Unable to connect (IPv6)











up vote
0
down vote

favorite












I couldn't find an answer or solution to my question in existing questions/answers on the net, so I have to write down my problem hoping that some expert spots the problem. Anyway here it goes.



I have 2 Ubuntu machines, configured that so that ipv4 is disabled and only IPv6 is enabled. One of them is the DUT the other the Tester.



DUT's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto ens1f0.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:101::121

    netmask 48


Testers's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto eth1.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:1ff::141

    netmask 48


They are both connected over an unmanaged L2 switch and I don't disable the network manager (as a utility as a side information)



Now, both Nodes can ping each other with ping6, like:



On Tester: ping6  -c 3 -I eth1.101 fd53:7cb8:383:101::121

On DUT: ping6  -c 3 -I ens1f0.101 fd53:7cb8:383:1ff::141


As I wanted to test the nodes with iperf3, it fails and I know that firewalls are disabled on both nodes.



On DUT I start iperf3 with:



iperf3 -6 -s -p 7001 -B fd53:7cb8:383:101::121


On Tester:



iperf3 -6 -c fd53:7cb8:383:101::121 -p 7001 -u  -B fd53:7cb8:383:1ff::141 -b 10M -t 1


On Wireshark attached to ens1f0 at DUT I can see the TCP packets coming from Tester with correct VLAN ID set, with correct destination address and port settings, Client tries to establist connection with Server but Server does not react.



When I run netstat -ant, it shows me something like:



Proto Recv-Q Send-Q Local Address           Foreign Address         State      

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     

tcp6       0      0 ::1:631                 :::*                    LISTEN     

tcp6       0      0 fd53:7cb8:383:101::7001 :::*                    LISTEN


But when I run nmap on Tester to scan ports on DUT, it returns nothing saying:



sudo nmap -e eth1.101 -6 fd53:7cb8:383:101::121 -Pnr -p1-8000


gives me:



Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-23 13:01 CET

Nmap scan report for fd53:7cb8:383:101::121

Host is up (0.00031s latency).

All 8000 scanned ports on fd53:7cb8:383:101::121 are filtered

MAC Address: A0:36:9F:04:36:44 (Intel Corporate)



Nmap done: 1 IP address (1 host up) scanned in 174.62 seconds


Now I don't know what is wrong here.But I keep the eye on netstat report saying Local address f"d53:7cb8:383:101::7001" is listening but my Test machine prefix is fd53:7cb8:383:1ff. Could this be reason. Because when I change the Tester address to fd53:7cb8:383:101::xxx It works with iperf and Nmap and etc.



That means I thought two nodes fd53:7cb8:383:101::121 and fd53:7cb8:383:1ff::141 with netmask 48 should be able to find each other and communicate....they do..Ping works and TCP packets are arriving but those TCP packets are not answered and NMAP says all ports filtered even I know that Firewall is disabled.



I hope someone knows the answer to this.



Thank You
Mtin






networking firewall ipv6







share|improve this question
























  • When you disabled the firewall did you reload it?
    – George Udosen
    Nov 23 at 14:01










  • hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
    – Metin Yerlikaya
    Nov 23 at 14:20










  • May be the switch was the issue!
    – George Udosen
    Nov 23 at 14:29










  • this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
    – Metin Yerlikaya
    Nov 23 at 14:33










  • IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
    – Michael Hampton
    Nov 23 at 16:36















up vote
0
down vote

favorite












I couldn't find an answer or solution to my question in existing questions/answers on the net, so I have to write down my problem hoping that some expert spots the problem. Anyway here it goes.



I have 2 Ubuntu machines, configured that so that ipv4 is disabled and only IPv6 is enabled. One of them is the DUT the other the Tester.



DUT's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto ens1f0.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:101::121

    netmask 48


Testers's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto eth1.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:1ff::141

    netmask 48


They are both connected over an unmanaged L2 switch and I don't disable the network manager (as a utility as a side information)



Now, both Nodes can ping each other with ping6, like:



On Tester: ping6  -c 3 -I eth1.101 fd53:7cb8:383:101::121

On DUT: ping6  -c 3 -I ens1f0.101 fd53:7cb8:383:1ff::141


As I wanted to test the nodes with iperf3, it fails and I know that firewalls are disabled on both nodes.



