Web and Mail Servers with IPv6

Enforcing IPv4 Where Necessary

In some cases, you need to force clients to keep using IPv4 to access a service. You will typically need to do so if the application isn’t configured for IPv6, or just isn’t compatible. To allow this to happen, add the following rule on your firewall:

ip6tables -A INPUT -j REJECT -p tcp-dport 25 --reject-with tcp-reset

This setup acknowledges IPv6 connections to the SMTP port 25 with a TCP reset, thus forcing a failback to IPv4 if the domain name is defined as an IPv4 and an IPv6 address.

If you just configured a drop or reject on the firewall, the client application might have some difficulty, and the responses from the server might be delayed. n

The Author

Michael Prohm is the head of development and administration in the dedicated and virtual server division of Strato AG.

Related content

comments powered by Disqus