I got a Reddit message from a user who is running a single stack IPv6 setup and was unable to access my website. I thought I had everything in order to make this work but apparently not. Thanks to this user for reaching out so I could fix the problem.
DNS AAAA Record
The first step is to ensure that you have a AAAA published for your public IPv6 address. This is fairly simple. Grab your IPv6 address from your server (
ip a, or
ipconfig) and create a record through your domain provider.
NOTE: Be sure to grab the
scope global address and NOT the
In my case, I am using
iptables to manage my firewall configuration. The first thing to note is that you must use two different utilities to manage IPv4 vs. IPv6 rules:
ip6tables. What is nice is that both utilities provide the
-6 flags to cause the opposite tool to ignore those specific rules. From the
-4, --ipv4 This option has no effect in iptables and iptables-restore. If a rule using the -4 option is inserted with (and only with) ip6tables-restore, it will be silently ignored. Any other uses will throw an error. This option allows IPv4 and IPv6 rules in a single rule file for use with both iptables-restore and ip6tables-restore. -6, --ipv6 If a rule using the -6 option is inserted with (and only with) iptables-restore, it will be silently ignored. Any other uses will throw an error. This option allows IPv4 and IPv6 rules in a single rule file for use with both iptables-restore and ip6tables-restore. This option has no effect in ip6tables and ip6tables-restore.
So with that in mind, you can make one file to hold all your rules and then load it into both utilities. The place where the specific rules come into play is when dealing with specific IPs or with localhost communications.
iptables is smart enough to work on port based rules across the protocols.
I ended up using a set of rules from Jakub Jirutka here. I basically just updated line
111, un commented, saved to
/etc/iptables.rules and loaded it up. To ensure these rules get loaded at boot I added these lines to
#Restore IP tables iptables-restore < /etc/iptables.rules ip6tables-restore < /etc/iptables.rules
NGINX seems to have the IPv6 configuration already built into their default server config file. If you some reason you do not have this, IPv6 is configured in the
listen directive of the
server block in your NGINX config file. You are looking for this
listen [::]:80;. Likewise, if you are serving on HTTPS (or redirecting) then you will need a similar line for port 443.