How do I FULLY DISABLE IPv6 on SafeSquid Appliance?

Tell everybody, what you think about SafeSquid!
Speak your mind!
clarity
Site Admin
Posts: 15
Joined: Tue Apr 23, 2019 12:28 pm

How do I FULLY DISABLE IPv6 on SafeSquid Appliance?

Post by clarity » Thu Oct 01, 2020 5:48 am

Hello All,
After Migrating to Ubuntu 18.04 as the default SAB Appliance
We have came across few problem scenarios & some analysis.

Problem:
IN order to connect to a IPv6 Server i.e. to an IPv6 Address you require that the Router provides you an IPv6 Network with a IPv6 Gateway i.e. the router supports IPv6 Address and has a Public IPv6 Address to communicate with other IPv6 Machines
When SafeSquid queries Systemd-Resolvd or any other DNS Server it provides Ipv6 Address, if the System cannot to Ipv6 Address then SafeSquid will also not be able to connect to Ipv6 Address and therefore resulting in "Connection Failed"
Reason being the System cannot to IPv6 Server but the DNS Resolution provides IPv6 Address resulting in Connection Failure.
Inorder to make sure, SafeSquid uses a IPv4 Address make sure that the DNS Server does provide IPv4 address and filter outs ipv6

So We are going to take one such Aspect over here:
How do I FULLY DISABLE IPv6 on SafeSquid Appliance?

If you are using SafeSquid on Ubuntu 18.04 (i.e you have installed SafeSquid using safesquid.1804.iso)
Then IN order to Fully Disable IPv6

Their are 2 things to be done
1. DISABLE IPv6 Totally via GRUB Config
2. Use Bind as the Default DNS with OPTION: [filter-aaaa-onv4: yes;]

1. DISABLE IPv6 Totally via GRUB Config
Inorder to disable IPv6 via Grub we need to
Append "ipv6.disable=1" in [/etc/default/grub] For Option: [GRUB_CMDLINE_LINUX]
After Adding it should look like : GRUB_CMDLINE_LINUX="some-other-options ipv6.disable=1"

Default Before Changing:
image.png
image.png (17.86 KiB) Viewed 1475 times



After Changing:
image.png
image.png (18.87 KiB) Viewed 1475 times
Restart/Reboot the System using: reboot

No Service Running on IPv6 Address and IPv6 Modules will be Disabled Completely in SafeSquid
image.png
image.png (69.41 KiB) Viewed 1471 times

2. Use Bind as the Default DNS with OPTION: [filter-aaaa-onv4: yes;]
Ubuntu 18.04 has systemd-resolvd as the Default Service which manages the DNS and provides a DNS Stub @ [127.0.0.53:53]
Well inorder to use Bind as the Default Name Server, we need to make few minor changes
First: Change the Link to Systemd-Resolvd File: [/run/systemd/resolve/resolv.conf ] using command

Snapshot:
image.png
image.png (32.34 KiB) Viewed 1475 times

After doing the Above changes we need to make another change in BIND configuration
Adding Option: filter-aaaa-on-v4: yes;

Default Content Inside Bind Config File is
image.png
image.png (70.28 KiB) Viewed 1474 times

We need to add the option and it should look like this: [Added some indentation]
image.png
image.png (74.19 KiB) Viewed 1474 times
Restart Bind Service using: systemctl restart bind9

Now if Bind is the only DNS Server in /etc/resolv.conf and Option: "filter-aaaa-onv4 true;" is added
We should now only IPv4 addresses and No IPv6 Address