My VPS host can allocate me a small block of IPv6 addresses for nothing, and I've kind of wanted to for the sake of trying on my small website/dev VPS.
My main concern is what I have to do to actually utilize them, in a secure fashion or at all.
Will most of the services (i.e. SSH, Apache) simply not read the IPv6 incoming addresses, or do they require a recompilation or module?
Will my firewall (iptables or whatnot currently) be able to block ports for both types of addresses and work fine with them out of the box?
My kernel is fairly new, 2.6.39.3 I believe on Debian (AMD64)
Thank you for any insight or suggestions you could give me on this, I've got my DNS provider as HE.NET which should be able to provide IPv6 records (I really just want to do ipv6.mysite.com for fun) if that is what I need on that end.
My experience is that most applications will Just Work (at most, you might need to say "yes, listen on IPv6 too", but most apps do that by default).
As far as security goes, the most important thing to remember is that anything you've done to restrict the flow of IPv4 packets needs to be recreated in IPv6. Most people boil this down to "make sure your firewall is blocking IPv6 as well as IPv4", but there can be other things than firewalls doing the blocking (hosts.allow/deny, ACLs in applications, that sort of thing), and you need to make sure all of that is working.
If you do any monitoring, you'll want to ensure that you're monitoring both IPv4 and IPv6 versions, to ensure that you're not providing degraded service to IPv6 clients, and make sure any log analysis tools will understand IPv6 addresses.
Nothing else comes immediately to mind. Enjoy the brand new Internet.
When running a webserver you have to be aware of what rules if any you have to restrict access to virtual hosts or paths by IPv4 address.
For example I run a VPN to my host so via the intranet I can access to a private site including support applications like
phpmyadminfor MySQL. However when enabling IPv6 I inadvertently opened up a route tophpmyadminand subsequently got pwned due a known exploit in that version.