Web and Mail Servers with IPv6
Enforcing IPv4 Where Necessary
In some cases, you need to force clients to keep using IPv4 to access a service. You will typically need to do so if the application isn’t configured for IPv6, or just isn’t compatible. To allow this to happen, add the following rule on your firewall:
ip6tables -A INPUT -j REJECT -p tcp-dport 25 --reject-with tcp-reset
This setup acknowledges IPv6 connections to the SMTP port 25 with a TCP reset, thus forcing a failback to IPv4 if the domain name is defined as an IPv4 and an IPv6 address.
If you just configured a drop or reject on the firewall, the client application might have some difficulty, and the responses from the server might be delayed. n
The Author
Michael Prohm is the head of development and administration in the dedicated and virtual server division of Strato AG.
Related content
-
Set up subdomains with Apache and Nginx
Set up virtual hosts on modern web servers for Apache and Nginx. -
Virtual networks with Hyper-V in Windows Server 2016
Microsoft provides some interesting virtualization features in current and future versions of Windows Server. You can connect or isolate virtual machines, and Windows Server 2016 even supports virtual switches. -
Hardening mail servers, clients, and connections
If you don't want to hand over your mail to a corporation, you have to operate your own mail server. Securing it sensibly involves some effort. -
Harden your Apache web server
Cyberattacks don't stop at the time-honored Apache HTTP server, but a smart configuration, timely updates, and carefully considered security strategies can keep it from going under. -
Kolab iRony with CalDAV and CardDAV support
Open standards and open source are requisite in Kolab groupware. The alpha release of version 3.1 hugely extended the number of compatible clients with the CalDAV and CardDAV protocols, making Kolab data available on iOS and Mac OS X and in Thunderbird and Evolution.