...
Date |
|
| ||
---|---|---|---|---|
2012-08-02 | Remote support only on IPv6 | VNC on client computers runs in IPv6 only mode. | ||
2012-01-13 | All database are running exclusively on IPv6 | Today I killed the last two instances of MySQL, which ran on our ticket system JIRA and this Confluence wiki, and replaced them with PostgreSQL. Now we only run PostgreSQL databases, that are all accessible over the network exclusively through IPv6. | ||
2011-12-20 | Axis IP camera now IPv6 only | The RTMP stream on http://www.terena.org/webcam originates from our media server media.terena.org, which is dual stack. That server pulls the stream from our AXIS Q1755 camera with host name axis.terena.org, which is now IPv6 only. Removed IPv4 address and A record, adjusted access-lists. | ||
2011-12-05 | iPhones and iPads can now use IPv6 from everywhere | Added Cisco AnyConnect mobile license to our our ASA5505, so mobile devices can have IPv6 for everywhere. | ||
2011-10-31 | Our primary file server runs Samba on IPv6 only | Removed IPv4 address 192.87.30.132 | ||
2011-04-12 | Radius communication is IPv6 | All Eduroam Radius traffic between TERENA and the Radius servers at SURFnet is done using IPv6 only. | ||
2011-03-09 | All linux servers run PostgreSQL on IPv6 only | Configure " | ||
2011-03-08 | HP Printer IPv6 only | Upgraded Laserjet 4250 with new print server, removed IPv4 address 192.87.30.138 and A record for | ||
2011-02-28 | Primary directory server | Removed IPv4 address 192.87.30.30 | ||
2011-02-07 | Nagios web interface only reachable on IPv6 | Configure | ||
2011-02-07 | SVN repository | Removed IPv4 address 192.87.30.29 and A record | ||
2011-02-01 | All linux servers run Postfix on IPv6 only (except listed MXs) | Remove IPv4 addresses from | ||
2011-01-31 | All linux servers managed by SSH via IPv6 only | Configure " | ||
2011-01-30 | All linux servers use only IPv6 resolvers | Only list IPv6 addresses in
| ||
2010-10-26 | VPN supports IPv6 | A new VPN setup: Cisco AnyConnect. Clients get an IPv4 and an IPv6 address from the office pools, so they can access all services via IPv6 |
Tinyproxy
Some of our systems have extra "security needs", and they are not allowed to initiate outgoing connections by default. This means that IP ACLs are used so that they can only reach neccessary services (SMTP gateway, DNS resolvers, NTP etc).
Because those hosts do need access to some web sites (mostly for software updates), we use a proxy server to allow them access to those domains.
If you have an IPv6-only host that only needs access to some outside HTTP resources, then this approach kills two birds with one stone:
- Many services are run on CDNs such as Akamai, which renders IP ACLs into a nightmare. A proxy solves this by allowing domains/URLs.
- Some services are only accessible via IPv4 (Microsoft Update, hostupdate.vmware.com, Secunia.com). A dual stack proxy does the protocol translation. If those web sites were the only problems on the IPv6-only system, this is just what you need, and you can avoid using additional complex systems such as NAT64/DNS64.
Because we do not need any caching, but only the access restriction part, I choose tinyproxy because it is very light weight and simple.
The only downside is that the tinyproxy that sits in Ubuntu 12.04 does not listen on both IPv4 and IPv6 at the same time
Hopefully this will be resolved soon...
Coda 2 drops support for IPv6
...