IPv6: Server cannnot ping gateway but gets IP
I have three servers which should now also get IPv6 connectivity besides the IPv4.
Servers:
1. Pi4 (Raspberry Pi OS)
2. Nextcloud (Debian 10; Nextcloud as snap)
3. Mailserver (Debian 10; mailcow as docker, which also uses IPv6)
They are directly connected to the firewall (up to date pfSense) and reside in their own subnet/VLAN. My plan is to use DCHPv6 so that I can give them a fixed IP, from where I can use DNS and firewall rules.
From my ISP I got /56 subnet via prefix daligation and in my network every subnet gets a /64 chunk of that.
The config of the DHCP-server is for all servers the same and is as follows:
RA-Advertisment -> managed
Range -> from ::d:000 to ::d:ffff
Server 1. - Pi4:
Gets the wanted v6 IP from the firewall (static entry) -> xxxxxxx::d:1. Can ping the firewall and the firewall can ping the host.
Server 2. - Nextcloud:
Gets not the wanted v6 IP from the firewall (static entry) -> xxxxxxx::d:1. I don't know why, but it gets one out of the DHCP range -> ::d:3066 without the static entry. Can ping the firewall and the firewall can ping the host. The server is reachable as wanted.
Server 3. - Mailcow:
Gets not the wanted v6 IP from the firewall (static entry) -> xxxxxxx::d:1. I don't know why, but it gets one out of the DHCP range -> 2a02:8106:26:c206::d:1fd7 without the static entry. Can't ping the firewall
and the firewall can't ping the host. The server is not reachable at all.
Why is server 3 not reachable, as it has the same configurations as server 2? Shouldn't an IPv6 address also be available in the routes?
best regards
Servers:
1. Pi4 (Raspberry Pi OS)
2. Nextcloud (Debian 10; Nextcloud as snap)
3. Mailserver (Debian 10; mailcow as docker, which also uses IPv6)
They are directly connected to the firewall (up to date pfSense) and reside in their own subnet/VLAN. My plan is to use DCHPv6 so that I can give them a fixed IP, from where I can use DNS and firewall rules.
From my ISP I got /56 subnet via prefix daligation and in my network every subnet gets a /64 chunk of that.
The config of the DHCP-server is for all servers the same and is as follows:
RA-Advertisment -> managed
Range -> from ::d:000 to ::d:ffff
Server 1. - Pi4:
Gets the wanted v6 IP from the firewall (static entry) -> xxxxxxx::d:1. Can ping the firewall and the firewall can ping the host.
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether dc:a6:32:ba:a6:40 brd ff:ff:ff:ff:ff:ff
inet 192.168.7.2/24 brd 192.168.7.255 scope global dynamic noprefixroute eth0
valid_lft 5564sec preferred_lft 4664sec
inet6 2a02:8106:26:c207::d:1/128 scope global dynamic noprefixroute
valid_lft 6268sec preferred_lft 3568sec
inet6 2a02:8106:26:c207:4f5b:7339:9f6f:6b9e/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86394sec preferred_lft 14394sec
inet6 fe80::3958:1364:8c6e:21ca/64 scope link
valid_lft forever preferred_lft forever
$ ip r
default via 192.168.7.1 dev eth0 proto dhcp src 192.168.7.2 metric 202
192.168.7.0/24 dev eth0 proto dhcp scope link src 192.168.7.2 metric 202
$ cat nano /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
Server 2. - Nextcloud:
Gets not the wanted v6 IP from the firewall (static entry) -> xxxxxxx::d:1. I don't know why, but it gets one out of the DHCP range -> ::d:3066 without the static entry. Can ping the firewall and the firewall can ping the host. The server is reachable as wanted.
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether d0:50:99:76:7d:6b brd ff:ff:ff:ff:ff:ff
inet 192.168.5.2/24 brd 192.168.5.255 scope global dynamic eth0
valid_lft 6796sec preferred_lft 6796sec
inet6 2a02:8106:26:c205::d:3066/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::d250:99ff:fe76:7d6b/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:44:56:66:5e brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:44ff:fe56:665e/64 scope link
valid_lft forever preferred_lft forever
5: veth16f1c55@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 76:f8:c2:66:64:c2 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::74f8:c2ff:fe66:64c2/64 scope link
valid_lft forever preferred_lft forever
7: veth624ab49@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether f2:88:68:74:9b:a7 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::f088:68ff:fe74:9ba7/64 scope link
valid_lft forever preferred_lft forever
$ ip r
default via 192.168.5.1 dev eth0
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.2
$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
# This is an autoconfigured IPv6 interface
iface eth0 inet6 dhcp
Server 3. - Mailcow:
Gets not the wanted v6 IP from the firewall (static entry) -> xxxxxxx::d:1. I don't know why, but it gets one out of the DHCP range -> 2a02:8106:26:c206::d:1fd7 without the static entry. Can't ping the firewall
$ ping 2a02:8106:26:c206:ec4:7aff:feac:791a
connect: network is not reachable
and the firewall can't ping the host. The server is not reachable at all.
