Op zondag 6 december 2020 18:42:13 CET schreef Ed Greshko:
On 07/12/2020 00:50, Freek de Kruijf wrote:
Op zondag 6 december 2020 12:30:46 CET schreef Ed Greshko:
Hi,
System is a Fedora 33 VM running firewalld-0.8.4-1.
I have:
[root@f33k ~]# firewall-cmd --get-active-zones drop
interfaces: enp1s0
enp1s0 has addresses 192.168.122.26 and 2001:b030:112f:2::53.
If I try to ssh to it from another system I get....
[egreshko@meimei ~]$ ssh 192.168.122.26 ^C
Meaning it "hangs" until I ctrl-C it or it will timeout at some point if left alone.
But I get this using the IPv6 address
[egreshko@meimei ~]$ ssh 2001:b030:112f:2::53 ssh: connect to host 2001:b030:112f:2::53 port 22: No route to host
So, is this a difference in how the FW handles IPv6 or due to how IPv6 works on the source side?
Thanks, Ed
You gave us some insight in the firewall configuration. It looks you drop all incoming traffic on enp1s0. So the ssh connection to IPv4 gets no answer. For your IPv6 connection attempt it is important to know what the configuration is on the system you tried to make this connection from. So what is the output of "ip -6 r" on that system?
[egreshko@meimei ~]$ ip -6 r
::1 dev lo proto kernel metric 256 pref medium
2001:b030:112f::/64 dev enp2s0 proto kernel metric 100 pref medium 2001:b030:112f:2::/64 dev virbr0 proto kernel metric 256 pref medium
So the question is: Is your system with 2001:b030:112f:2::53 reachable via virbr0? You may try "ping 2001:b030:112f:2::53" on the system you want to connect from in case the firewall allows the system with 2001:b030:112f:2::53 to answer on ping requests.
fe80::/64 dev enp2s0 proto kernel metric 100 pref medium fe80::/64 dev virbr0 proto kernel metric 256 pref medium fe80::/64 dev vnet0 proto kernel metric 256 pref medium fe80::/64 dev vnet1 proto kernel metric 256 pref medium fe80::/64 dev wlp4s0 proto kernel metric 600 pref medium default via 2001:b030:112f::1 dev enp2s0 proto static metric 100 pref medium