On DUT I start iperf3 with:



iperf3 -6 -s -p 7001 -B fd53:7cb8:383:101::121


On Tester:



iperf3 -6 -c fd53:7cb8:383:101::121 -p 7001 -u  -B fd53:7cb8:383:1ff::141 -b 10M -t 1


On Wireshark attached to ens1f0 at DUT I can see the TCP packets coming from Tester with correct VLAN ID set, with correct destination address and port settings, Client tries to establist connection with Server but Server does not react.



When I run netstat -ant, it shows me something like:



Proto Recv-Q Send-Q Local Address           Foreign Address         State      

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     

tcp6       0      0 ::1:631                 :::*                    LISTEN     

tcp6       0      0 fd53:7cb8:383:101::7001 :::*                    LISTEN


But when I run nmap on Tester to scan ports on DUT, it returns nothing saying:



sudo nmap -e eth1.101 -6 fd53:7cb8:383:101::121 -Pnr -p1-8000


gives me:



Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-23 13:01 CET

Nmap scan report for fd53:7cb8:383:101::121

Host is up (0.00031s latency).

All 8000 scanned ports on fd53:7cb8:383:101::121 are filtered

MAC Address: A0:36:9F:04:36:44 (Intel Corporate)



Nmap done: 1 IP address (1 host up) scanned in 174.62 seconds


Now I don't know what is wrong here.But I keep the eye on netstat report saying Local address f"d53:7cb8:383:101::7001" is listening but my Test machine prefix is fd53:7cb8:383:1ff. Could this be reason. Because when I change the Tester address to fd53:7cb8:383:101::xxx It works with iperf and Nmap and etc.



That means I thought two nodes fd53:7cb8:383:101::121 and fd53:7cb8:383:1ff::141 with netmask 48 should be able to find each other and communicate....they do..Ping works and TCP packets are arriving but those TCP packets are not answered and NMAP says all ports filtered even I know that Firewall is disabled.



I hope someone knows the answer to this.



Thank You
Mtin






networking firewall ipv6







share|improve this question
























  • When you disabled the firewall did you reload it?
    – George Udosen
    Nov 23 at 14:01










  • hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
    – Metin Yerlikaya
    Nov 23 at 14:20










  • May be the switch was the issue!
    – George Udosen
    Nov 23 at 14:29










  • this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
    – Metin Yerlikaya
    Nov 23 at 14:33










  • IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
    – Michael Hampton
    Nov 23 at 16:36













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I couldn't find an answer or solution to my question in existing questions/answers on the net, so I have to write down my problem hoping that some expert spots the problem. Anyway here it goes.



I have 2 Ubuntu machines, configured that so that ipv4 is disabled and only IPv6 is enabled. One of them is the DUT the other the Tester.



DUT's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto ens1f0.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:101::121

    netmask 48


Testers's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto eth1.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:1ff::141

    netmask 48


They are both connected over an unmanaged L2 switch and I don't disable the network manager (as a utility as a side information)



Now, both Nodes can ping each other with ping6, like:



On Tester: ping6  -c 3 -I eth1.101 fd53:7cb8:383:101::121

On DUT: ping6  -c 3 -I ens1f0.101 fd53:7cb8:383:1ff::141


As I wanted to test the nodes with iperf3, it fails and I know that firewalls are disabled on both nodes.



On DUT I start iperf3 with:



iperf3 -6 -s -p 7001 -B fd53:7cb8:383:101::121


On Tester:



iperf3 -6 -c fd53:7cb8:383:101::121 -p 7001 -u  -B fd53:7cb8:383:1ff::141 -b 10M -t 1


On Wireshark attached to ens1f0 at DUT I can see the TCP packets coming from Tester with correct VLAN ID set, with correct destination address and port settings, Client tries to establist connection with Server but Server does not react.



When I run netstat -ant, it shows me something like:



Proto Recv-Q Send-Q Local Address           Foreign Address         State      

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     

tcp6       0      0 ::1:631                 :::*                    LISTEN     

tcp6       0      0 fd53:7cb8:383:101::7001 :::*                    LISTEN


But when I run nmap on Tester to scan ports on DUT, it returns nothing saying:



sudo nmap -e eth1.101 -6 fd53:7cb8:383:101::121 -Pnr -p1-8000


gives me:



Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-23 13:01 CET

Nmap scan report for fd53:7cb8:383:101::121

Host is up (0.00031s latency).

