Re: Debugging ipv6
On 09/02/15 13:02, Darac Marjal wrote:
> On Mon, Feb 09, 2015 at 12:50:19PM +0000, Tony van der Hoff wrote:
>> I have a VPS, with an ipv6 address. It responds correctly to ping packets:
>>
>> tony@tony-lx:~$ ping6 vanderhoff.org
>> PING vanderhoff.org(2a03:9800:10:54::1) 56 data bytes
>> 64 bytes from 2a03:9800:10:54::1: icmp_seq=1 ttl=58 time=13.6 ms
>> 64 bytes from 2a03:9800:10:54::1: icmp_seq=2 ttl=58 time=12.1 ms
>> 64 bytes from 2a03:9800:10:54::1: icmp_seq=3 ttl=58 time=11.8 ms
>>
>> However, when I attempt to ssh into it, it baulks:
>> tony@tony-lx:~$ ssh -6 vanderhoff.org
>> ssh: connect to host vanderhoff.org port 22: Connection refused
>>
>> ssh -4 works fine:
>> tony@tony-lx:~$ ssh -4 vanderhoff.org
>> Linux shell 3.2.0-4-amd64 #1 SMP Debian 3.2.65-1+deb7u1 x86_64
>>
>> /etc/sshd_config has ipv6 enabled:
>> # What ports, IPs and protocols we listen for
>> Port 22
>> # Use these options to restrict which interfaces/protocols sshd will bind to
>> ListenAddress ::
>> ListenAddress 0.0.0.0
>>
>> My firewall should let ssh6 packets through (I think):
>> tony@shell:~$ sudo ip6tables -L -v
>> [sudo] password for tony:
>> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
>> pkts bytes target prot opt in out source
>> destination
>> 0 0 ACCEPT udp any any anywhere
>> anywhere udp dpt:openvpn
>> 0 0 ACCEPT tcp any any anywhere
>> anywhere tcp spt:https
>> 2421 301K ACCEPT tcp any any anywhere
>> anywhere tcp spt:http
>> 3955 350K ACCEPT tcp any any anywhere
>> anywhere tcp dpt:http
>> 0 0 ACCEPT tcp any any anywhere
>> anywhere tcp spt:domain
>> 0 0 ACCEPT udp any any anywhere
>> anywhere udp spt:domain
>> 0 0 ACCEPT tcp any any anywhere
>> anywhere tcp dpt:domain
>> 0 0 ACCEPT udp any any anywhere
>> anywhere udp dpt:domain
>> 0 0 ACCEPT tcp any any anywhere
>> anywhere tcp dpt:http
>> 0 0 ACCEPT all any any anywhere
>> tony-lx.magpieway.net/128
>> 0 0 ACCEPT all any any tony-lx.magpieway.net/128
>> anywhere
>> 25 4458 ACCEPT tcp any any anywhere
>> anywhere tcp dpt:smtp
>> 0 0 ACCEPT udp any any anywhere
>> anywhere udp dpt:ntp
>> 0 0 ACCEPT tcp any any anywhere
>> anywhere tcp dpt:ntp
>> 38640 96M ACCEPT all any any localhost/128
>> localhost/128
>> 0 0 ACCEPT ipv6-icmp any any anywhere
>> anywhere
>> 0 0 ACCEPT tcp any any anywhere
>> anywhere tcp dpt:ssh
>> 0 0 LOG all any any anywhere
>> anywhere limit: avg 5/min burst 5 LOG level debug prefix
>> "ip6tables denied: "
>> 0 0 DROP all any any anywhere
>> anywhere
>>
>> I get no ip6tables reject entries in my log.
>>
>> I used to be able to access this server over ipv6, so something's
>> broken. Can anyone please suggest where else to look, or how to diagnose
>> this problem.
>
> According to nmap, the only port you have open is port 179 (bgp). So I'd
> start by checking netstat to confirm that sshd IS listening on IPv6
>
> Next, it may help to run tshark (or wireshark or some other packet
> sniffer) and make sure that those pings come in to the host you're
> expecting (it's conceivable, for example, that there's some other device
> at that address that's actually the one you're pinging). If it is, then
> you know packets are getting to your machine and you just need to alter
> the firewall rules.
thanks for that; You're right: no packets are reaching the VPS. I've
raised a ticket with my hosting supplier, I'll see what that brings.
Thanks again,
Tony
--
Tony van der Hoff | mailto:tony@vanderhoff.org
Buckinghamshire, England |
Reply to: