Unable to ssh server via ipv6

linux ssh linux-networking ipv6

6,527

Given that you didn't go into too much detail about your setup, here are a few pointers:

Verify that...

you have ip_forward enabled for IPv6: sysctl net.ipv6.conf.all.forwarding=1
you are not dealing with link-local addresses (the fe80::/10 prefix)
you can access the VM via IPv6 from the host it's running on.
you test IPv6 connectivity with firewall disabled (ip6tables -F) first and add rules when it's working.

6,527

Author by

elp

Updated on September 18, 2022

Comments

elp almost 2 years

First: ipv4 works fine.

So I got the following setup: (Server is an Arch Linux OS running as VM)

EDIT Added a rule

ACCEPT     tcp      ::/0                 ::/0                 tcp dpt:22

which accepts ANY connection on port 22 (to make sure it's not an IP failure), but that does not work as well. So I am doing something wrong with the ssh ... command or the ipv6 firewall table is not working:

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all      ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
ACCEPT     all      ::/0                 ::/0                
DROP       all      ::/0                 ::/0                 ctstate INVALID
UDP        udp      ::/0                 ::/0                 ctstate NEW
TCP        tcp      ::/0                 ::/0                 tcp flags:0x17/0x02 ctstate NEW
REJECT     tcp      ::/0                 ::/0                 reject-with tcp-reset
REJECT     all      ::/0                 ::/0                 reject-with icmp6-adm-prohibited

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain TCP (1 references)
target     prot opt source               destination         
ACCEPT     tcp      ::/0                 ::/0                 tcp dpt:22

Chain UDP (1 references)
target     prot opt source               destination

After deleting the ip6table it finally works :D So I need to figure out what went wrong :)

Michael Hampton over 5 years

Why is there a %eth0 at the end of your (apparently fake) IPv6 address?
elp over 5 years

Just edited it because I've seen that somewhere (its the clients interface). But if I append the eth0 it literally happens nothing (stays in the execution).
Michael Hampton over 5 years

OK, well first, check the firewall on the remote host. That firewall rule you posted above doesn't actually get referenced from anywhere, so it has no effect.
elp over 5 years

Whoops, forgot to add the reference. Still does not change anything (after restarting the ip6tables.service)
Michael Hampton over 5 years

Well, then, what does your firewall look like?
elp over 5 years

Sorry, just added the full table