Unable to ssh server via ipv6
6,527
Given that you didn't go into too much detail about your setup, here are a few pointers:
Verify that...
- you have ip_forward enabled for IPv6:
sysctl net.ipv6.conf.all.forwarding=1
- you are not dealing with link-local addresses (the fe80::/10 prefix)
- you can access the VM via IPv6 from the host it's running on.
- you test IPv6 connectivity with firewall disabled (
ip6tables -F
) first and add rules when it's working.
Author by
elp
Updated on September 18, 2022Comments
-
elp almost 2 years
First: ipv4 works fine.
So I got the following setup: (Server is an Arch Linux OS running as VM)
EDIT Added a rule
ACCEPT tcp ::/0 ::/0 tcp dpt:22
which accepts ANY connection on port 22 (to make sure it's not an IP failure), but that does not work as well. So I am doing something wrong with the
ssh ...
command or the ipv6 firewall table is not working:Chain INPUT (policy DROP) target prot opt source destination ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED ACCEPT all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID UDP udp ::/0 ::/0 ctstate NEW TCP tcp ::/0 ::/0 tcp flags:0x17/0x02 ctstate NEW REJECT tcp ::/0 ::/0 reject-with tcp-reset REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain TCP (1 references) target prot opt source destination ACCEPT tcp ::/0 ::/0 tcp dpt:22 Chain UDP (1 references) target prot opt source destination
After deleting the ip6table it finally works :D So I need to figure out what went wrong :)
-
Michael Hampton over 5 yearsWhy is there a
%eth0
at the end of your (apparently fake) IPv6 address? -
elp over 5 yearsJust edited it because I've seen that somewhere (its the clients interface). But if I append the eth0 it literally happens nothing (stays in the execution).
-
Michael Hampton over 5 yearsOK, well first, check the firewall on the remote host. That firewall rule you posted above doesn't actually get referenced from anywhere, so it has no effect.
-
elp over 5 yearsWhoops, forgot to add the reference. Still does not change anything (after restarting the ip6tables.service)
-
Michael Hampton over 5 yearsWell, then, what does your firewall look like?
-
elp over 5 yearsSorry, just added the full table
-