Op zondag 6 december 2020 12:30:46 CET schreef Ed Greshko: > Hi, > > System is a Fedora 33 VM running firewalld-0.8.4-1. > > I have: > > [root@f33k ~]# firewall-cmd --get-active-zones > drop > interfaces: enp1s0 > > enp1s0 has addresses 192.168.122.26 and 2001:b030:112f:2::53. > > If I try to ssh to it from another system I get.... > > [egreshko@meimei ~]$ ssh 192.168.122.26 > ^C > > Meaning it "hangs" until I ctrl-C it or it will timeout at some point if > left alone. > > But I get this using the IPv6 address > > [egreshko@meimei ~]$ ssh 2001:b030:112f:2::53 > ssh: connect to host 2001:b030:112f:2::53 port 22: No route to host > > So, is this a difference in how the FW handles IPv6 or due to how IPv6 works > on the source side? > > Thanks, > Ed You gave us some insight in the firewall configuration. It looks you drop all incoming traffic on enp1s0. So the ssh connection to IPv4 gets no answer. For your IPv6 connection attempt it is important to know what the configuration is on the system you tried to make this connection from. So what is the output of "ip -6 r" on that system?

Op zondag 6 december 2020 18:42:13 CET schreef Ed Greshko: > On 07/12/2020 00:50, Freek de Kruijf wrote: >> Op zondag 6 december 2020 12:30:46 CET schreef Ed Greshko: >>> Hi, >>> >>> System is a Fedora 33 VM running firewalld-0.8.4-1. >>> >>> I have: >>> >>> [root@f33k ~]# firewall-cmd --get-active-zones >>> drop >>> >>> interfaces: enp1s0 >>> >>> enp1s0 has addresses 192.168.122.26 and 2001:b030:112f:2::53. >>> >>> If I try to ssh to it from another system I get.... >>> >>> [egreshko@meimei ~]$ ssh 192.168.122.26 >>> ^C >>> >>> Meaning it "hangs" until I ctrl-C it or it will timeout at some point if >>> left alone. >>> >>> But I get this using the IPv6 address >>> >>> [egreshko@meimei ~]$ ssh 2001:b030:112f:2::53 >>> ssh: connect to host 2001:b030:112f:2::53 port 22: No route to host >>> >>> So, is this a difference in how the FW handles IPv6 or due to how IPv6 >>> works on the source side? >>> >>> Thanks, >>> Ed >> You gave us some insight in the firewall configuration. It looks you drop >> all incoming traffic on enp1s0. So the ssh connection to IPv4 gets no >> answer. For your IPv6 connection attempt it is important to know what the >> configuration is on the system you tried to make this connection from. So >> what is the output of "ip -6 r" on that system? > [egreshko@meimei ~]$ ip -6 r > > ::1 dev lo proto kernel metric 256 pref medium > > 2001:b030:112f::/64 dev enp2s0 proto kernel metric 100 pref medium > 2001:b030:112f:2::/64 dev virbr0 proto kernel metric 256 pref medium So the question is: Is your system with 2001:b030:112f:2::53 reachable via virbr0? You may try "ping 2001:b030:112f:2::53" on the system you want to connect from in case the firewall allows the system with 2001:b030:112f:2::53 to answer on ping requests.