On 09/02/15 13:02, Darac Marjal wrote: > On Mon, Feb 09, 2015 at 12:50:19PM +0000, Tony van der Hoff wrote: >> I have a VPS, with an ipv6 address. It responds correctly to ping packets: >> >> tony@tony-lx:~$ ping6 vanderhoff.org >> PING vanderhoff.org(2a03:9800:10:54::1) 56 data bytes >> 64 bytes from 2a03:9800:10:54::1: icmp_seq=1 ttl=58 time=13.6 ms >> 64 bytes from 2a03:9800:10:54::1: icmp_seq=2 ttl=58 time=12.1 ms >> 64 bytes from 2a03:9800:10:54::1: icmp_seq=3 ttl=58 time=11.8 ms >> >> However, when I attempt to ssh into it, it baulks: >> tony@tony-lx:~$ ssh -6 vanderhoff.org >> ssh: connect to host vanderhoff.org port 22: Connection refused >> >> ssh -4 works fine: >> tony@tony-lx:~$ ssh -4 vanderhoff.org >> Linux shell 3.2.0-4-amd64 #1 SMP Debian 3.2.65-1+deb7u1 x86_64 >> >> /etc/sshd_config has ipv6 enabled: >> # What ports, IPs and protocols we listen for >> Port 22 >> # Use these options to restrict which interfaces/protocols sshd will bind to >> ListenAddress :: >> ListenAddress 0.0.0.0 >> >> My firewall should let ssh6 packets through (I think): >> tony@shell:~$ sudo ip6tables -L -v >> [sudo] password for tony: >> Chain INPUT (policy ACCEPT 0 packets, 0 bytes) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT udp any any anywhere >> anywhere udp dpt:openvpn >> 0 0 ACCEPT tcp any any anywhere >> anywhere tcp spt:https >> 2421 301K ACCEPT tcp any any anywhere >> anywhere tcp spt:http >> 3955 350K ACCEPT tcp any any anywhere >> anywhere tcp dpt:http >> 0 0 ACCEPT tcp any any anywhere >> anywhere tcp spt:domain >> 0 0 ACCEPT udp any any anywhere >> anywhere udp spt:domain >> 0 0 ACCEPT tcp any any anywhere >> anywhere tcp dpt:domain >> 0 0 ACCEPT udp any any anywhere >> anywhere udp dpt:domain >> 0 0 ACCEPT tcp any any anywhere >> anywhere tcp dpt:http >> 0 0 ACCEPT all any any anywhere >> tony-lx.magpieway.net/128 >> 0 0 ACCEPT all any any tony-lx.magpieway.net/128 >> anywhere >> 25 4458 ACCEPT tcp any any anywhere >> anywhere tcp dpt:smtp >> 0 0 ACCEPT udp any any anywhere >> anywhere udp dpt:ntp >> 0 0 ACCEPT tcp any any anywhere >> anywhere tcp dpt:ntp >> 38640 96M ACCEPT all any any localhost/128 >> localhost/128 >> 0 0 ACCEPT ipv6-icmp any any anywhere >> anywhere >> 0 0 ACCEPT tcp any any anywhere >> anywhere tcp dpt:ssh >> 0 0 LOG all any any anywhere >> anywhere limit: avg 5/min burst 5 LOG level debug prefix >> "ip6tables denied: " >> 0 0 DROP all any any anywhere >> anywhere >> >> I get no ip6tables reject entries in my log. >> >> I used to be able to access this server over ipv6, so something's >> broken. Can anyone please suggest where else to look, or how to diagnose >> this problem. > > According to nmap, the only port you have open is port 179 (bgp). So I'd > start by checking netstat to confirm that sshd IS listening on IPv6 > > Next, it may help to run tshark (or wireshark or some other packet > sniffer) and make sure that those pings come in to the host you're > expecting (it's conceivable, for example, that there's some other device > at that address that's actually the one you're pinging). If it is, then > you know packets are getting to your machine and you just need to alter > the firewall rules.
thanks for that; You're right: no packets are reaching the VPS. I've raised a ticket with my hosting supplier, I'll see what that brings. Thanks again, Tony -- Tony van der Hoff | mailto:t...@vanderhoff.org Buckinghamshire, England | -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54d8cc6d.5060...@vanderhoff.org
