• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Apache & IPv6

Started by bottswana, January 31, 2011, 12:54:11 PM

Previous topic - Next topic

schvin

Really weird. So ICMP6 both ways are fine. Just to check, can you get ssh with 6 to work on the server, and can you go to an http site with 6? Just  to ensure that you have tcp connectivity both ways working OK, and it really is an Apache issue?

Just as a test, I tried sshing to the same IP and it hangs as well, which implies that maybe it is something upstream, like packet size getting hung up. Can you sniff the connection upstream and see if maybe some icmp6 responses aren't making it all the way downstream, like packet-too-large, or something like that?

Another thought is that perhaps apache & sshd are trying to query DNS for my inbound ip and failing badly, but that should give up eventually and let it through...

bottswana

#16
Heres a thought. It seems it isnt apache

This is my web control panel (Not run by apache)
It does exactly the same thing. Chance of that happening is quite slim as it is a completely different web serving software.

http://[2001:470:95bb::2]:19000

How bizarre.

It seems ICMP traffic is getting through, but not web traffic, for example, one of the update servers ubuntu hits has IPv6.
Updates from that server fail.
Yet a WinServer2003 machine on the same netowkr (With the same routing) accesses all IPv6 netowrking fine
There is something odd going on here...

schvin

i'd try sniffing it upstream to see if any icmp6 messages getting back to the box are not getting through...

bottswana

Any recommendations on how to do that via ssh? :)

schvin

sure, just tcpdump. you can write it to a file and open that file somewhere else with wireshark, if you prefer the visual approach.

to monitor ipv6 traffic on interface eth0:

tcpdump -l -n -i eth0 -s 8192 ip6

to write it to a file rather than displaying it on screen, add "-w filename" before the "ip6" portion. the "ip6" portion is just a match, you can do lots of stuff with the matching to cut up the traffic as you see fit, if you like.

bombcar

Shut down apache. Run netcat on port 80 (google it if needed).

See if you can connect.

If you can, it's something in Apache that's making it mad. Virtualmin by default doesn't listen on IPv6; so you may have to poke it a bit.