• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

New to Ipv6..

Started by dfrandin, August 25, 2014, 08:40:35 AM

Previous topic - Next topic

dfrandin

I'm trying to get the services I have running on an Ubuntu/Xen virtual server accessable by ipv6. The services are several wordpress sites and a shoutcast stream. The virtual server vendor claims to have full ipv6 support, and there is an ipv6 address in the vendor's prefix assigned to my virtual server, along with the assigned v4 address. I have an AAAA record in the dns for the hostname I want for the server. Its configured as "ipv6.mydomain.com". If I ping6 ipv6.mydomain.com, I see the correct ipv6 address, but I get no response from the server, nor can I ssh to the to server. On v4, I have the server firewalled to allow only icmp/ping/pong, ssh, shoutcast and http. on v6, I have not messed with ip6tables, so I'm assuming I'm wide open for ipv6.. My puzzlement is the fact I can't access the server via v6, and I've exhausted my meager knowledge of v6.. As far as I know, the vm host does not have a firewall covering the shared nodes on ipv6, I KNOW they don't for ipv4.. Anybody have any ideas? I'm fresh out...

cholzhauer

If you provide us with the actual domain we can do some testing/discovery and see if we can replicate your findings.

snarked

Although I know of no Linux distribution that comes with IPv6 firewall rules installed, your assumption that there are none is dangerous.  You should confirm that there are none with a simple "ip6tables -L" command.  Most exploits are over IPv4, but there are some which will use IPv6, so even if there are no firewall rules, you should add some as soon as you resolve your other problems.

dfrandin

Thanks for the replies!

I did an ip6tables -L and there are no rules entered.. The actual domain is ipv6.bestnewage.net. I run a shoutcast station on this system plus  the station's wordpress website, and since I'm trying to learn ipv6, I figured it would be a good learning excuse to allow ipv6 access to the website/station. I have the dns for the bestnewage.net domain at dnsexit.com and the dns screen on their website for the domain shows I have an AAAA record for ipv6.bestnewage.net with address 2604:c00:a:2:0:1:c0ab:61ed listed.. This is the v6 address I see when I do an ifconfig on the virtual server

inet6 addr: 2604:c00:a:2:0:1:c0ab:61ed/64 Scope:Global

Based on this, I'd suspect a firewall blocking all inbound traffic, since I cannot ping, ssh, grab the shoutcast stream or website at that address.... The only other thing I can think of is this virtual server has two bound interfaces (eth0 and eth0:0). Both have a v4 address, but eth0 is the only interface with a v6 address. The other interface/v4 address is configured in Apache to serve another website for a club I belong to.

Color me puzzled...

Thanks
Dave

kriteknetworks

Not directly related but when did shoutcast add ipv6 support? I dumped shoutcast 10+ years ago for lack of ipv6 support, not to mention the closed source/lack of ogg etc support.

dfrandin

Hmm.. I hadn't thought about that.. Dunno if it does have v6 support.. I rebuilt the server last year and upgraded to the latest version of sc_serv and sc_trans available. Of course, at the time I didn't think about ipv6.. I didn't get "on the ipv6 bandwagon" until I bought a new router for the house, and put Tomato firmware on it and realized it not only supported ipv6 but also the tunnelbroker tunnels.. I'd tried setting up a tunnel with my old router and a Linux host to handle the tunnel endpoint, but had lots of problems, so until I got the new router, I'd forgotten about v6.. Since I needed a "project" to learn more about v6, I decided to try and add it to my shoutcast station and its website.. Since DNS seems to know the correct v6 address for "ipv6.bestnewage.net", I'm thinking there is something amiss with the way v6 is configured on the virtual server.. Perhaps a ticket to the vendor is in my future...

Thanks