• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Which ipv6 address to use for running public services?

Started by rsenger, July 03, 2014, 02:49:44 PM

Previous topic - Next topic

rsenger

I've been running some services (email, web, and others) on my single static ipv4 address for years now. I am connected to the internet through pppoe, thus the public ipv4 address is assigned to the ppp0 interface. This is the interface/ip the web- and email servers are listening. All other interfaces have private ipv4 addresses in the 192.168.x.y range.

Now I've setup a static ipv6 tunnel, and I wonder which ipv6 address I should use (and publish in the dns) for my services. The ipv6 interface is named he-ipv6, and it's assigned the tunnel endpoint ipv6 address. All other interfaces (eth0, wlan0...) do have ipv6 addresses from the /48 prefix.

Currently I have configured the web- and email servers to listen on the he-ipv6 interfaces address, this address is also published in the dns as the AAAA record for my domains.

I wonder if this is the best choice. Or would it be better practice to assign an additional address from the /48 prefix range to the he-ipv4 interface, and publish that in the dns? Does it matter at all?

Cheers,

Robert

snarked

You should be using IPv6 addresses from your allocated /48 (or /64s), not from your tunnel endpoints, for incoming services.

For outgoing services, you need to tell your servers which addresses to use or override the kernel's selection by using the "ip addrlabel" function.  [I don't know the M$-Windows equivalent command.]

rsenger

Thanks for your reply. Now I've picked an address from my /64, and updated the services config and the dns records.

Cheers,

Robert