An Easy Way to Get Ipv6 Ready on the Outside Ipv6 to Ipv4 Proxy

Even now the time is getting closer and the world is really running out of IPv4 address space, still a lot of companies don’t spent time on getting ready for IPv6. While this lack of action can lead to a never ending discussion I instead give you a simple solution to get IPv6 ready (on the outside, especially the web) and gain some time for the LAN side. The solution is really simple, there is even a chance you already make use of it in a certain way. A lot of companies use a reverse proxy to publish there websites to the internet. A reverse proxy is nothing else then a simple server which accept requests and gets the desired information for you from the appropriate webserver. Below a simple example of a traditional IPv4 reverse proxy. The proxy accepts the requests from a client on the Internet and it is the reverse proxy which makes connection to the webserver(s), not the client!

Now there are two ways to make this solution IPv6 ready. We can make the reverse proxy dual stack, so it accepts IPv6 requests and on the inside it requests the webpages on IPv4, since the client is not talking to the webserver this will work without having the webservers IPv6 ready. Unfortunately this will only work if your provider can give you an IPv6 connection* and not every provider is done or even started with the IPv6 implementation/transition. So another way could be, request another internet connection which is IPv6 capable and place a reverse proxy on this connection. This reverse proxy can do the requests on the already available IPv4 reverse proxy. This solution is off course a bit dirty but if you have customers in areas which already ran out of IPv4 addresses this can give you some time. (Besides you can also place this server in a hosting environment across the world) Below you see both solutions.

* This will also work if you have other solutions to get connected to the IPv6 Internet, like tunneling. Below I will explain how you can accomplishes this with Ubuntu server and Apache as reverse proxy. Of course you can take any other reverse proxy or OS as long as it is IPv6 capable. Unfortunately for the Microsoft guys, MS ISA and TMG don’t support IPv6 reverse proxying at this moment! So let’s start, first off all, get your copy of Ubuntu Server (11.04) at and install it. You can install it without selecting extra functionalities. When the installation is done, we first give the server a static IP address, so it is save to bind DNS names to the IP address. Open /etc/network/interfaces

sudo nano /etc/network/interfaces

Below you see an example of how it could look like.

iface eth0 inet static address netmask gateway iface eth0 inet6 static pre-up modprobe ipv6 address 2001:DB8::1 netmask 64 gateway 2001:DB8::254

Now restart the network connection, so the new settings are loaded.

sudo /etc/init.d/networking restart

Now we need to install Apache and enable the proxy module(s).

sudo aptitude install apache2 sudo a2enmod proxy proxy_http

We disable the default website and we are going to create our own configuration.

sudo a2dissite default sudo nano /etc/apache2/sites-enabled/000-rep

Let’s create a (minimal) rule which listens to a certain hostname and requests the appropriate site.

<VirtualHost *:80> ServerName ProxyRequests Off ProxyPass / ProxyPassReverse /

Now you need to create a quadruple A record (AAAA) for which points to your IPv6 address, in this example it would be 2001:DB8::1 Before we can test, we need to restart the Apache service, so the settings are loaded.

sudo /etc/init.d/apache2 restart

Now test it, of course on a IPv6 enabled machine :-) If everything is working fine, you can change the ServerName to and add a AAAA record for it. (If you prefer you can also ad ServerAlias)

Rob Maas
Rob Maas
Technical Challanger at ON2IT

If it is broken, fix it! If it ain’t broken, make it better!