Unable to connect (IPv6)











up vote
0
down vote

favorite












I couldn't find an answer or solution to my question in existing questions/answers on the net, so I have to write down my problem hoping that some expert spots the problem. Anyway here it goes.



I have 2 Ubuntu machines, configured that so that ipv4 is disabled and only IPv6 is enabled. One of them is the DUT the other the Tester.



DUT's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto ens1f0.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:101::121

    netmask 48


Testers's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto eth1.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:1ff::141

    netmask 48


They are both connected over an unmanaged L2 switch and I don't disable the network manager (as a utility as a side information)



Now, both Nodes can ping each other with ping6, like:



On Tester: ping6  -c 3 -I eth1.101 fd53:7cb8:383:101::121

On DUT: ping6  -c 3 -I ens1f0.101 fd53:7cb8:383:1ff::141


As I wanted to test the nodes with iperf3, it fails and I know that firewalls are disabled on both nodes.



On DUT I start iperf3 with:



iperf3 -6 -s -p 7001 -B fd53:7cb8:383:101::121


On Tester:



iperf3 -6 -c fd53:7cb8:383:101::121 -p 7001 -u  -B fd53:7cb8:383:1ff::141 -b 10M -t 1


On Wireshark attached to ens1f0 at DUT I can see the TCP packets coming from Tester with correct VLAN ID set, with correct destination address and port settings, Client tries to establist connection with Server but Server does not react.



When I run netstat -ant, it shows me something like:



Proto Recv-Q Send-Q Local Address           Foreign Address         State      

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     

tcp6       0      0 ::1:631                 :::*                    LISTEN     

tcp6       0      0 fd53:7cb8:383:101::7001 :::*                    LISTEN


But when I run nmap on Tester to scan ports on DUT, it returns nothing saying:



sudo nmap -e eth1.101 -6 fd53:7cb8:383:101::121 -Pnr -p1-8000


gives me:



Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-23 13:01 CET

Nmap scan report for fd53:7cb8:383:101::121

Host is up (0.00031s latency).

All 8000 scanned ports on fd53:7cb8:383:101::121 are filtered

MAC Address: A0:36:9F:04:36:44 (Intel Corporate)



Nmap done: 1 IP address (1 host up) scanned in 174.62 seconds


Now I don't know what is wrong here.But I keep the eye on netstat report saying Local address f"d53:7cb8:383:101::7001" is listening but my Test machine prefix is fd53:7cb8:383:1ff. Could this be reason. Because when I change the Tester address to fd53:7cb8:383:101::xxx It works with iperf and Nmap and etc.



That means I thought two nodes fd53:7cb8:383:101::121 and fd53:7cb8:383:1ff::141 with netmask 48 should be able to find each other and communicate....they do..Ping works and TCP packets are arriving but those TCP packets are not answered and NMAP says all ports filtered even I know that Firewall is disabled.



I hope someone knows the answer to this.



Thank You
Mtin






networking firewall ipv6







share|improve this question
























  • When you disabled the firewall did you reload it?
    – George Udosen
    Nov 23 at 14:01










  • hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
    – Metin Yerlikaya
    Nov 23 at 14:20










  • May be the switch was the issue!
    – George Udosen
    Nov 23 at 14:29










  • this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
    – Metin Yerlikaya
    Nov 23 at 14:33










  • IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
    – Michael Hampton
    Nov 23 at 16:36















up vote
0
down vote

favorite












I couldn't find an answer or solution to my question in existing questions/answers on the net, so I have to write down my problem hoping that some expert spots the problem. Anyway here it goes.



I have 2 Ubuntu machines, configured that so that ipv4 is disabled and only IPv6 is enabled. One of them is the DUT the other the Tester.



DUT's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto ens1f0.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:101::121

    netmask 48


Testers's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto eth1.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:1ff::141

    netmask 48


They are both connected over an unmanaged L2 switch and I don't disable the network manager (as a utility as a side information)



Now, both Nodes can ping each other with ping6, like:



On Tester: ping6  -c 3 -I eth1.101 fd53:7cb8:383:101::121

On DUT: ping6  -c 3 -I ens1f0.101 fd53:7cb8:383:1ff::141


As I wanted to test the nodes with iperf3, it fails and I know that firewalls are disabled on both nodes.



