On Mon, Feb 09, 2015 at 12:50:19PM +0000, Tony van der Hoff wrote: > I have a VPS, with an ipv6 address. It responds correctly to ping packets: > > tony@tony-lx:~$ ping6 vanderhoff.org > PING vanderhoff.org(2a03:9800:10:54::1) 56 data bytes > 64 bytes from 2a03:9800:10:54::1: icmp_seq=1 ttl=58 time=13.6 ms > 64 bytes from 2a03:9800:10:54::1: icmp_seq=2 ttl=58 time=12.1 ms > 64 bytes from 2a03:9800:10:54::1: icmp_seq=3 ttl=58 time=11.8 ms > > However, when I attempt to ssh into it, it baulks: > tony@tony-lx:~$ ssh -6 vanderhoff.org > ssh: connect to host vanderhoff.org port 22: Connection refused > > ssh -4 works fine: > tony@tony-lx:~$ ssh -4 vanderhoff.org > Linux shell 3.2.0-4-amd64 #1 SMP Debian 3.2.65-1+deb7u1 x86_64 > > /etc/sshd_config has ipv6 enabled: > # What ports, IPs and protocols we listen for > Port 22 > # Use these options to restrict which interfaces/protocols sshd will bind to > ListenAddress :: > ListenAddress 0.0.0.0 > > My firewall should let ssh6 packets through (I think): > tony@shell:~$ sudo ip6tables -L -v > [sudo] password for tony: > Chain INPUT (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT udp any any anywhere > anywhere udp dpt:openvpn > 0 0 ACCEPT tcp any any anywhere > anywhere tcp spt:https > 2421 301K ACCEPT tcp any any anywhere > anywhere tcp spt:http > 3955 350K ACCEPT tcp any any anywhere > anywhere tcp dpt:http > 0 0 ACCEPT tcp any any anywhere > anywhere tcp spt:domain > 0 0 ACCEPT udp any any anywhere > anywhere udp spt:domain > 0 0 ACCEPT tcp any any anywhere > anywhere tcp dpt:domain > 0 0 ACCEPT udp any any anywhere > anywhere udp dpt:domain > 0 0 ACCEPT tcp any any anywhere > anywhere tcp dpt:http > 0 0 ACCEPT all any any anywhere > tony-lx.magpieway.net/128 > 0 0 ACCEPT all any any tony-lx.magpieway.net/128 > anywhere > 25 4458 ACCEPT tcp any any anywhere > anywhere tcp dpt:smtp > 0 0 ACCEPT udp any any anywhere > anywhere udp dpt:ntp > 0 0 ACCEPT tcp any any anywhere > anywhere tcp dpt:ntp > 38640 96M ACCEPT all any any localhost/128 > localhost/128 > 0 0 ACCEPT ipv6-icmp any any anywhere > anywhere > 0 0 ACCEPT tcp any any anywhere > anywhere tcp dpt:ssh > 0 0 LOG all any any anywhere > anywhere limit: avg 5/min burst 5 LOG level debug prefix > "ip6tables denied: " > 0 0 DROP all any any anywhere > anywhere > > I get no ip6tables reject entries in my log. > > I used to be able to access this server over ipv6, so something's > broken. Can anyone please suggest where else to look, or how to diagnose > this problem. According to nmap, the only port you have open is port 179 (bgp). So I'd start by checking netstat to confirm that sshd IS listening on IPv6 Next, it may help to run tshark (or wireshark or some other packet sniffer) and make sure that those pings come in to the host you're expecting (it's conceivable, for example, that there's some other device at that address that's actually the one you're pinging). If it is, then you know packets are getting to your machine and you just need to alter the firewall rules. > > Cheers, Tony. > -- > Tony van der Hoff | mailto:tony@vanderhoff.org > Buckinghamshire, England | > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > Archive: [🔎] 54D8AD0B.3090107@vanderhoff.org">https://lists.debian.org/[🔎] 54D8AD0B.3090107@vanderhoff.org >
Attachment:
signature.asc
Description: Digital signature