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0b:ab:9c:b3:40 brd ff:ff:ff:ff:ff:ff
inet 192.168.6.2/24 brd 192.168.6.255 scope global dynamic enp0s25
valid_lft 6115sec preferred_lft 6115sec
inet6 2a02:8106:26:c206::d:1fd7/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::20b:abff:fe9c:b340/64 scope link
valid_lft forever preferred_lft forever
3: ens36: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 00:0b:ab:9c:b3:41 brd ff:ff:ff:ff:ff:ff
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:86:52:78:26 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:86ff:fe52:7826/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
5: br-mailcow: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:98:71:e4:00 brd ff:ff:ff:ff:ff:ff
inet 172.22.1.1/24 brd 172.22.1.255 scope global br-mailcow
valid_lft forever preferred_lft forever
inet6 fe80::42:98ff:fe71:e400/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
7: veth9d1c8e9@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 92:69:ae:5f:16:94 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::9069:aeff:fe5f:1694/64 scope link
valid_lft forever preferred_lft forever
9: veth8c82697@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether ea:dd:2f:06:a8:ac brd ff:ff:ff:ff:ff:ff link-netnsid 3
inet6 fe80::e8dd:2fff:fe06:a8ac/64 scope link
valid_lft forever preferred_lft forever
11: vethe900989@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether ee:45:28:e8:f8:65 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::ec45:28ff:fee8:f865/64 scope link
valid_lft forever preferred_lft forever
13: vethfca3d8a@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 72:0e:57:52:f6:8c brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::700e:57ff:fe52:f68c/64 scope link
valid_lft forever preferred_lft forever
15: veth047f50f@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 32:d4:40:15:0c:7f brd ff:ff:ff:ff:ff:ff link-netnsid 4
inet6 fe80::30d4:40ff:fe15:c7f/64 scope link
valid_lft forever preferred_lft forever
17: vethf6245fe@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 26:53:8b:26:c9:38 brd ff:ff:ff:ff:ff:ff link-netnsid 7
inet6 fe80::2453:8bff:fe26:c938/64 scope link
valid_lft forever preferred_lft forever
19: veth21a6fa3@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 5a:a7:a7:e2:86:5b brd ff:ff:ff:ff:ff:ff link-netnsid 6
inet6 fe80::58a7:a7ff:fee2:865b/64 scope link
valid_lft forever preferred_lft forever
21: vethd2d1e06@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 8e:79:e5:0e:a6:f1 brd ff:ff:ff:ff:ff:ff link-netnsid 10
inet6 fe80::8c79:e5ff:fe0e:a6f1/64 scope link
valid_lft forever preferred_lft forever
23: vethc10d2bc@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 76:99:da:1d:cd:0e brd ff:ff:ff:ff:ff:ff link-netnsid 9
inet6 fe80::7499:daff:fe1d:cd0e/64 scope link
valid_lft forever preferred_lft forever
25: veth201bcfc@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 46:d4:93:82:4b:6b brd ff:ff:ff:ff:ff:ff link-netnsid 8
inet6 fe80::44d4:93ff:fe82:4b6b/64 scope link
valid_lft forever preferred_lft forever
27: vethad8e436@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether da:24:e6:37:3a:8c brd ff:ff:ff:ff:ff:ff link-netnsid 5
inet6 fe80::d824:e6ff:fe37:3a8c/64 scope link
valid_lft forever preferred_lft forever
29: vethbaf78e4@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 9e:01:7b:70:9a:31 brd ff:ff:ff:ff:ff:ff link-netnsid 15
inet6 fe80::9c01:7bff:fe70:9a31/64 scope link
valid_lft forever preferred_lft forever
31: veth7eada94@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 2a:bd:24:d6:e9:8a brd ff:ff:ff:ff:ff:ff link-netnsid 13
inet6 fe80::28bd:24ff:fed6:e98a/64 scope link
valid_lft forever preferred_lft forever
33: vethd1e707c@if32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 7a:71:37:59:58:43 brd ff:ff:ff:ff:ff:ff link-netnsid 16
inet6 fe80::7871:37ff:fe59:5843/64 scope link
valid_lft forever preferred_lft forever
35: veth6d78c43@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 42:f1:b5:53:f5:5c brd ff:ff:ff:ff:ff:ff link-netnsid 14
inet6 fe80::40f1:b5ff:fe53:f55c/64 scope link
valid_lft forever preferred_lft forever
37: vethd1a9600@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 52:15:e7:eb:3e:ea brd ff:ff:ff:ff:ff:ff link-netnsid 11
inet6 fe80::5015:e7ff:feeb:3eea/64 scope link
valid_lft forever preferred_lft forever
39: veth621f244@if38: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 1e:af:a7:76:8e:c8 brd ff:ff:ff:ff:ff:ff link-netnsid 12
inet6 fe80::1caf:a7ff:fe76:8ec8/64 scope link
valid_lft forever preferred_lft forever
41: veth4284cea@if40: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 32:ee:4d:9c:fb:6c brd ff:ff:ff:ff:ff:ff link-netnsid 17
inet6 fe80::30ee:4dff:fe9c:fb6c/64 scope link
valid_lft forever preferred_lft forever
$ ip r
default via 192.168.6.1 dev enp0s25
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.22.1.0/24 dev br-mailcow proto kernel scope link src 172.22.1.1
192.168.6.0/24 dev enp0s25 proto kernel scope link src 192.168.6.2
$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug enp0s25
iface enp0s25 inet dhcp
# This is an autoconfigured IPv6 interface
Why is server 3 not reachable, as it has the same configurations as server 2? Shouldn't an IPv6 address also be available in the routes?
best regards
Bitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 1432568295
Url: https://administrator.de/en/ipv6-server-cannnot-ping-gateway-but-gets-ip-1432568295.html
Ausgedruckt am: 23.12.2024 um 02:12 Uhr
5 Kommentare
Neuester Kommentar
The server is not reachable at all.
As you can see all docker interfaces do not have any public v6 address. They have only v4 addresses and in terms of v6 only v6 link local addresses which cannot provide Internet connectivity of course.So something is wrong there with ICMPv6 (SLAAC) or DHCPv6 providing the docker interface/hosts with valid v6 addresses.
Either ICMPv6 oder DHCPv6 or both is blocked there. Run a tcpdump trace to check.