'Re: Difference in IPv4 v.s. IPv6?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalld-users
Subject:    Re: Difference in IPv4 v.s. IPv6?
From:       Freek de Kruijf <f.de.kruijf () gmail ! com>
Date:       2020-12-07 11:19:49
Message-ID: 10378658.h29vL8Kmdl () eiktum
[Download RAW message or body]

Op zondag 6 december 2020 18:42:13 CET schreef Ed Greshko:
> On 07/12/2020 00:50, Freek de Kruijf wrote:
> > Op zondag 6 december 2020 12:30:46 CET schreef Ed Greshko:
> >> Hi,
> >> 
> >> System is a Fedora 33 VM running firewalld-0.8.4-1.
> >> 
> >> I have:
> >> 
> >> [root@f33k ~]# firewall-cmd --get-active-zones
> >> drop
> >> 
> >>     interfaces: enp1s0
> >> 
> >> enp1s0 has addresses 192.168.122.26 and 2001:b030:112f:2::53.
> >> 
> >> If I try to ssh to it from another system I get....
> >> 
> >> [egreshko@meimei ~]$ ssh 192.168.122.26
> >> ^C
> >> 
> >> Meaning it "hangs" until I ctrl-C it or it will timeout at some point if
> >> left alone.
> >> 
> >> But I get this using the IPv6 address
> >> 
> >> [egreshko@meimei ~]$ ssh 2001:b030:112f:2::53
> >> ssh: connect to host 2001:b030:112f:2::53 port 22: No route to host
> >> 
> >> So, is this a difference in how the FW handles IPv6 or due to how IPv6
> >> works on the source side?
> >> 
> >> Thanks,
> >> Ed
> > 
> > You gave us some insight in the firewall configuration. It looks you drop
> > all incoming traffic on enp1s0. So the ssh connection to IPv4 gets no
> > answer. For your IPv6 connection attempt it is important to know what the
> > configuration is on the system you tried to make this connection from. So
> > what is the output of "ip -6 r" on that system?
> 
> [egreshko@meimei ~]$ ip -6 r
> 
> ::1 dev lo proto kernel metric 256 pref medium
> 
> 2001:b030:112f::/64 dev enp2s0 proto kernel metric 100 pref medium
> 2001:b030:112f:2::/64 dev virbr0 proto kernel metric 256 pref medium

So the question is: Is your system with 2001:b030:112f:2::53 reachable via 
virbr0?
You may try "ping 2001:b030:112f:2::53" on the system you want to connect from 
in case the firewall allows the system with 2001:b030:112f:2::53 to answer on 
ping requests.

> fe80::/64 dev enp2s0 proto kernel metric 100 pref medium
> fe80::/64 dev virbr0 proto kernel metric 256 pref medium
> fe80::/64 dev vnet0 proto kernel metric 256 pref medium
> fe80::/64 dev vnet1 proto kernel metric 256 pref medium
> fe80::/64 dev wlp4s0 proto kernel metric 600 pref medium
> default via 2001:b030:112f::1 dev enp2s0 proto static metric 100 pref medium


-- 
vr.gr.

Freek de Kruijf


_______________________________________________
firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic