I'm not sure the reason behind your need, however, I did have a similar need, i.e., I did not want random hosts/scanners connecting to the hidden master.
I resolved that need by configuring the firewall on the hidden master to allow inbound connections only from the HE secondary servers, 216.218.133.2 and 2001:470:600::2. Outbound connections to any IP were already allowed.
That's been working fine for me.
- June 05, 2020, 12:35:23 AM
- Welcome, Guest
News:
Welcome to Hurricane Electric's Tunnelbroker.net forums!
|
11
on: May 20, 2020, 07:21:04 AM
|
||
| Started by taylorcs89 - Last post by passport123 | ||
|
12
on: May 19, 2020, 05:25:01 PM
|
||
| Started by miloszgancarz - Last post by YASSKYLIGHT | ||
|
I used MailEnable. Standard Edition is free (for comercial too). Easy setup, small resources. IIS only for WebMail, and not obligated.
For labs is very good, you could get mail and web site in one flacon. For Windows only. |
||
|
13
on: May 19, 2020, 04:58:40 PM
|
||
| Started by taylorcs89 - Last post by taylorcs89 | ||
|
I have a hidden master server, using dns.he.net to slave to it. However it only accepts default port of 53. Is there a way to use a non standard port?
|
||
|
14
on: May 19, 2020, 03:24:38 PM
|
||
| Started by AnimaNera - Last post by tjeske | ||
|
I think you can just use your gmail address.
|
||
|
15
on: May 08, 2020, 11:09:09 AM
|
||
| Started by AnimaNera - Last post by AnimaNera | ||
|
hi, I would like to create an ipv6 email to get the certificate, so as to unlock the irc ports.
my requirements: 1) I have a site hosted on altervista (free) 2) vps with debian operating system 3) alias email of altervista, email with gmail, email with hotmail Can I get an ipv6 email with these requirements for free? if the answer is yes, what can i do? please explain to me step by step thanks |
||
|
16
General IPv6 Topics / IPv6 on Linux & BSD & Mac / Re: Ubuntu 19.10 and 20.04 tunnel stops passing IPv6 traffic only
on: May 08, 2020, 10:46:28 AM
|
||
| Started by Nomadadon - Last post by Nomadadon | ||
|
I've got traffic flowing across it almost constantly though.
|
||
|
17
General IPv6 Topics / IPv6 on Linux & BSD & Mac / Re: Ubuntu 19.10 and 20.04 tunnel stops passing IPv6 traffic only
on: May 08, 2020, 05:59:03 AM
|
||
| Started by Nomadadon - Last post by cholzhauer | ||
|
It does sound as if keep-alive is being blocked somehow. I haven't seen a post of this type on here in a few years, but the solution then was just to create a cron job to run ping every so often.
|
||
|
18
on: May 07, 2020, 04:13:22 PM
|
||
| Started by GustavoFernandes - Last post by GustavoFernandes | ||
|
Hi everyone
is it possible to create an tunnel server in brazil? although the adoption of ipv6 in Brazil is at a better level than in other countries in several smaller suppliers like the one I use, IPV6 is not yet supported I have a tunnel created in the United States and the smallest ping I can get is 120 to 140 ms, which greatly affects navigation. The only server in South America in Colombia returns ping between 197 and 400ms which is unusable |
||
|
19
General IPv6 Topics / IPv6 on Linux & BSD & Mac / Ubuntu 19.10 and 20.04 tunnel stops passing IPv6 traffic only
on: May 07, 2020, 12:28:24 PM
|
||
| Started by Nomadadon - Last post by Nomadadon | ||
|
I've had my tunnel up for a good while, but sometime in the last few months, I don't know when it started happening, but after my firewall as been up for a week, give or take 3 days, it's random, it will just stop passing traffic. Interface is up, routes are up, I can ping the remote IPv4 and the local IPv6, but 100% packet loss over the IPv6. No changes to the firewall rules ( iptables ) or any config, it just starts dropping all packets. As if I'm blocking a keepalive protocol I can't find docs on. If I reboot my linux box, traffic resumes without issue. If I down the interface and restart IPTables, no go, still dead. Here's my config: iface he-ipv6 inet6 