• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

unable to access my apache webserver

Started by trand, August 11, 2009, 09:33:15 AM

Previous topic - Next topic

trand

firstly THANKS to he.net for the great ipv6 tunnel

Hi there,

i hope you guy's can help me, my tunnel is all up & working & all my nodes within my lan are getting a ipv6 address i have 1 problem

one of my nodes 2001:470:1f09:2fc::a/64 which is a Ubuntu Jaunty box (headless) runs apache/mysql/php/cacti & ntop just to give me an idea of what is occurring on my lil lan

problem is i am unable to access my webserver from the ipv6 address above now i would love to be able to have this server accessable via ipv4 & 6 can any of you give me some guidelines on getting this working as i have tried to tell it to listen on the above address on port 80 as well as ::1 (localhost) but it will not play ball

have i made a real dumb error and for got something simple (which it generally is with linux lol)

i might add that my gateway/router/firewall is m0n0wall and this server is not in a DMZ or seperate LAN

i use ssh & webmin & occasionaly vnc to admin my headl,ess webserver & eventually i want to be able to provide a ipv6 virtual host on this server but unless i can get the thing to be accessable via both im at a loss

config files are avaliable upon request & will be pre-sanitized for sanity!!

thnx in advance to those who help

:D

dataless

Make sure your apache httpd.conf file includes;

Listen [::]:80

(Apache needs IPv6 addresses enclosed in brackets)

Or if you want it just for a single IP

Listen [2001:470:1f09:2fc::a]:80

If that does not get it working, ensure any firewall on that machine is not blocking it.

Try shutting down iptables or whatever you use, if it works when it's shut down you know it's a firewall issue.

jimb

You may also want to check ip6tables on the gateway box (presuming it's a linux box).  I do mine "by hand", so I don't know what stuff like m0n0wall does, or whether it even works with ip6tables.  Make sure there's an entry in the FORWARD chain (or INPUT chain if the web server IS the ipv6 gateway) to allow port 80 to that IPv6 from anywhere.

Also, my httpd.conf and included files on my gentoo box doesn't require a specific Listen for IPv6.  I just have a "Listen 80" (and Listen 443 for SSL) in there, and it causes apache to listen on both v4 and v6.  Should work for you too, I'd think.

Note that netstat -anp will only show it listening on IPv6, but it's also listening on v4.  IPv4 connections show up as IPv4 mapped IPv6 addresses (::ffff:x.x.x.x:port).  (at least on two of my gentoo boxes)

trand

bingo
got it working for internal nodes
now i just gotta get port 80 open in m0n0wall!

FYI
if you intend to use both ipv4 & ipv6 on a apache install within ubuntu ONLY use:

Listen [::]:80

within the file:

/etc/apache2/ports.conf

we use this because [::] = any ip on any stack both ipv6 & 4
and if you have Listen 80 apache will see that as any ip4 address BUT if you have both Listen directives present apache will not start as it will get confused & report both sockets as in use

to have the server configured with multiple virtual hosts using different ip types just use the 'allow' & 'deny' directives within its respective .conf file located in the 'sites-enabled' directoy to configure each as you need :)

when i get m0n0wall working to allow traffic in on ipv6:80 i'll document it here also for others

m0n0wall is a statefull firewall based on FreeBSD
it is acting as my tunnel endpoint & i have it on a 128Mb usb stick connected to an old Dell optiplex which i have put up in my attic/loft lol

it has a web front end and a plethora of features which would knock out any commercial firewall

http://m0n0.ch/wall

broquea

m0n0wall should be pretty simple

1) login
2) click ipv6 rules
3) on WAN click +
4) play with the options, for HTTP, you could leave it as: PASS, TCP/UDP, destination = "single host" and put in it's IPv6 address, destination port 80
5) save changes

jimb

Cool.  On my distro it suffices to do just "Listen 80", but that would all depend on the config file setup, and/or compile options, etc, I guess.

I didn't realize that m0n0wall was FreeBSD/pf based.  I was thinking it was yet another Linux iptables management script.  I'd heard the name before but had never tried it or investigated it.  Looks decent.

trand

Quote from: broquea on August 12, 2009, 01:24:13 PM
m0n0wall should be pretty simple

1) login
2) click ipv6 rules
3) on WAN click +
4) play with the options, for HTTP, you could leave it as: PASS, TCP/UDP, destination = "single host" and put in it's IPv6 address, destination port 80
5) save changes

yea did that & still nothing the server hosting the site has got a firewall but that is set to allow all & i can see the 'It Works!' default page for apache2 from within my LAN :-\

Quote from: jimb on August 12, 2009, 01:55:11 PM
Cool.  On my distro it suffices to do just "Listen 80", but that would all depend on the config file setup, and/or compile options, etc, I guess.

I didn't realize that m0n0wall was FreeBSD/pf based.  I was thinking it was yet another Linux iptables management script.  I'd heard the name before but had never tried it or investigated it.  Looks decent.

it is far more better than iptables & the features it has makes it a good candidate for a majority of network environment's

trand

i thought i'd tell ya'll it works :)

and thnx for all ya help

broquea

Quote from: trand on August 13, 2009, 12:12:19 PM
i thought i'd tell ya'll it works :)

and thnx for all ya help

What was the eventual fix?

trand

1
use the correct rule set to build the firewall entry
2
reboot to make it live


i thought i had to use the ones prefixed with 'ipv6-'