IPv6 in a Netcup VServer
NOTE: Now that Netcup VServers support IPv6 natively, this article is
obsolete and only interesting for historical and technical reasons.
Introduction
I'm running a VServer from Netcup in a Hetzner Online facility in
Nuremberg. This product natively offers IPv4 connectivity but no IPv6
connectivity at all. I can run a (Linux) distribution userland of my choice
but the kernel is always a Linux VServer enabled kernel with certain
restrictions:
- No IPv6 available
- Device nodes can't be created in the file system
- Mounting (e.g. bind mounting the /dev devices to somewhere else) is restricted
- No tun/tap devices by default (available via option, but not possible for sixxs)
With this in mind, I still wanted to establish IPv6 on this server. The
basic idea is to do everything inside a UML (User Mode Linux) guest machine
which can do everything necessary internally but externally doesn't do
restricted actions. IPv6 access to the already existing IPv4 services will
be provided via IPv6-IPv4 tunnels.
Steps taken
As a Debian Developer, I'm using Debian as the example operating VServer
host and UML guest OSes, but the following should also be possible with
other distributions.
- Request new IPv6 Tunnel, e.g. at SixXS
- Setup UML
- Install Debian's UML kernel (package user-mode-linux)
- Create root filesystem image (hostfs not possible because device nodes can't be created in Netcup's provided file system):
dd if=/dev/zero of=squeeze.img bs=1048576 count=1024
mkfs -t ext3 squeeze.img
- Install package slirp (userspace IP networking im uml, w/o tun/tap to host OS)
- Start UML instance with root filesystem:
/usr/bin/linux ubd0s=/home/stigge/squeeze.img jail mem=256M eth0=slirp,,/usr/bin/slirp-fullbolt umid=1 con=null con0=fd:0,fd:1 con1=none
- Inside UML:
- Install package aiccu (configure via debconf, with SixXS infos)
- /etc/network/interfaces:
auto eth0
iface eth0 inet static
address 10.0.2.15
netmask 255.255.255.0
up route add default dev eth0
- Install package 6tunnel
- 6tunnel call for each IPv6 enabled TCP port, e.g. "6tunnel -6 80 antcom.de 80". Unfortunately, 6tunnel was buggy, see also my fix in http://bugs.debian.org/601030
- Create IPv6 DNS entry, e.g. ipv6 AAAA 2a01:198:200:9f7::2 (needs some time to be published)
- Access e.g. via http://ipv6.antcom.de/, also possible via http://www.antcom.de
- Optional: Create IPv6 reverse DNS entry at SixXS
- Recommended: Set up firewall (ip6tables) inside UML
Restrictions
The above scenario offers IPv6 access to services (e.g. HTTP, FTP, SSH,
SMTP, IMAP) that would normally be available only in an IPv4 version on
this VServer.
Summary
With the above steps, you can add IPv6 connectivity to a IPv4 VServer, with
some minor restrictions. This is because I just extended the already
existing IPv4 services on my IPv4 server with IPv6 access. It is also
possible to have everything running inside the UML directly which is more
flexible but also more difficult to maintain.
Roland Stigge <stigge@antcom.de>, 2010-10-23