Pages

Saturday, 17 December 2011

Disable ipv6 on Debian HOW TO

I’ve recently installed a new LDAP server on Debian Lenny and I wanted to disable IPv6 as it is unnecessary for me in this moment. With netstat I checked the listening processes:
netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2226/slapd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2215/sshd
tcp6 0 0 :::389 :::* LISTEN 2226/slapd
tcp6 0 0 :::22 :::* LISTEN 2215/sshd
and lsmod showed something like this:
Module Size Used by
ipv6 235364 12
...
So, to disable IPv6 I changed /etc/modprobe.d/aliases:
...
# alias net-pf-10 ipv6
# Disable ipv6
alias net-pf-10 off
alias ipv6 off
...



put AddressFamily inet into /etc/ssh/ssh_config - restart ssh
in /etc/modprobe.d/blacklist.conf setting blacklist ipv6
 
I also disabled these lines in /etc/hosts to avoid confusions:
...
## The following lines are desirable for IPv6 capable hosts
#::1 localhost ip6-localhost ip6-loopback
#fe00::0 ip6-localnet
#ff00::0 ip6-mcastprefix
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
#ff02::3 ip6-allhosts

disabled these lines in /etc/avahi_daemon.conf too :
...
/etc/avahi/avahi-daemon.conf -> say use-ipv6=no

BIND. Ensure listen-on-v6 { none; }; in /etc/bind/named.conf.options. Restart bind9.


APACHE2. Ensure Listen 0.0.0.0:80 in /etc/apache2/ports.conf file. Restart apache2.


Just add this option to your kernel boot line:
ipv6.disable=1 (Press e to edit at the grub boot screen ...)

NTP. Ensure -4 option is set in /etc/default/ntp (e.g. NTPD_OPTS='-4 -g'). Restart ntp.

If you like that, you can put this in /etc/default/grub:

GRUB_CMDLINE_LINUX="ipv6.disable=1"

and then run update-grub

The next time the system boots it will have ipv6 disabled. Let verify it with: 
netstat -tunlp
Here is a sample output: 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address     Foreign Address   State       PID/Program name
tcp        0      0 192.168.10.2:53   0.0.0.0:*         LISTEN      895/named       
tcp        0      0 127.0.0.1:53      0.0.0.0:*         LISTEN      895/named       
tcp        0      0 0.0.0.0:22        0.0.0.0:*         LISTEN      734/sshd        
tcp        0      0 127.0.0.1:953     0.0.0.0:*         LISTEN      895/named       
udp        0      0 192.168.10.2:53   0.0.0.0:*                     895/named       
udp        0      0 127.0.0.1:53      0.0.0.0:*




Finally I restarted the server.
shutdown -r now
lsmod|grep ipv6
...
Posted by at 00:47
Linux, Debian, Customs , ,

No comments:

Post a Comment

How About it.

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)