Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




2024 posts

Uber Geek

Subscriber

#195462 20-Apr-2016 19:01
Send private message

Hi

 

I'm trying to access my Owncloud server from the internet via IPv6.  I'm with 2degreesbroadband now and have a static /56 ipv6.  The 7390 is connected via IPv6 and all the servers on the network have an IPv6 address that is valid.  I can access the owncloud login via IPV6, IPv4 or the hostname so all is good.  It's been added to my DNS server too.

 

I've set the IPv6 forwarding up in the fritzbox, opened port 80 and 443 etc. I've also added the address to my registrar so I can do my hostname properly owncloud.domain.com for example, but when trying to ping the IPv6 address from the internet it won't work.  Using the online websites that can ping for you, I get the following:

 

PING Owncloud server IP(Owncloud server IP) 32 data bytes
From Router IP Address icmp_seq=0 Destination unreachable: Administratively prohibited
From Router IP Address icmp_seq=1 Destination unreachable: Administratively prohibited
From Router IP Address icmp_seq=2 Destination unreachable: Administratively prohibited
From Router IP Address icmp_seq=3 Destination unreachable: Administratively prohibited

 

I've removed the Router IP Address from the results but that is what it shows, and it won't get past the router despite the ports being open.

 

Anyone else using a 7390 and port forwarding IPv6?

 

Cheers,

 

Chris


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
381 posts

Ultimate Geek


  #1536923 20-Apr-2016 19:10
Send private message

Hi

 

 

 

So your using in Fritzbox settings

 

- Internet

 

- Permit Access

 

- IPv6 Port Forwarding... 

 

 

 

Dean




2024 posts

Uber Geek

Subscriber

  #1536926 20-Apr-2016 19:12
Send private message

yes; IPv4 port forward works fine as that is currently being sent to my load balancers for the mail servers... Just not IPv6, its being blocked by the router for some reason by the looks of it.


 
 
 
 


381 posts

Ultimate Geek


  #1536927 20-Apr-2016 19:13
Send private message

And are you doing a ping6 or ping -6




2024 posts

Uber Geek

Subscriber

  #1536938 20-Apr-2016 19:28
Send private message

from my work pc which is windows powered (and I was at work) I used ping -6, and also using various online sites such as SubnetOnline.com and their IPv6 pinger.


381 posts

Ultimate Geek


  #1536940 20-Apr-2016 19:32
Send private message

And you enabled ping echo?




2024 posts

Uber Geek

Subscriber

  #1536944 20-Apr-2016 19:37
Send private message

I believe so as the Ubuntu firewall is not enabled; I presume this is the case as it doesn't appear to be getting a reply from the server at all... The port forward setting has Ping6 enabled.


381 posts

Ultimate Geek


  #1536949 20-Apr-2016 19:48
Send private message

can you ping from internal network?


 
 
 
 




2024 posts

Uber Geek

Subscriber

  #1536998 20-Apr-2016 20:52
Send private message

Yes, both IPv4, IPv6 and by hostname (FQDN).  I can also access the owncloud server using the IPv6 address from the address bar of IE11; its simply accessing the server from the outside world seems to get stuck at the router.


381 posts

Ultimate Geek


  #1537027 20-Apr-2016 21:20
Send private message

Hmm.. well I just pinged my folks apple extreme from my place via ping6

 

I did have all ports open though.. have you opened it to all ports?

 

 

 

 




2024 posts

Uber Geek

Subscriber

  #1537029 20-Apr-2016 21:22
Send private message

I've tried both options; all ports and only ports 80/443... Neither work from the outside.

 

How is your folks apple extreme connected to the internet?  My 7390 will allow me OUT via IPv6, but its not accepting incoming connections.


568 posts

Ultimate Geek


  #1537043 20-Apr-2016 21:45
Send private message

Pings and port forwarding are completely different things.  If may be that the FritzBox is not responding to an IPv6 ping for some reason, but the IPv6 ports are likely to be open.  Pings are usually done using an ICMP ECHO_REQUEST packet and expecting an ICMP ECHO_RESPONSE packet, so your firewall has to pass those ICMP packets in the appropriate directions.  The rules for passing ICMP packets are completely different from the ones passing TCP packets, so to get IPv6 ping to work, you need to allow those ICMPv6 packets as well as setting up the port forwarding rules.

