Unable to connect (IPv6)











up vote
0
down vote

favorite












I couldn't find an answer or solution to my question in existing questions/answers on the net, so I have to write down my problem hoping that some expert spots the problem. Anyway here it goes.



I have 2 Ubuntu machines, configured that so that ipv4 is disabled and only IPv6 is enabled. One of them is the DUT the other the Tester.



DUT's configuration:



auto lo
iface lo inet loopback
iface lo inet6 loopback
auto ens1f0.101
iface eth1.101 inet6 static
address fd53:7cb8:383:101::121
netmask 48


Testers's configuration:



auto lo
iface lo inet loopback
iface lo inet6 loopback
auto eth1.101
iface eth1.101 inet6 static
address fd53:7cb8:383:1ff::141
netmask 48


They are both connected over an unmanaged L2 switch and I don't disable the network manager (as a utility as a side information)



Now, both Nodes can ping each other with ping6, like:



On Tester: ping6  -c 3 -I eth1.101 fd53:7cb8:383:101::121
On DUT: ping6 -c 3 -I ens1f0.101 fd53:7cb8:383:1ff::141


As I wanted to test the nodes with iperf3, it fails and I know that firewalls are disabled on both nodes.



On DUT I start iperf3 with:



iperf3 -6 -s -p 7001 -B fd53:7cb8:383:101::121


On Tester:



iperf3 -6 -c fd53:7cb8:383:101::121 -p 7001 -u  -B fd53:7cb8:383:1ff::141 -b 10M -t 1


On Wireshark attached to ens1f0 at DUT I can see the TCP packets coming from Tester with correct VLAN ID set, with correct destination address and port settings, Client tries to establist connection with Server but Server does not react.



When I run netstat -ant, it shows me something like:



Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 fd53:7cb8:383:101::7001 :::* LISTEN


But when I run nmap on Tester to scan ports on DUT, it returns nothing saying:



sudo nmap -e eth1.101 -6 fd53:7cb8:383:101::121 -Pnr -p1-8000


gives me:



Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-23 13:01 CET
Nmap scan report for fd53:7cb8:383:101::121
Host is up (0.00031s latency).
All 8000 scanned ports on fd53:7cb8:383:101::121 are filtered
MAC Address: A0:36:9F:04:36:44 (Intel Corporate)

Nmap done: 1 IP address (1 host up) scanned in 174.62 seconds


Now I don't know what is wrong here.But I keep the eye on netstat report saying Local address f"d53:7cb8:383:101::7001" is listening but my Test machine prefix is fd53:7cb8:383:1ff. Could this be reason. Because when I change the Tester address to fd53:7cb8:383:101::xxx It works with iperf and Nmap and etc.



That means I thought two nodes fd53:7cb8:383:101::121 and fd53:7cb8:383:1ff::141 with netmask 48 should be able to find each other and communicate....they do..Ping works and TCP packets are arriving but those TCP packets are not answered and NMAP says all ports filtered even I know that Firewall is disabled.



I hope someone knows the answer to this.



Thank You
Mtin










share|improve this question
























  • When you disabled the firewall did you reload it?
    – George Udosen
    Nov 23 at 14:01










  • hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
    – Metin Yerlikaya
    Nov 23 at 14:20










  • May be the switch was the issue!
    – George Udosen
    Nov 23 at 14:29










  • this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
    – Metin Yerlikaya
    Nov 23 at 14:33










  • IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
    – Michael Hampton
    Nov 23 at 16:36















up vote
0
down vote

favorite












I couldn't find an answer or solution to my question in existing questions/answers on the net, so I have to write down my problem hoping that some expert spots the problem. Anyway here it goes.



I have 2 Ubuntu machines, configured that so that ipv4 is disabled and only IPv6 is enabled. One of them is the DUT the other the Tester.



DUT's configuration:



auto lo
iface lo inet loopback
iface lo inet6 loopback
auto ens1f0.101
iface eth1.101 inet6 static
address fd53:7cb8:383:101::121
netmask 48


Testers's configuration:



auto lo
iface lo inet loopback
iface lo inet6 loopback
auto eth1.101
iface eth1.101 inet6 static
address fd53:7cb8:383:1ff::141
netmask 48


They are both connected over an unmanaged L2 switch and I don't disable the network manager (as a utility as a side information)



Now, both Nodes can ping each other with ping6, like:



On Tester: ping6  -c 3 -I eth1.101 fd53:7cb8:383:101::121
On DUT: ping6 -c 3 -I ens1f0.101 fd53:7cb8:383:1ff::141


As I wanted to test the nodes with iperf3, it fails and I know that firewalls are disabled on both nodes.



On DUT I start iperf3 with:



iperf3 -6 -s -p 7001 -B fd53:7cb8:383:101::121


On Tester:



iperf3 -6 -c fd53:7cb8:383:101::121 -p 7001 -u  -B fd53:7cb8:383:1ff::141 -b 10M -t 1


On Wireshark attached to ens1f0 at DUT I can see the TCP packets coming from Tester with correct VLAN ID set, with correct destination address and port settings, Client tries to establist connection with Server but Server does not react.