On DUT I start iperf3 with:



iperf3 -6 -s -p 7001 -B fd53:7cb8:383:101::121


On Tester:



iperf3 -6 -c fd53:7cb8:383:101::121 -p 7001 -u  -B fd53:7cb8:383:1ff::141 -b 10M -t 1


On Wireshark attached to ens1f0 at DUT I can see the TCP packets coming from Tester with correct VLAN ID set, with correct destination address and port settings, Client tries to establist connection with Server but Server does not react.



When I run netstat -ant, it shows me something like:



Proto Recv-Q Send-Q Local Address           Foreign Address         State      

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     

tcp6       0      0 ::1:631                 :::*                    LISTEN     

tcp6       0      0 fd53:7cb8:383:101::7001 :::*                    LISTEN


But when I run nmap on Tester to scan ports on DUT, it returns nothing saying:



sudo nmap -e eth1.101 -6 fd53:7cb8:383:101::121 -Pnr -p1-8000


gives me:



Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-23 13:01 CET

Nmap scan report for fd53:7cb8:383:101::121

Host is up (0.00031s latency).

All 8000 scanned ports on fd53:7cb8:383:101::121 are filtered

MAC Address: A0:36:9F:04:36:44 (Intel Corporate)



Nmap done: 1 IP address (1 host up) scanned in 174.62 seconds


Now I don't know what is wrong here.But I keep the eye on netstat report saying Local address f"d53:7cb8:383:101::7001" is listening but my Test machine prefix is fd53:7cb8:383:1ff. Could this be reason. Because when I change the Tester address to fd53:7cb8:383:101::xxx It works with iperf and Nmap and etc.



That means I thought two nodes fd53:7cb8:383:101::121 and fd53:7cb8:383:1ff::141 with netmask 48 should be able to find each other and communicate....they do..Ping works and TCP packets are arriving but those TCP packets are not answered and NMAP says all ports filtered even I know that Firewall is disabled.



I hope someone knows the answer to this.



Thank You
Mtin






networking firewall ipv6







share|improve this question
























  • When you disabled the firewall did you reload it?
    – George Udosen
    Nov 23 at 14:01










  • hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
    – Metin Yerlikaya
    Nov 23 at 14:20










  • May be the switch was the issue!
    – George Udosen
    Nov 23 at 14:29










  • this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
    – Metin Yerlikaya
    Nov 23 at 14:33










  • IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
    – Michael Hampton
    Nov 23 at 16:36













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I couldn't find an answer or solution to my question in existing questions/answers on the net, so I have to write down my problem hoping that some expert spots the problem. Anyway here it goes.



I have 2 Ubuntu machines, configured that so that ipv4 is disabled and only IPv6 is enabled. One of them is the DUT the other the Tester.



DUT's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto ens1f0.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:101::121

    netmask 48


Testers's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto eth1.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:1ff::141

    netmask 48


They are both connected over an unmanaged L2 switch and I don't disable the network manager (as a utility as a side information)



Now, both Nodes can ping each other with ping6, like:



On Tester: ping6  -c 3 -I eth1.101 fd53:7cb8:383:101::121

On DUT: ping6  -c 3 -I ens1f0.101 fd53:7cb8:383:1ff::141


As I wanted to test the nodes with iperf3, it fails and I know that firewalls are disabled on both nodes.



On DUT I start iperf3 with:



iperf3 -6 -s -p 7001 -B fd53:7cb8:383:101::121


On Tester:



iperf3 -6 -c fd53:7cb8:383:101::121 -p 7001 -u  -B fd53:7cb8:383:1ff::141 -b 10M -t 1


On Wireshark attached to ens1f0 at DUT I can see the TCP packets coming from Tester with correct VLAN ID set, with correct destination address and port settings, Client tries to establist connection with Server but Server does not react.



