-1

I am home-hosting an Express server on my computer, mainly for developing, but also to have fun with my friend.

A few days ago, my ISP changed my static IPv4 address which I had for ~3 years to a dynamic IPv6 one.

v6 doesn't propose a change to the IP's format, but more than that. Every device connected to a local network will be accessible from the outside if the router's firewall and the local machine's firewall allow it. In v6, port forwarding and NAT are no more. That's what I understood.

With that in mind, I configured the router such that it allows from any source IP, with any destination IP, with any source port, with destination ports 80 and 443 on TCP.

I also added a rule in Windows Firewall to allow inbounding data on ports 80 and 443.

The websever works fine only from the local network, as I cannot access it from the outside sadly.

I tried a couple of things:

  • disabling Windows Firewall completely
  • trying everything out on my Raspberry Pi instead; I have configured the UFW rules for both v4 and v6, I even disabled it to make sure it isn't blocking the packets.
  • used this site to see if 80 and 443 are open, and they are
  • changed the MTU size from 1500 to 1492

It really bothers me the fact that the ports are open but I still get an address unreachable error. How could this be?

I had no trouble doing this when I was using v4. I think I am missing something about how v6 works.

Robert
  • 1
  • 3

2 Answers2

0

IPv6 addresses are quite 'static' in that they are generaly a network portion for the first part, a bit in the middle that doesn't typically change and your mac address for the last part.

First step is to check your router, Does it have a firewall (IPv6) and is it filtering inbound packets

That being said you don't go into too much detail. Have you tried netstat I'm on linux typically add -ntl (-n is don't resolve IP's, -t is tcp only and -l is listening only) I'm sure there will be a windows equivalent. Is your webserver listening on IPv6 or is it only IPv4 ? Generally 0.0.0.0:80 will indicate it's IPv4 only where :::80 will be IPv6 or dual stack.

What happens if you browse to http://[::1]:80 (IPv6 loopback) you indicated that it works on the local network but you didn't state that you used the IPv6 ip address.

Timothy c
  • 396
  • 1
  • 8
0

IPv6 and IPv4 are incompatible and since I only have an IPv6, anyone with an IPv4 failed to reach my website.

I figured it out when some online services told me my website was working (requests were shown in logs) and others said it didn't; because some supported v6 and others didn't.

Also, the error was a DNS_PROBE_FINISHED_NXDOMAIN. If I had paid more attention to it, I would've noticed that it failed to retrieve a valid IP, since the only DNS record was an AAAA and the client with an IPv4 had no A record to retrieve.

In the end, I will buy a really cheap VPS with both IPv4 and IPv6 and I'll use it as a reverse proxy to translate IPv4 packets to IPv6.

Robert
  • 1
  • 3