≡ Menu

ipv6 addresses

Firewall Builder: Generate The Web Server Firewall Cluster Running Linux or OpenBSD

Firewall Builder Logo

This article continues mini-series started with the post Introduction to Firewall Builder 4.0. This article is also available as a section in the "Firewall Builder Cookbook" chapter of Firewall Builder Users Guide 4.0.

Firewall Builder 4.0 is currently in beta testing phase. If you find it interesting after reading this post, please download and try it out. Source code archives, binary deb and rpm packages for popular Linux distributions and commercially distributed Windows and Mac OS X packages are available for download here.

In this post I demonstrate how Firewall Builder can be used to generate firewall configuration for a clustered web server with multiple virtual IP addresses. The firewall is running on each web server in the cluster. This example assumes the cluster is built with heartbeat using "old" style configuration files, but which high availability software is used to build the cluster is not really essential. I start with the setup that consists of two identical servers running Linux but in the end of the article I am going to demonstrate how this configuration can be converted to OpenBSD with CARP.
[click to continue…]

Lighttpd: Enable IPv6 Support

Lighttpd supports both IPv6 and IPv4 protocol out of box. You need to compile lighttpd with IPv6 support. The server.use-ipv6 option bind to the IPv6 socket. You need to bind to both IPv6 and IPv4 using the following syntax.

First, see compile-time features (find out if IPv6 is enabled or not), enter:
# lighttpd -V
Sample output:

Build-Date: Sep 30 2008 06:18:08
Event Handlers:
	+ select (generic)
	+ poll (Unix)
	+ rt-signals (Linux 2.4+)
	+ epoll (Linux 2.6)
	- /dev/poll (Solaris)
	- kqueue (FreeBSD)
Network handler:
	+ sendfile
	+ IPv6 support
	+ zlib support
	+ bzip2 support
	+ crypt support
	+ SSL Support
	+ PCRE support
	- mySQL support
	- LDAP support
	- memcached support
	- FAM support
	- LUA support
	- xml support
	- SQLite support
	- GDBM support

You must see + IPv6 support enabled. If not recompile lighttpd with IPv6 support. Once compiled open lighttpd.conf file:
# vi lighttpd.conf
To enable IPV6 and IPV4 together, enter:

server.use-ipv6 = "enable"
server.port = 80
$SERVER["socket"] == "" {
# add your stuff

Save and close the file. Restart lighttpd:
# service lighttpd restart

Above config is only useful if you want to use all available IPv4 and IPv6 address. Following configuration will bind IPv4 to and IPv6 to address:
Open lighttpd.conf setup main server IP address as follows:

server.port = 80 
server.bind = ""

Below that add IPv6 config as follows:

$SERVER["socket"] == "[2001:470:1f04:55a::2]:80" {
   # ...
   # your rest of config for ipv6 host
   # ...

Here is my sample config file with IPv4 and IPv6 dual stack enabled:

server.modules              = (
server.errorlog            = "/var/log/lighttpd/error.log"
accesslog.filename         = "/var/log/lighttpd/access.log"
index-file.names            = ( "index.php", "index.html", "index.htm", "default.htm" )
server.tag                 = "lighttpd"
# FastCGI php5
fastcgi.map-extensions = ( ".html" => ".php" )
fastcgi.server    = ( ".php" =>
                "bin-path" => "/usr/bin/php-cgi",
                "socket" => "/tmp/php-cgi.socket",
                "max-procs" => 4,
                "idle-timeout" => 30,
                "bin-environment" => (
                        "PHP_FCGI_CHILDREN" => "10",
                        "PHP_FCGI_MAX_REQUESTS" => "20000"
                "bin-copy-environment" => (
                        "PATH", "SHELL", "USER"
                "broken-scriptfilename" => "enable"
include "mimetype.conf"
server.document-root = "/home/lighttpd/example.com/http"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "lighttpd"
server.groupname = "lighttpd"
# Turn on IPv4 config
server.port = 80 
server.bind = ""
server.error-handler-404 = "/index.php?error=404"
### IPv6 Config ###
# Note only log file name changed
$SERVER["socket"] == "[2607:f0d0:1002:11::5]:80" {
	accesslog.filename         = "/var/log/lighttpd/ipv6.access.log"
	server.document-root = "/home/lighttpd/example.com/http"
	server.error-handler-404 = "/index.php?error=404"

Linux Calculating Subnets with ipcalc and sipcalc Utilities

If you need to calculate subnet under Linux use an IP Netmask/broadcast calculator called ipcal. You can calculate IPv4 or IPv6 address. Supported features:

=> Multiple address and netmask input formats.
=> Retrieving of address information from interfaces.
=> Classfull and CIDR output.
=> Multiple address and netmask output formats (dotted quad, hex, number of bits).
=> Output of broadcast address, network class, Cisco wildcard, hosts/range, network range.
=> Output of multiple types of bitmaps.

=> Output of a user-defined number of extra networks.
=> Multiple networks input from commandline.
=> DNS resolutions of hostnames.
=> Compressed and expanded input addresses.
=> Compressed and expanded output.
[click to continue…]