When I run netstat -ant, it shows me something like:



Proto Recv-Q Send-Q Local Address           Foreign Address         State      

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     

tcp6       0      0 ::1:631                 :::*                    LISTEN     

tcp6       0      0 fd53:7cb8:383:101::7001 :::*                    LISTEN


But when I run nmap on Tester to scan ports on DUT, it returns nothing saying:



sudo nmap -e eth1.101 -6 fd53:7cb8:383:101::121 -Pnr -p1-8000


gives me:



Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-23 13:01 CET

Nmap scan report for fd53:7cb8:383:101::121

Host is up (0.00031s latency).

All 8000 scanned ports on fd53:7cb8:383:101::121 are filtered

MAC Address: A0:36:9F:04:36:44 (Intel Corporate)



Nmap done: 1 IP address (1 host up) scanned in 174.62 seconds


Now I don't know what is wrong here.But I keep the eye on netstat report saying Local address f"d53:7cb8:383:101::7001" is listening but my Test machine prefix is fd53:7cb8:383:1ff. Could this be reason. Because when I change the Tester address to fd53:7cb8:383:101::xxx It works with iperf and Nmap and etc.



That means I thought two nodes fd53:7cb8:383:101::121 and fd53:7cb8:383:1ff::141 with netmask 48 should be able to find each other and communicate....they do..Ping works and TCP packets are arriving but those TCP packets are not answered and NMAP says all ports filtered even I know that Firewall is disabled.



I hope someone knows the answer to this.



Thank You
Mtin






networking firewall ipv6







share|improve this question















I couldn't find an answer or solution to my question in existing questions/answers on the net, so I have to write down my problem hoping that some expert spots the problem. Anyway here it goes.



I have 2 Ubuntu machines, configured that so that ipv4 is disabled and only IPv6 is enabled. One of them is the DUT the other the Tester.



DUT's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto ens1f0.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:101::121

    netmask 48


Testers's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto eth1.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:1ff::141

    netmask 48


They are both connected over an unmanaged L2 switch and I don't disable the network manager (as a utility as a side information)



Now, both Nodes can ping each other with ping6, like:



On Tester: ping6  -c 3 -I eth1.101 fd53:7cb8:383:101::121

On DUT: ping6  -c 3 -I ens1f0.101 fd53:7cb8:383:1ff::141


As I wanted to test the nodes with iperf3, it fails and I know that firewalls are disabled on both nodes.



On DUT I start iperf3 with:



iperf3 -6 -s -p 7001 -B fd53:7cb8:383:101::121


On Tester:



iperf3 -6 -c fd53:7cb8:383:101::121 -p 7001 -u  -B fd53:7cb8:383:1ff::141 -b 10M -t 1


On Wireshark attached to ens1f0 at DUT I can see the TCP packets coming from Tester with correct VLAN ID set, with correct destination address and port settings, Client tries to establist connection with Server but Server does not react.



When I run netstat -ant, it shows me something like:



Proto Recv-Q Send-Q Local Address           Foreign Address         State      

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     

tcp6       0      0 ::1:631                 :::*                    LISTEN     

tcp6       0      0 fd53:7cb8:383:101::7001 :::*                    LISTEN


But when I run nmap on Tester to scan ports on DUT, it returns nothing saying:



sudo nmap -e eth1.101 -6 fd53:7cb8:383:101::121 -Pnr -p1-8000


gives me:



Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-23 13:01 CET

Nmap scan report for fd53:7cb8:383:101::121

Host is up (0.00031s latency).

All 8000 scanned ports on fd53:7cb8:383:101::121 are filtered

MAC Address: A0:36:9F:04:36:44 (Intel Corporate)



Nmap done: 1 IP address (1 host up) scanned in 174.62 seconds


Now I don't know what is wrong here.But I keep the eye on netstat report saying Local address f"d53:7cb8:383:101::7001" is listening but my Test machine prefix is fd53:7cb8:383:1ff. Could this be reason. Because when I change the Tester address to fd53:7cb8:383:101::xxx It works with iperf and Nmap and etc.



That means I thought two nodes fd53:7cb8:383:101::121 and fd53:7cb8:383:1ff::141 with netmask 48 should be able to find each other and communicate....they do..Ping works and TCP packets are arriving but those TCP packets are not answered and NMAP says all ports filtered even I know that Firewall is disabled.



I hope someone knows the answer to this.