All 8000 scanned ports on fd53:7cb8:383:101::121 are filtered

MAC Address: A0:36:9F:04:36:44 (Intel Corporate)



Nmap done: 1 IP address (1 host up) scanned in 174.62 seconds


Now I don't know what is wrong here.But I keep the eye on netstat report saying Local address f"d53:7cb8:383:101::7001" is listening but my Test machine prefix is fd53:7cb8:383:1ff. Could this be reason. Because when I change the Tester address to fd53:7cb8:383:101::xxx It works with iperf and Nmap and etc.



That means I thought two nodes fd53:7cb8:383:101::121 and fd53:7cb8:383:1ff::141 with netmask 48 should be able to find each other and communicate....they do..Ping works and TCP packets are arriving but those TCP packets are not answered and NMAP says all ports filtered even I know that Firewall is disabled.



I hope someone knows the answer to this.



Thank You
Mtin






networking firewall ipv6







share|improve this question















I couldn't find an answer or solution to my question in existing questions/answers on the net, so I have to write down my problem hoping that some expert spots the problem. Anyway here it goes.



I have 2 Ubuntu machines, configured that so that ipv4 is disabled and only IPv6 is enabled. One of them is the DUT the other the Tester.



DUT's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto ens1f0.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:101::121

    netmask 48


Testers's configuration:



auto lo

iface lo inet loopback

iface lo inet6 loopback

auto eth1.101

iface eth1.101 inet6 static

    address fd53:7cb8:383:1ff::141

    netmask 48


They are both connected over an unmanaged L2 switch and I don't disable the network manager (as a utility as a side information)



Now, both Nodes can ping each other with ping6, like:



On Tester: ping6  -c 3 -I eth1.101 fd53:7cb8:383:101::121

On DUT: ping6  -c 3 -I ens1f0.101 fd53:7cb8:383:1ff::141


As I wanted to test the nodes with iperf3, it fails and I know that firewalls are disabled on both nodes.



On DUT I start iperf3 with:



iperf3 -6 -s -p 7001 -B fd53:7cb8:383:101::121


On Tester:



iperf3 -6 -c fd53:7cb8:383:101::121 -p 7001 -u  -B fd53:7cb8:383:1ff::141 -b 10M -t 1


On Wireshark attached to ens1f0 at DUT I can see the TCP packets coming from Tester with correct VLAN ID set, with correct destination address and port settings, Client tries to establist connection with Server but Server does not react.



When I run netstat -ant, it shows me something like:



Proto Recv-Q Send-Q Local Address           Foreign Address         State      

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     

tcp6       0      0 ::1:631                 :::*                    LISTEN     

tcp6       0      0 fd53:7cb8:383:101::7001 :::*                    LISTEN


But when I run nmap on Tester to scan ports on DUT, it returns nothing saying:



sudo nmap -e eth1.101 -6 fd53:7cb8:383:101::121 -Pnr -p1-8000


gives me:



Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-23 13:01 CET

Nmap scan report for fd53:7cb8:383:101::121

Host is up (0.00031s latency).

All 8000 scanned ports on fd53:7cb8:383:101::121 are filtered

MAC Address: A0:36:9F:04:36:44 (Intel Corporate)



Nmap done: 1 IP address (1 host up) scanned in 174.62 seconds


Now I don't know what is wrong here.But I keep the eye on netstat report saying Local address f"d53:7cb8:383:101::7001" is listening but my Test machine prefix is fd53:7cb8:383:1ff. Could this be reason. Because when I change the Tester address to fd53:7cb8:383:101::xxx It works with iperf and Nmap and etc.



That means I thought two nodes fd53:7cb8:383:101::121 and fd53:7cb8:383:1ff::141 with netmask 48 should be able to find each other and communicate....they do..Ping works and TCP packets are arriving but those TCP packets are not answered and NMAP says all ports filtered even I know that Firewall is disabled.



I hope someone knows the answer to this.



