Join Log in
Score:0
Hirsch avatar Server

IPv6: Server can't ping gateway (pfSense) but gets IP

jp flag
Hirsch

I have three servers which should now also get IPv6 connectivity besides the IPv4. Servers:

  1. Pi4 (Raspberry Pi OS)
  2. Nextcloud (Debian 10; Nextcloud as snap)
  3. Mailserver (Debian 10; mailcow as docker, which also uses IPv6)

They are directly connected to the firewall (up to date pfSense) and reside in their own subnet/VLAN. My plan is to use DCHPv6 so that I can give them a fixed IP, from where I can use DNS and firewall rules. From my ISP I got /56 subnet via prefix daligation and in my network every subnet gets a /64 chunk of that. The config of the DHCP-server is for all servers the same and is as follows: RA-Advertisment -> managed Range -> from ::d:000 to ::d:ffff

Server 1. - Pi4: Gets the wanted v6 IP from the firewall (static entry) -> xxxxxxx::d:1. Can ping the firewall and the firewall can ping the host.

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether dc:a6:32:ba:a6:40 brd ff:ff:ff:ff:ff:ff
    inet 192.168.7.2/24 brd 192.168.7.255 scope global dynamic noprefixroute eth0
       valid_lft 5564sec preferred_lft 4664sec
    inet6 2a02:8106:26:c207::d:1/128 scope global dynamic noprefixroute 
       valid_lft 6268sec preferred_lft 3568sec
    inet6 2a02:8106:26:c207:4f5b:7339:9f6f:6b9e/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 86394sec preferred_lft 14394sec
    inet6 fe80::3958:1364:8c6e:21ca/64 scope link 
       valid_lft forever preferred_lft forever

$ ip r
default via 192.168.7.1 dev eth0 proto dhcp src 192.168.7.2 metric 202 
192.168.7.0/24 dev eth0 proto dhcp scope link src 192.168.7.2 metric 202 

$ cat nano /etc/network/interfaces

# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

Server 2. - Nextcloud: Gets not the wanted v6 IP from the firewall (static entry) -> xxxxxxx::d:1. I don't know why, but it gets one out of the DHCP range -> ::d:3066 without the static entry. Can ping the firewall and the firewall can ping the host. The server is reachable as wanted.

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether d0:50:99:76:7d:6b brd ff:ff:ff:ff:ff:ff
    inet 192.168.5.2/24 brd 192.168.5.255 scope global dynamic eth0
       valid_lft 6796sec preferred_lft 6796sec
    inet6 2a02:8106:26:c205::d:3066/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::d250:99ff:fe76:7d6b/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:44:56:66:5e brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:44ff:fe56:665e/64 scope link 
       valid_lft forever preferred_lft forever
5: veth16f1c55@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 76:f8:c2:66:64:c2 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::74f8:c2ff:fe66:64c2/64 scope link 
       valid_lft forever preferred_lft forever
7: veth624ab49@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether f2:88:68:74:9b:a7 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::f088:68ff:fe74:9ba7/64 scope link 
       valid_lft forever preferred_lft forever

$ ip r
default via 192.168.5.1 dev eth0 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.2 

$ cat /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
# This is an autoconfigured IPv6 interface
iface eth0 inet6 dhcp

Server 3. - Mailcow: Gets not the wanted v6 IP from the firewall (static entry) -> xxxxxxx::d:1. I don't know why, but it gets one out of the DHCP range -> 2a02:8106:26:c206::d:1fd7 without the static entry. Can't ping the firewall

$ ping 2a02:8106:26:c206:ec4:7aff:feac:791a 
connect: network is not reachable

and the firewall can't ping the host. The server is not reachable at all.

