:
    prompt# service apache2 restart
    


    7. View your webpage in IPv4 and IPv6

    It is finally time to take a look at your website. You will be using a browser from your home computer to make sure that your website is viewable through IPv4 and IPv6.

  • To check if your website is viewable through IPv4, enter the following url in your browser using your IPv4 server address:
    http://208.79.89.234
    

  • To check if your website is viewable through IPv6, enter the following url in your browser using your IPv6 server address:
    http://[2607:f2f8:1600::2]
    

  • If your home computer does not have IPv6 connectivity, the last url should not have worked. You can still test your website using an IPv4 to IPv6 website gateway such as
    http://4or6.com.ipv4.sixxs.org
    

    If all went well, you should have a working IPv4/IPv6 website!
    Please post a link to your url here if this tutorial helped you in any way!