Debian 9 problem IPV6 ping6 google

Discussion in 'ISPConfig 3 Priority Support' started by sdesprez, Apr 19, 2018.

Tags:
  1. sdesprez

    sdesprez New Member HowtoForge Supporter

    hello

    I have a proble with IPv6
    [email protected]:/etc/init.d# ping6 ipv6.google.com
    PING ipv6.google.com(par21s17-in-x0e.1e100.net (2a00:1450:4007:808::200e)) 56 data bytes
    From 2001:41d0:303:4deb:: (2001:41d0:303:4deb::) icmp_seq=1 Destination unreachable: Address unreachable
    From 2001:41d0:303:4deb:: (2001:41d0:303:4deb::) icmp_seq=2 Destination unreachable: Address unreachable
    From 2001:41d0:303:4deb:: (2001:41d0:303:4deb::) icmp_seq=3 Destination unreachable: Address unreachable
    From 2001:41d0:303:4deb:: (2001:41d0:303:4deb::) icmp_seq=4 Destination unreachable: Address unreachable
    From 2001:41d0:303:4deb:: (2001:41d0:303:4deb::) icmp_seq=5 Destination unreachable: Address unreachable
    From 2001:41d0:303:4deb:: (2001:41d0:303:4deb::) icmp_seq=6 Destination unreachable: Address unreachable
    From 2001:41d0:303:4deb:: (2001:41d0:303:4deb::) icmp_seq=7 Destination unreachable: Address unreachable
    From 2001:41d0:303:4deb:: (2001:41d0:303:4deb::) icmp_seq=8 Destination unreachable: Address unreachable
    From 2001:41d0:303:4deb:: (2001:41d0:303:4deb::) icmp_seq=9 Destination unreachable: Address unreachable
    From 2001:41d0:303:4deb:: (2001:41d0:303:4deb::) icmp_seq=10 Destination unreachable: Address unreachable
    From 2001:41d0:303:4deb:: (2001:41d0:303:4deb::) icmp_seq=11 Destination unreachable: Address unreachable
    From 2001:41d0:303:4deb:: (2001:41d0:303:4deb::) icmp_seq=12 Destination unreachable: Address unreachable
    ^C
    --- ipv6.google.com ping statistics ---
    14 packets transmitted, 0 received, +12 errors, 100% packet loss, time 13312ms

    It is very strange.
    Help me

    Regards
    Sylvain,
     
  2. sdesprez

    sdesprez New Member HowtoForge Supporter

    ip6tables -S (ipv6)
    -P INPUT DROP
    -P FORWARD DROP
    -P OUTPUT DROP
    -A INPUT -i lo -j ACCEPT
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m hl --hl-eq 255 -j ACCEPT
    -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m hl --hl-eq 255 -j ACCEPT
    -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m hl --hl-eq 255 -j ACCEPT
    -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m conntrack --ctstate NEW -m limit --limit 1/sec --limit-burst 1 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 990 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 989 -j ACCEPT
    -A OUTPUT -o lo -j ACCEPT
    -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT
    -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT
    -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j ACCEPT
    -A OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT
    -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
    -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
    -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
    -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
    -A OUTPUT -p tcp -m tcp --dport 2222 -j ACCEPT
    -A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
    -A OUTPUT -p tcp -m tcp --dport 990 -j ACCEPT
    -A OUTPUT -p tcp -m tcp --dport 989 -j ACCEPT
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Does the ping work when you disable the firewall for a test?
    Is the server reachable by IPv6?
     
  4. sdesprez

    sdesprez New Member HowtoForge Supporter

    ip6tables accept all
    same problem
    Ping6 to my server it is OK
    Ping6 to a other website is wrong
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you ask your server provider, maybe they block ipv6 pings or there is another network config problem that affects IPv6 only?
     
  6. Hans

    Hans Moderator ISPConfig Developer

    Recently, I had the same issue after the latest Debian 9 kernel update. I fixed this problem as follows:

    Add at the very end of the file /etc/sysctl.d/ipv6.conf the following lines:

    net.ipv6.conf.default.accept_ra=0
    net.ipv6.conf.all.accept_ra=0
    net.ipv6.conf.ens3.accept_ra=0

    Or within the file /etc/sysctl.d/ipv6.conf:

    net.ipv6.conf.default.accept_ra=0
    net.ipv6.conf.all.accept_ra=0
    net.ipv6.conf.ens3.accept_ra=0

    After a VPS reboot you will have IPv6 connectivity again that stays. ens3 mentioned above is the name of my NIC. So if yours is eth0 for example, use that instead.


    Hopes this helps you too.
     
    Last edited: May 10, 2018
    till likes this.

Share This Page