The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unable to get IPv6 to work (Apache)

Discussion in 'EasyApache' started by WhiteDog, Oct 18, 2013.

  1. WhiteDog

    WhiteDog Well-Known Member

    Joined:
    Feb 19, 2008
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    I am experimenting with cPanel 11.40.0.9 and IPv6. The server itself runs CentOS 5.9.

    When I test my domain using e.g. IPv6 test - web site reachability I get the following result:
    Checking for AAAA DNS record = 2001:XXXX:4300:YYYY:3::1
    Checking for IPv6 web server = web server is unreachable

    I can ping 2001:XXXX:4300:YYYY:3:0:0:0 using an external site
    Executing ping6 ipv6.google.com also works

    This is what i have done so far:
    1. added "NETWORKING_IPV6=yes" to /etc/sysconfig/network
    2. added "IPV6INIT=yes + IPV6ADDR=2001:XXXX:4300:YYYY:3:0:0:0 + IPV6_DEFAULTGW=2001:1af8:4300:YYYY:0:0:0:1" (+ = newline) to /etc/sysconfig/network-scripts/ifcfg-eth0
    3. Added the range 2001:XXXX:4300:YYYY:3:0:0:0/112 in cPanel
    4. Enabled IPv6 for a site using the cPanel interface.
    5. Executed service network restart + /etc/init.d/ipaliases restart + apache restart

    Observation:
    When I enable or disable IPv6 using the cPanel interface for a domain, I receive the error "Request Timed Out". When I check back a minute later the domain is marked as "ENABLED".

    So it appears IPv6 is working on my server but that Apache is not configured to listen to it or blocking it.
    I also tried to temporarely disable the CSF firewall.

    Any idea what I'm missing or where the "Request Timed Out" comes from?
    Any log files I can check?

    Many thanks!
     
  2. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Are the IPv6 addresses added to the Apache Configuration?
     
  3. WhiteDog

    WhiteDog Well-Known Member

    Joined:
    Feb 19, 2008
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Hi Kenneth,

    How do I check / change that?
    Is this not done when using the "Enable IPv6" or the "IPv6 Ranges" feature in cPanel?
     
  4. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Look in /usr/local/apache/conf/httpd.conf. You should find, at minimum, an IPv6 address for each virtualhost associated with an account you granted IPv6 functionality too. This check is simply a standard troubleshooting step.

    If there are no IPv6 entries in the Apache config then something is amiss. In that case I recommend you open a support ticket with us https://support.cpanel.net
     
  5. WhiteDog

    WhiteDog Well-Known Member

    Joined:
    Feb 19, 2008
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    I can find a bunch of IPv6 entries:
    Code:
    </VirtualHost>
    NameVirtualHost [AAAA:BBBB:XXXX:YYYY:0003:0000:0000:0000]:80
    <VirtualHost 12.34.56.78:80 [AAAA:BBBB:XXXX:YYYY:0003:0000:0000:0000]:80>
        ServerName domain.com
    
    I have now also enabled the IPv6 firewall in CSF. As I am using a pre 2.6.20 kernel CSF is configured to IPV6_SPI = 0 and all outgoing ports open as CSF instructs.
    I can also see incoming ipv6 traffic in the iptables log. Even more, if I remove port 80 from the allowed incoming ports the web server check i mentioned above is actively blocked:
    Oct 18 16:07:08 cloud kernel: Firewall: *TCP6IN Blocked* IN=eth0 OUT= MAC=00:50:56:82:38:41:00:d0:00:fb:90:00:86:dd SRC=2001:41d0:0008:e8ad:0000:0000:0000:0001 DST=2001:XXXX:4300:YYYY:0003:0000:0000:0000 LEN=80 TC=0 HOPLIMIT=57 FLOWLBL=0 PROTO=TCP SPT=44472 DPT=80 WINDOW=14400 RES=0x00 SYN URGP=0

    I think this rules out this being a problem on network or firewall level.
     
  6. WhiteDog

    WhiteDog Well-Known Member

    Joined:
    Feb 19, 2008
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Testing with Validador IPv6 - Teste seu sítio I get:
    * The server does not responds to a HEAD requisition. This is the most important test, this site is not accessible over IPv6!
    * It is possible to ping the server over IPv6.
    * The authoritative DNS server is accessible over IPv6.
     
  7. WhiteDog

    WhiteDog Well-Known Member

    Joined:
    Feb 19, 2008
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    When I update in htpd.conf "Listen 0:0:0:0:80" to "Listen *:80" all the IPv6 tests start working :)

    I know the proper way to adjust this is via "Tweak Settings". Is it normal that I have to change this manually? Or should this change not be required?
     
Loading...

Share This Page