Op zondag 6 december 2020 18:42:13 CET schreef Ed Greshko:
On 07/12/2020 00:50, Freek de Kruijf wrote:
> Op zondag 6 december 2020 12:30:46 CET schreef Ed Greshko:
>> Hi,
>>
>> System is a Fedora 33 VM running firewalld-0.8.4-1.
>>
>> I have:
>>
>> [root@f33k ~]# firewall-cmd --get-active-zones
>> drop
>>
>> interfaces: enp1s0
>>
>> enp1s0 has addresses 192.168.122.26 and 2001:b030:112f:2::53.
>>
>> If I try to ssh to it from another system I get....
>>
>> [egreshko@meimei ~]$ ssh 192.168.122.26
>> ^C
>>
>> Meaning it "hangs" until I ctrl-C it or it will timeout at some point
if
>> left alone.
>>
>> But I get this using the IPv6 address
>>
>> [egreshko@meimei ~]$ ssh 2001:b030:112f:2::53
>> ssh: connect to host 2001:b030:112f:2::53 port 22: No route to host
>>
>> So, is this a difference in how the FW handles IPv6 or due to how IPv6
>> works on the source side?
>>
>> Thanks,
>> Ed
>
> You gave us some insight in the firewall configuration. It looks you drop
> all incoming traffic on enp1s0. So the ssh connection to IPv4 gets no
> answer. For your IPv6 connection attempt it is important to know what the
> configuration is on the system you tried to make this connection from. So
> what is the output of "ip -6 r" on that system?
[egreshko@meimei ~]$ ip -6 r
::1 dev lo proto kernel metric 256 pref medium
2001:b030:112f::/64 dev enp2s0 proto kernel metric 100 pref medium
2001:b030:112f:2::/64 dev virbr0 proto kernel metric 256 pref medium
So the question is: Is your system with 2001:b030:112f:2::53 reachable via
virbr0?
You may try "ping 2001:b030:112f:2::53" on the system you want to connect from
in case the firewall allows the system with 2001:b030:112f:2::53 to answer on
ping requests.
fe80::/64 dev enp2s0 proto kernel metric 100 pref medium
fe80::/64 dev virbr0 proto kernel metric 256 pref medium
fe80::/64 dev vnet0 proto kernel metric 256 pref medium
fe80::/64 dev vnet1 proto kernel metric 256 pref medium
fe80::/64 dev wlp4s0 proto kernel metric 600 pref medium
default via 2001:b030:112f::1 dev enp2s0 proto static metric 100 pref medium
--
vr.gr.
Freek de Kruijf