 

I use tcptraceroute6 from one of my Linux boxes to check if a TCP port is open.  That uses TCP SYN packets to the specified port, so it works on just that port, and does not involve pings.  To test your firewall, you can try using similar tools from sites like this:

 

http://www.subnetonline.com

 

Unfortunately, there seems to be no comparable tool to tcptraceroute6 available for Windows.  There is an IPv4 one (tracetcp).

 

You can also use ncat (netcat) if you just want to do a just port ping rather than a trace.  There are Windows versions of ncat that do IPv6, but virus checkers often object to installing ncat as it can be used for various attacks on sites.  I have forgotten the ncat command for this, but I am sure there is a web page out there that can tell you.




2024 posts

Uber Geek

Subscriber

  #1537046 20-Apr-2016 21:52
Send private message

fe31nz:

 

Pings and port forwarding are completely different things.  If may be that the FritzBox is not responding to an IPv6 ping for some reason, but the IPv6 ports are likely to be open.  Pings are usually done using an ICMP ECHO_REQUEST packet and expecting an ICMP ECHO_RESPONSE packet, so your firewall has to pass those ICMP packets in the appropriate directions.  The rules for passing ICMP packets are completely different from the ones passing TCP packets, so to get IPv6 ping to work, you need to allow those ICMPv6 packets as well as setting up the port forwarding rules.

 

I use tcptraceroute6 from one of my Linux boxes to check if a TCP port is open.  That uses TCP SYN packets to the specified port, so it works on just that port, and does not involve pings.  To test your firewall, you can try using similar tools from sites like this:

 

http://www.subnetonline.com

 

Unfortunately, there seems to be no comparable tool to tcptraceroute6 available for Windows.  There is an IPv4 one (tracetcp).

 

You can also use ncat (netcat) if you just want to do a just port ping rather than a trace.  There are Windows versions of ncat that do IPv6, but virus checkers often object to installing ncat as it can be used for various attacks on sites.  I have forgotten the ncat command for this, but I am sure there is a web page out there that can tell you.

 

 

I've been using that site; its how I got the details of the ping being blocked by the router.  If I use the port scanner on the site and scan for 443 on the IP it states its not connected, which seems to correlate with the fact that the router is blocking the port forward.


568 posts

Ultimate Geek


  #1537057 20-Apr-2016 22:11
Send private message

Just to confirm the basics, you do have access to external IPv6 sites working?  So "ping -6 google.com" and "tracert -6 google.com" from Windows both work and when you go to http://www.facebook.com it is still working?  The Facebook site returns long IPv6 packets, so it is an excellent site to use to check that IPv6 is fully operational and that MTU discovery is working.  If it gives you partial pages or nothing at all, then you likely have MTU problems.




2024 posts

Uber Geek

Subscriber

  #1537061 20-Apr-2016 22:15
Send private message

Yes, IPv6 is setup and working fine from my connection; Geekzone displays the IPv6 logo beside the site name too.  They also work from the Ubuntu installation serving owncloud.  As before I can also access owncloud using the IPv6 address internally.


568 posts

Ultimate Geek


  #1537093 20-Apr-2016 22:45
Send private message

The next step might be to confirm that the FritzBox is where the problem is.  If you go to this hidden page on your FritzBox:

 

http://<your_fritzbox_address>/support.lua

 

and click on "Packet traces", that gives you a web page that allows you to capture the traffic from the various network interfaces of the FritzBox.  You need to capture the packets from the "Internet connection" and the "lan" ports at the same time while you try using the tools from SubnetOnline to access your ports.  Make sure that you do not have much other traffic going through the FritzBox or it will have problems sending the packet captures to your web browser due to overloading of the Ethernet connection.  Once you have the captures, you can use Wireshark (http://www.wireshark.org) to read the packet captures and see what IPv6 traffic is happening.  If you can see the incoming IPv6 TCP SYN packets for ports 80 and 443 in the Internet Connection packets, but not on the LAN port, then that is proof that the FritzBox is the problem.

 

I have a 7390 myself, but I only use it for VOIP - it is hidden away inside my network behind my Ubiquiti ERLite routers.  So I can not test whether it really does IPv6 port forwarding properly.


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic




News »

Freeview On Demand app launches on Sony Android TVs
Posted 6-Aug-2020 13:35


UFB hits more than one million connections
Posted 6-Aug-2020 09:42


D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01


New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35


Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21


Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11


Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05


Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26


Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07


Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45


Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48


Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50


Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00


Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51


QNAP integrates Catalyst Cloud Object Storage into Hybrid Backup solution
Posted 28-Jul-2020 21:40



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.