Web and Mail Servers with IPv6
Enforcing IPv4 Where Necessary
In some cases, you need to force clients to keep using IPv4 to access a service. You will typically need to do so if the application isn’t configured for IPv6, or just isn’t compatible. To allow this to happen, add the following rule on your firewall:
ip6tables -A INPUT -j REJECT -p tcp-dport 25 --reject-with tcp-reset
This setup acknowledges IPv6 connections to the SMTP port 25 with a TCP reset, thus forcing a failback to IPv4 if the domain name is defined as an IPv4 and an IPv6 address.
If you just configured a drop or reject on the firewall, the client application might have some difficulty, and the responses from the server might be delayed. n
The Author
Michael Prohm is the head of development and administration in the dedicated and virtual server division of Strato AG.