When I run netstat -ant, it shows me something like:



Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 fd53:7cb8:383:101::7001 :::* LISTEN


But when I run nmap on Tester to scan ports on DUT, it returns nothing saying:



sudo nmap -e eth1.101 -6 fd53:7cb8:383:101::121 -Pnr -p1-8000


gives me:



Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-23 13:01 CET
Nmap scan report for fd53:7cb8:383:101::121
Host is up (0.00031s latency).
All 8000 scanned ports on fd53:7cb8:383:101::121 are filtered
MAC Address: A0:36:9F:04:36:44 (Intel Corporate)

Nmap done: 1 IP address (1 host up) scanned in 174.62 seconds


Now I don't know what is wrong here.But I keep the eye on netstat report saying Local address f"d53:7cb8:383:101::7001" is listening but my Test machine prefix is fd53:7cb8:383:1ff. Could this be reason. Because when I change the Tester address to fd53:7cb8:383:101::xxx It works with iperf and Nmap and etc.



That means I thought two nodes fd53:7cb8:383:101::121 and fd53:7cb8:383:1ff::141 with netmask 48 should be able to find each other and communicate....they do..Ping works and TCP packets are arriving but those TCP packets are not answered and NMAP says all ports filtered even I know that Firewall is disabled.



I hope someone knows the answer to this.



Thank You
Mtin










share|improve this question
























  • When you disabled the firewall did you reload it?
    – George Udosen
    Nov 23 at 14:01










  • hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
    – Metin Yerlikaya
    Nov 23 at 14:20










  • May be the switch was the issue!
    – George Udosen
    Nov 23 at 14:29










  • this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
    – Metin Yerlikaya
    Nov 23 at 14:33










  • IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
    – Michael Hampton
    Nov 23 at 16:36













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I couldn't find an answer or solution to my question in existing questions/answers on the net, so I have to write down my problem hoping that some expert spots the problem. Anyway here it goes.



I have 2 Ubuntu machines, configured that so that ipv4 is disabled and only IPv6 is enabled. One of them is the DUT the other the Tester.



DUT's configuration:



auto lo
iface lo inet loopback
iface lo inet6 loopback
auto ens1f0.101
iface eth1.101 inet6 static
address fd53:7cb8:383:101::121
netmask 48


Testers's configuration:



auto lo
iface lo inet loopback
iface lo inet6 loopback
auto eth1.101
iface eth1.101 inet6 static
address fd53:7cb8:383:1ff::141
netmask 48


They are both connected over an unmanaged L2 switch and I don't disable the network manager (as a utility as a side information)



Now, both Nodes can ping each other with ping6, like:



On Tester: ping6  -c 3 -I eth1.101 fd53:7cb8:383:101::121
On DUT: ping6 -c 3 -I ens1f0.101 fd53:7cb8:383:1ff::141


As I wanted to test the nodes with iperf3, it fails and I know that firewalls are disabled on both nodes.



On DUT I start iperf3 with:



iperf3 -6 -s -p 7001 -B fd53:7cb8:383:101::121


On Tester:



iperf3 -6 -c fd53:7cb8:383:101::121 -p 7001 -u  -B fd53:7cb8:383:1ff::141 -b 10M -t 1


On Wireshark attached to ens1f0 at DUT I can see the TCP packets coming from Tester with correct VLAN ID set, with correct destination address and port settings, Client tries to establist connection with Server but Server does not react.



When I run netstat -ant, it shows me something like:



Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 fd53:7cb8:383:101::7001 :::* LISTEN


But when I run nmap on Tester to scan ports on DUT, it returns nothing saying:



sudo nmap -e eth1.101 -6 fd53:7cb8:383:101::121 -Pnr -p1-8000


gives me:



Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-23 13:01 CET
Nmap scan report for fd53:7cb8:383:101::121
Host is up (0.00031s latency).
All 8000 scanned ports on fd53:7cb8:383:101::121 are filtered
MAC Address: A0:36:9F:04:36:44 (Intel Corporate)

Nmap done: 1 IP address (1 host up) scanned in 174.62 seconds


Now I don't know what is wrong here.But I keep the eye on netstat report saying Local address f"d53:7cb8:383:101::7001" is listening but my Test machine prefix is fd53:7cb8:383:1ff. Could this be reason. Because when I change the Tester address to fd53:7cb8:383:101::xxx It works with iperf and Nmap and etc.



That means I thought two nodes fd53:7cb8:383:101::121 and fd53:7cb8:383:1ff::141 with netmask 48 should be able to find each other and communicate....they do..Ping works and TCP packets are arriving but those TCP packets are not answered and NMAP says all ports filtered even I know that Firewall is disabled.



I hope someone knows the answer to this.