Thank You
Mtin






networking firewall ipv6




networking firewall ipv6






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 23 at 13:57









George Udosen

18.8k94265




18.8k94265










asked Nov 23 at 13:42









Metin Yerlikaya

1




1












  • When you disabled the firewall did you reload it?
    – George Udosen
    Nov 23 at 14:01










  • hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
    – Metin Yerlikaya
    Nov 23 at 14:20










  • May be the switch was the issue!
    – George Udosen
    Nov 23 at 14:29










  • this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
    – Metin Yerlikaya
    Nov 23 at 14:33










  • IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
    – Michael Hampton
    Nov 23 at 16:36


















  • When you disabled the firewall did you reload it?
    – George Udosen
    Nov 23 at 14:01










  • hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
    – Metin Yerlikaya
    Nov 23 at 14:20










  • May be the switch was the issue!
    – George Udosen
    Nov 23 at 14:29










  • this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
    – Metin Yerlikaya
    Nov 23 at 14:33










  • IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
    – Michael Hampton
    Nov 23 at 16:36
















When you disabled the firewall did you reload it?
– George Udosen
Nov 23 at 14:01




When you disabled the firewall did you reload it?
– George Udosen
Nov 23 at 14:01












hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
– Metin Yerlikaya
Nov 23 at 14:20




hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
– Metin Yerlikaya
Nov 23 at 14:20












May be the switch was the issue!
– George Udosen
Nov 23 at 14:29




May be the switch was the issue!
– George Udosen
Nov 23 at 14:29












this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
– Metin Yerlikaya
Nov 23 at 14:33




this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
– Metin Yerlikaya
Nov 23 at 14:33












IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
– Michael Hampton
Nov 23 at 16:36




IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
– Michael Hampton
Nov 23 at 16:36















active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1095386%2funable-to-connect-ipv6%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1095386%2funable-to-connect-ipv6%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Biblatex bibliography style without URLs when DOI exists (in Overleaf with Zotero bibliography)

Image
2 2 I have a Zotero bibliography in Overleaf. I use biblatex . usepackage[backend=biber,citestyle=authoryear]{biblatex} addbibresource{zoteroALH.bib} Bibliography entries look like: @book{de_saint-gervais_uniformization_2016, title = {Uniformization of {Riemann} {Surfaces}}, isbn = {978-3-03719-145-3}, url = {https://www.ems-ph.org/books/book.php?proj_nr=198&srch=series%7Chem}, urldate = {2019-02-03}, author = {de Saint-Gervais, Paul Henri}, year = {2016}, doi = {10.4171/145} } In the bibliography down the paper the reference shows like this: There is the DOI, great, but also the URL which is unnecessary when the DOI is there. How can I remove the URL when the DOI is present? biblatex bibliographies overleaf zote
Read more

ComboBox Display Member on multiple fields

Image
2 I'm trying to set the .DisplayMember property of a ComboBox in C#, but I want to bind it to multiple columns in the .DataSouce . My SQL looks like this: SELECT PersNbr, PersFirstName, PersMiddleName, PersLastName FROM Pers WHERE PersNbr = :persNbr; I'm saving this query in a DataTable so each column selected has it's own column in the Datatable . I want to make the .DisplayMember a combination of PersFirstName + PersMiddleName + PersLastName so their full name appears like this: comboBox.DisplayMemeber = "PersFirstName" + "PersMiddleName" + "PersLastName" I know I can just to this on the query: SELECT PersNbr, (PersFirstName || PersMiddleName || PersLastName) PersName and then just do this: comboBox.DisplayMember = "PersName"; but I
Read more

Is it possible to collect Nectar points via Trainline?

Image
2 Since I am not eligible for any Railcard, the only available discount/bonus scheme is Nectar Card for me. GWR, SWR, LNER and Virgin Trains allow to collect Nectar points and I have already linked a card to my GWR account. A friend suggested me to use Trainline App, because it can search for bus tickets either. I had a look at the application, but could not see any option for Nectar. Is there a way to collect Nectar points when I buy tickets via Trainline? uk trains loyalty-programs trainline share | improve this question asked Dec 2 '18 at 15:50 ahmedus 3,224 5 19 49
Read more