Thank You
Mtin






networking firewall ipv6




networking firewall ipv6






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 23 at 13:57









George Udosen

18.8k94265




18.8k94265










asked Nov 23 at 13:42









Metin Yerlikaya

1




1












  • When you disabled the firewall did you reload it?
    – George Udosen
    Nov 23 at 14:01










  • hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
    – Metin Yerlikaya
    Nov 23 at 14:20










  • May be the switch was the issue!
    – George Udosen
    Nov 23 at 14:29










  • this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
    – Metin Yerlikaya
    Nov 23 at 14:33










  • IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
    – Michael Hampton
    Nov 23 at 16:36


















  • When you disabled the firewall did you reload it?
    – George Udosen
    Nov 23 at 14:01










  • hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
    – Metin Yerlikaya
    Nov 23 at 14:20










  • May be the switch was the issue!
    – George Udosen
    Nov 23 at 14:29










  • this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
    – Metin Yerlikaya
    Nov 23 at 14:33










  • IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
    – Michael Hampton
    Nov 23 at 16:36
















When you disabled the firewall did you reload it?
– George Udosen
Nov 23 at 14:01




When you disabled the firewall did you reload it?
– George Udosen
Nov 23 at 14:01












hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
– Metin Yerlikaya
Nov 23 at 14:20




hmmm no but I do the experiment and change the Tester address from fd53:7cb8:383:1ff::141 to fd53:7cb8:383:101::141 on the console so that upper 64 bits of DUT and Tester matches --> (fd53:7cb8:383:101::) and after that without changing anything with firewall iperf works again....what is the deal here with IP addresses?
– Metin Yerlikaya
Nov 23 at 14:20












May be the switch was the issue!
– George Udosen
Nov 23 at 14:29




May be the switch was the issue!
– George Udosen
Nov 23 at 14:29












this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
– Metin Yerlikaya
Nov 23 at 14:33




this is good idea....why not..hmmmm but again....I see that TCP packets are arriving at target...so switch cannot be the reason...I can capture the packets at DUTs interface with wireshark
– Metin Yerlikaya
Nov 23 at 14:33












IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
– Michael Hampton
Nov 23 at 16:36




IPv6 expects subnets to be /64. No more, no less. If you change this, you will have subtle breakage which is difficult or impossible to fix.
– Michael Hampton
Nov 23 at 16:36















active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1095386%2funable-to-connect-ipv6%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1095386%2funable-to-connect-ipv6%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

How to change which sound is reproduced for terminal bell?

Image
3 Recently upgrade to 18.10 from 18.04, and using the terminal is becoming annoying: the new alert sound is a drip ( /usr/share/sounds/gnome/default/alerts/drip.ogg ), and the previous one is still located at ( /usr/share/sounds/ubuntu/stereo/bell.ogg ). My issue is that at the gnome-terminal, when autocompleting or pressing left BOTH sounds are reproduced, at the same time. I want to just have ubuntu/stereo/bell.ogg active, not both . At the moment I have been only able to reduce the volume of the alerts (but still both are played), or turn the alerts down (but I dislike both "solutions"). gnome-terminal 18.10 teminal-bell share | improve this question
Read more

Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents

Image
up vote 5 down vote favorite 2 I would like to make it so that the vertical space below the title of each chapter is the same when using the Bjornstrup package (i.e. so that the descenders do not affect the spacing - as shown by the red arrow in the picture below). I think I'm fairly happy with the spacing around "A chapter", so I'd really like titles without descenders (e.g. "Contents") to have the same vertical spacing as "A chapter" below the title. I would also like to remove the large "0" in the contents title. Any help appreciated, as always. documentclass[11pt,a4paper]{book} % Packages[![enter image description here][1]][1] usepackage[left=3.5cm, right=3.5cm, top=4.3cm, bottom=4.25cm]{geometry} usepackage[utf8]{inputenc} usepackage{libertine} usepackage[libertine]{newtx
Read more

Can I use Tabulator js library in my java Spring + Thymeleaf project?

Image
0 I want to add Tabulator js to my java project. I added tabulator.min.js, tabulator.min.css to resources folder. After that added to my html page these dependencies as recommending in readme.md. <link rel="stylesheet" th:href="@{/css/tabulator.min.css}"> <script type="text/javascript" th:src="@{/js/tabulator.min.js}"></script> Now my tables view all elements, that I have in the html page, but not correct. In the documentation of Tabulator is example how to create header and table, var table = new Tabulator("#example-table", { columns:[ {title:"Name", field:"name", sorter:"string", width:200, editor:true}, {title:"Age", field:"age", sorter:"
Read more