Jump to content
  • 1

ipv6 firewall - static port forwarding trouble

tormozillo

Asked by tormozillo,

 Share

Question

tormozillo Newbie

tormozillo

Posted
Posted

Hi, I had a static ipv6 route with this setting: 

ipv6 static tcp PPPoE0 [mac] 443

It works nice! My server serves HTTPS website on ipv6 only address and accessible from everywhere.

But after I added the same for ipv4: 

ip static tcp PPPoE0 443 [mac] !https

...something goes wrong, internet port scanners report my server has open 443 port on ipv4 only, not ipv6.

KN-1611,  OS version 4.0.1

  • Upvote 1
Link to comment
Share on other sites

6 answers to this question

Recommended Posts

  • 0
tormozillo Newbie

tormozillo

Posted
  • Author
Posted (edited)

I discovered ipv6 static command works for a short time after pinging this ipv6 address from Keenetic web-console.

It's clear that neighbor discovery has broken in 4.0.1

ip -6 neigh on local computers reports with both global 2a03:: and local fe80:: ipv6 address of my web-server, so the problem not in the server side.
 

Edited by tormozillo
  • Upvote 1
Link to comment
Share on other sites
  • 0
AlexCh Member

AlexCh

Posted
Posted
14 часа назад, tormozillo сказал:

I discovered ipv6 static command works for a short time after pinging this ipv6 address from Keenetic web-console.

It's clear that neighbor discovery has broken in 4.0.1

ip -6 neigh on local computers reports with both global 2a03:: and local fe80:: ipv6 address of my web-server, so the problem not in the server side.
 

I confirm that in 4.0.1 IPv6 neighbor detection does not work correctly, but technical support answered me that the reason is in my devices on the local network.

Link to comment
Share on other sites
  • 0
tormozillo Newbie

tormozillo

Posted
  • Author
Posted
2 часа назад, AlexCh сказал:

I confirm that in 4.0.1 IPv6 neighbor detection does not work correctly, but technical support answered me that the reason is in my devices on the local network.

A solution might be done from server side. I found this bash-script on Archlinux wiki, after run once ipv6 works at least 12 hours now: 

#!/usr/bin/bash
declare -a l_ifs
readarray l_ifs < <(/sbin/ip -6 -j address | jq -r '.[] | .ifname ')
for l_if in ${l_ifs[@]} ; do
 echo $l_if
 declare -a l_addrs
 readarray l_addrs < <(/sbin/ip -6 -j address show dev "$l_if" | \
                        jq -r  '.[0].addr_info[].local')
 for l_addr in ${l_addrs[@]} ; do
   echo $l_addr
   ping -c 4 -6 -I "$l_addr" ff02::1%"$l_if"
 done
done

 

Link to comment
Share on other sites
  • 0
AlperShal Newbie

AlperShal

Posted
Posted

I am having the same problem.  

ipv6 static tcpudp PPPoE0 [mac] [port]

After running this command people are able to connect to my home lab for maximum of 5 minutes and then they can't. There is clearly a problem with this command.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...