Thank You
Mtin










share|improve this question















I couldn't find an answer or solution to my question in existing questions/answers on the net, so I have to write down my problem hoping that some expert spots the problem. Anyway here it goes.



I have 2 Ubuntu machines, configured that so that ipv4 is disabled and only IPv6 is enabled. One of them is the DUT the other the Tester.



DUT's configuration:



auto lo
iface lo inet loopback
iface lo inet6 loopback
auto ens1f0.101
iface eth1.101 inet6 static
address fd53:7cb8:383:101::121
netmask 48


Testers's configuration:



auto lo
iface lo inet loopback
iface lo inet6 loopback
auto eth1.101
iface eth1.101 inet6 static
address fd53:7cb8:383:1ff::141
netmask 48


They are both connected over an unmanaged L2 switch and I don't disable the network manager (as a utility as a side information)



Now, both Nodes can ping each other with ping6, like:



On Tester: ping6  -c 3 -I eth1.101 fd53:7cb8:383:101::121
On DUT: ping6 -c 3 -I ens1f0.101 fd53:7cb8:383:1ff::141


As I wanted to test the nodes with iperf3, it fails and I know that firewalls are disabled on both nodes.



On DUT I start iperf3 with:



iperf3 -6 -s -p 7001 -B fd53:7cb8:383:101::121


On Tester:



iperf3 -6 -c fd53:7cb8:383:101::121 -p 7001 -u  -B fd53:7cb8:383:1ff::141 -b 10M -t 1


On Wireshark attached to ens1f0 at DUT I can see the TCP packets coming from Tester with correct VLAN ID set, with correct destination address and port settings, Client tries to establist connection with Server but Server does not react.



When I run netstat -ant, it shows me something like:



Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 fd53:7cb8:383:101::7001 :::* LISTEN


But when I run nmap on Tester to scan ports on DUT, it returns nothing saying:



sudo nmap -e eth1.101 -6 fd53:7cb8:383:101::121 -Pnr -p1-8000


gives me:



Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-23 13:01 CET
Nmap scan report for fd53:7cb8:383:101::121
Host is up (0.00031s latency).
All 8000 scanned ports on fd53:7cb8:383:101::121 are filtered
MAC Address: A0:36:9F:04:36:44 (Intel Corporate)

Nmap done: 1 IP address (1 host up) scanned in 174.62 seconds


Now I don't know what is wrong here.But I keep the eye on netstat report saying Local address f"d53:7cb8:383:101::7001" is listening but my Test machine prefix is fd53:7cb8:383:1ff. Could this be reason. Because when I change the Tester address to fd53:7cb8:383:101::xxx It works with iperf and Nmap and etc.



That means I thought two nodes fd53:7cb8:383:101::121 and fd53:7cb8:383:1ff::141 with netmask 48 should be able to find each other and communicate....they do..Ping works and TCP packets are arriving but those TCP packets are not answered and NMAP says all ports filtered even I know that Firewall is disabled.



I hope someone knows the answer to this.



Thank You
Mtin







networking firewall ipv6






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 23 at 13:57









George Udosen

18.8k94265




18.8k94265










asked Nov 23 at 13:42









Metin Yerlikaya

1




1












  • When you disabled the firewall did you reload it?
    – George Udosen
    Nov 23 at 14:01










  • hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
    – Metin Yerlikaya
    Nov 23 at 14:20










  • May be the switch was the issue!
    – George Udosen
    Nov 23 at 14:29










  • this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
    – Metin Yerlikaya
    Nov 23 at 14:33










  • IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
    – Michael Hampton
    Nov 23 at 16:36


















  • When you disabled the firewall did you reload it?
    – George Udosen
    Nov 23 at 14:01










  • hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
    – Metin Yerlikaya
    Nov 23 at 14:20










  • May be the switch was the issue!
    – George Udosen
    Nov 23 at 14:29










  • this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
    – Metin Yerlikaya
    Nov 23 at 14:33










  • IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
    – Michael Hampton
    Nov 23 at 16:36
















When you disabled the firewall did you reload it?
– George Udosen
Nov 23 at 14:01




When you disabled the firewall did you reload it?
– George Udosen
Nov 23 at 14:01












hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
– Metin Yerlikaya
Nov 23 at 14:20




hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
– Metin Yerlikaya
Nov 23 at 14:20












May be the switch was the issue!
– George Udosen
Nov 23 at 14:29




May be the switch was the issue!
– George Udosen
Nov 23 at 14:29












this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
– Metin Yerlikaya
Nov 23 at 14:33




this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
– Metin Yerlikaya
Nov 23 at 14:33












IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
– Michael Hampton
Nov 23 at 16:36




IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
– Michael Hampton
Nov 23 at 16:36















active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1095386%2funable-to-connect-ipv6%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1095386%2funable-to-connect-ipv6%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

How to change which sound is reproduced for terminal bell?

Can I use Tabulator js library in my java Spring + Thymeleaf project?

Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents