I've set up two webservers witch are running next to each other (2 different computers). I like to have public access trough port 80 and port 443 trough the IPv6 protocol. Am using an Unifi Security Gateway.
For IPv4:
- port 80 and port 443 are forwarded to the server1 ip address.
- for server2 this is a problem as I cannot forward the same ports to a different ip address...
For IPv6 (the willing solution as there is no NAT):
- I created two AAAA records (on two subdomains) one for each server with points directly to the (global) IPv6 addresses of both servers.
- I created an "Address Group" containing the two (global) IPv6 addresses of server1 and server2
- I created a "Port Group" of the http and https ports: (80, 443)
From within my LAN everything works fine on IPv6 for both servers. On IPv4 only the (forwarded) server1 works, which is expected.
When I do a test from the Internet (IPv6) I cannot get trough to neither of the webservers, only the IPv4 fallback works fine for server1 (also as expected).
Here is the response from the letsdebug.net test:
AAAA Not Working Error:
www.website.com has an AAAA (IPv6) record (2a02:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:dc69) but a test request to this address over port 80 did not succeed.
Your web server must have at least one working IPv4 or IPv6 address.
You should either ensure that validation requests to this domain succeed over IPv6, or remove its AAAA record.
A timeout was experienced while communicating with www.website.com
Here is a screenshot from my USG Firewall Settings:
What can I do to make my two webservers reachable from outside (at least trough IPv6), but only allow the traffic needed without opening unnecessary security holes? I cannot find a lot of Unifi documentation for IPv6 but I guess the IPv6 Firewall settings should be comparable to other gateways? I'm very new to IPv6 but now I must use it, from inside it is working perfectly.
Thanks in advance.