v4tunnel # Bring up the actual tunnel address 2001:470:39:57c::2 netmask 64 endpoint 184.105.250.46 #local `/usr/local/bin/GetExternalIP.sh` local 209.182.74.168 ttl 255 gateway 2001:470:39:57c::1 post-up /etc/init.d/Firewall-6.sh restart # # For shutting down the interface down /sbin/ip route del ::/0 dev he-ipv6 2>/dev/null down /sbin/ifconfig he-ipv6 down 2>/dev/null down /sbin/ip link set he-ipv6 down 2>/dev/null post-down /sbin/ifconfig sit0 0.0.0.0 2>/dev/null post-down /sbin/ifconfig sit0 down 2>/dev/null post-down /sbin/ifconfig sit1 0.0.0.0 2>/dev/null post-down /sbin/ifconfig sit1 down 2>/dev/null post-down /sbin/modprobe -r sit 2>/dev/null 07:42:/home/nomad>ifconfig he-ipv6 he-ipv6: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1480 inet6 fe80::d1b5:4da8 prefixlen 64 scopeid 0x20<link> inet6 2001:470:39:57c::2 prefixlen 64 scopeid 0x0<global> sit txqueuelen 1000 (IPv6-in-IPv4) RX packets 2504594 bytes 2856452096 (2.8 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1470748 bytes 248227701 (248.2 MB) TX errors 542 dropped 0 overruns 0 carrier 536 collisions 0 07:44:/home/nomad>ip -6 route ::1 dev lo proto kernel metric 256 pref medium 2001:470:39:57c::1 dev he-ipv6 metric 1024 pref medium 2001:470:39:57c::/64 dev he-ipv6 proto kernel metric 256 pref medium 2001:470:4b:57c::/64 dev em1 proto kernel metric 256 pref medium fe80::/64 dev he-ipv6 proto kernel metric 256 pref medium fe80::/64 dev enp9s4 proto kernel metric 256 pref medium fe80::/64 dev em1 proto kernel metric 256 pref medium fe80::/64 dev em1.5 proto kernel metric 256 pref medium fe80::/64 dev em1.10 proto kernel metric 256 pref medium fe80::/64 dev em1.99 proto kernel metric 256 pref medium fe80::/64 dev em1.101 proto kernel metric 256 pref medium default via 2001:470:39:57c::1 dev he-ipv6 metric 1024 onlink pref medium 07:42:/home/nomad>ping -c 3 184.105.250.46 PING 184.105.250.46 (184.105.250.46) 56(84) bytes of data. 64 bytes from 184.105.250.46: icmp_seq=1 ttl=59 time=8.85 ms 64 bytes from 184.105.250.46: icmp_seq=2 ttl=59 time=8.55 ms 64 bytes from 184.105.250.46: icmp_seq=3 ttl=59 time=8.60 ms --- 184.105.250.46 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 8.553/8.668/8.854/0.132 ms 07:42:/home/nomad>ping -c 3 2001:470:39:57c::2 PING 2001:470:39:57c::2(2001:470:39:57c::2) 56 data bytes 64 bytes from 2001:470:39:57c::2: icmp_seq=1 ttl=64 time=0.070 ms 64 bytes from 2001:470:39:57c::2: icmp_seq=2 ttl=64 time=0.051 ms 64 bytes from 2001:470:39:57c::2: icmp_seq=3 ttl=64 time=0.059 ms --- 2001:470:39:57c::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2035ms rtt min/avg/max/mdev = 0.051/0.060/0.070/0.007 ms 07:42:/home/nomad>ping -c 3 2001:470:39:57c::1 PING 2001:470:39:57c::1(2001:470:39:57c::1) 56 data bytes --- 2001:470:39:57c::1 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2041ms |
||
|
20
on: May 05, 2020, 09:44:53 AM
|
||
| Started by dissy614 - Last post by passport123 | ||
|
I use drill instead of dig, but that's the syntax I use.
 I use he.net since I want to use DNSSEC on the three domains, and he.net doesn't provide DNSSEC when used as a master. However, he.net does support the DNSSEC capability I need when used as secondary DNS servers. My master DNS server does 1 to 5 updates each day as the records' signatures expire and need to be re-signed. A script checks that each update has made it to the secondary DNS servers. I get notified when there is a problem, e.g., an update does not make it to the secondary DNS servers. The only time an update did not propagate correctly occurred during the time I was setting up the system. The master DNS server was sending updates to he.net too quickly, i.e., too many in a short period of time. I suspect I may have triggered some manner of DoS protection at he.net. When I figured that out, I changed my scripts to do a maximum of one update every two minutes. Since I made that change (about 7 or 8 months ago), I've not had any issues. |
||