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0b:ab:9c:b3:40 brd ff:ff:ff:ff:ff:ff
    inet 192.168.6.2/24 brd 192.168.6.255 scope global dynamic enp0s25
       valid_lft 6115sec preferred_lft 6115sec
    inet6 2a02:8106:26:c206::d:1fd7/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::20b:abff:fe9c:b340/64 scope link 
       valid_lft forever preferred_lft forever
3: ens36: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 00:0b:ab:9c:b3:41 brd ff:ff:ff:ff:ff:ff
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:86:52:78:26 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:86ff:fe52:7826/64 scope link 
       valid_lft forever preferred_lft forever
    inet6 fe80::1/64 scope link 
       valid_lft forever preferred_lft forever
5: br-mailcow: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:98:71:e4:00 brd ff:ff:ff:ff:ff:ff
    inet 172.22.1.1/24 brd 172.22.1.255 scope global br-mailcow
       valid_lft forever preferred_lft forever
    inet6 fe80::42:98ff:fe71:e400/64 scope link 
       valid_lft forever preferred_lft forever
    inet6 fe80::1/64 scope link 
       valid_lft forever preferred_lft forever
7: veth9d1c8e9@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 92:69:ae:5f:16:94 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::9069:aeff:fe5f:1694/64 scope link 
       valid_lft forever preferred_lft forever
9: veth8c82697@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether ea:dd:2f:06:a8:ac brd ff:ff:ff:ff:ff:ff link-netnsid 3
    inet6 fe80::e8dd:2fff:fe06:a8ac/64 scope link 
       valid_lft forever preferred_lft forever
11: vethe900989@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether ee:45:28:e8:f8:65 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::ec45:28ff:fee8:f865/64 scope link 
       valid_lft forever preferred_lft forever
13: vethfca3d8a@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 72:0e:57:52:f6:8c brd ff:ff:ff:ff:ff:ff link-netnsid 2
    inet6 fe80::700e:57ff:fe52:f68c/64 scope link 
       valid_lft forever preferred_lft forever
15: veth047f50f@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 32:d4:40:15:0c:7f brd ff:ff:ff:ff:ff:ff link-netnsid 4
    inet6 fe80::30d4:40ff:fe15:c7f/64 scope link 
       valid_lft forever preferred_lft forever
17: vethf6245fe@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 26:53:8b:26:c9:38 brd ff:ff:ff:ff:ff:ff link-netnsid 7
    inet6 fe80::2453:8bff:fe26:c938/64 scope link 
       valid_lft forever preferred_lft forever
19: veth21a6fa3@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 5a:a7:a7:e2:86:5b brd ff:ff:ff:ff:ff:ff link-netnsid 6
    inet6 fe80::58a7:a7ff:fee2:865b/64 scope link 
       valid_lft forever preferred_lft forever
21: vethd2d1e06@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 8e:79:e5:0e:a6:f1 brd ff:ff:ff:ff:ff:ff link-netnsid 10
    inet6 fe80::8c79:e5ff:fe0e:a6f1/64 scope link 
       valid_lft forever preferred_lft forever
23: vethc10d2bc@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 76:99:da:1d:cd:0e brd ff:ff:ff:ff:ff:ff link-netnsid 9
    inet6 fe80::7499:daff:fe1d:cd0e/64 scope link 
       valid_lft forever preferred_lft forever
25: veth201bcfc@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 46:d4:93:82:4b:6b brd ff:ff:ff:ff:ff:ff link-netnsid 8
    inet6 fe80::44d4:93ff:fe82:4b6b/64 scope link 
       valid_lft forever preferred_lft forever
27: vethad8e436@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether da:24:e6:37:3a:8c brd ff:ff:ff:ff:ff:ff link-netnsid 5
    inet6 fe80::d824:e6ff:fe37:3a8c/64 scope link 
       valid_lft forever preferred_lft forever
29: vethbaf78e4@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 9e:01:7b:70:9a:31 brd ff:ff:ff:ff:ff:ff link-netnsid 15
    inet6 fe80::9c01:7bff:fe70:9a31/64 scope link 
       valid_lft forever preferred_lft forever
31: veth7eada94@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 2a:bd:24:d6:e9:8a brd ff:ff:ff:ff:ff:ff link-netnsid 13
    inet6 fe80::28bd:24ff:fed6:e98a/64 scope link 
       valid_lft forever preferred_lft forever
33: vethd1e707c@if32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 7a:71:37:59:58:43 brd ff:ff:ff:ff:ff:ff link-netnsid 16
    inet6 fe80::7871:37ff:fe59:5843/64 scope link 
       valid_lft forever preferred_lft forever
35: veth6d78c43@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 42:f1:b5:53:f5:5c brd ff:ff:ff:ff:ff:ff link-netnsid 14
    inet6 fe80::40f1:b5ff:fe53:f55c/64 scope link 
       valid_lft forever preferred_lft forever
37: vethd1a9600@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 52:15:e7:eb:3e:ea brd ff:ff:ff:ff:ff:ff link-netnsid 11
    inet6 fe80::5015:e7ff:feeb:3eea/64 scope link 
       valid_lft forever preferred_lft forever
39: veth621f244@if38: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 1e:af:a7:76:8e:c8 brd ff:ff:ff:ff:ff:ff link-netnsid 12
    inet6 fe80::1caf:a7ff:fe76:8ec8/64 scope link 
       valid_lft forever preferred_lft forever
41: veth4284cea@if40: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default 
    link/ether 32:ee:4d:9c:fb:6c brd ff:ff:ff:ff:ff:ff link-netnsid 17
    inet6 fe80::30ee:4dff:fe9c:fb6c/64 scope link 
       valid_lft forever preferred_lft forever

$ ip r
default via 192.168.6.1 dev enp0s25 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
172.22.1.0/24 dev br-mailcow proto kernel scope link src 172.22.1.1 
192.168.6.0/24 dev enp0s25 proto kernel scope link src 192.168.6.2 

$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug enp0s25
iface enp0s25 inet dhcp
# This is an autoconfigured IPv6 interface
iface enp0s25 inet6 dhcp

Why is server 3 not reachable, as it has the same configurations as server 2? Shouldn't an IPv6 address also be available in the routes?

best regards

178
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.