IPv6 web server unreachable

Question

I've bought a new dedicated server with 2 IPv4 addresses and a /56 IPv6 subnet. When I ping to my domain names on the dedicated server I get a message back. But when I ping from outside nothing happens.

So I went to test things out through IPv6.nl etc and everything's fine except the connection to my web server. The test can't reach my server. I've tried to open the ports of my firewall but it doesn't seem to work.

My hostname is cp.hshweb.eu running on a dedicated server (CentOS6.6) with Odin plesk installed for the virtual hosts. What steps can I do and try to get my we server accessible from outside using IPv6?

When I reset networking I get this message:

[root@cp network-scripts]# service network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:
Determining IP information for eth0... done.
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
Determining if ip address 85.214.148.249 is already in use for device eth0...
                                                           [  OK  ]

ip addr show gives this:

[root@cp ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 40:61:86:ee:be:3f brd ff:ff:ff:ff:ff:ff
    inet 85.214.208.177/32 brd 85.214.208.177 scope global eth0
    inet 85.214.148.249/32 brd 85.214.148.249 scope global eth0:1
    inet6 2a01:238:4317:d800:cafe:dead:beef:0/128 scope global
       valid_lft forever preferred_lft forever
    inet6 2a01:238:4317:d800::feed/128 scope global
       valid_lft forever preferred_lft forever
    inet6 2a01:238:4317:d800::/56 scope global
       valid_lft forever preferred_lft forever
    inet6 2a01:238:4317:d800:0:bad:a55:cafe/128 scope global
       valid_lft forever preferred_lft forever
    inet6 2a01:238:4317:d800:d108:898c:628f:a199/128 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::4261:86ff:feee:be3f/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 40:61:86:ee:be:40 brd ff:ff:ff:ff:ff:ff

This is my ifcfg-eth0 file:

DEVICE="eth0"
BOOTPROTO="dhcp"
DHCPV6C="no"
IPV6INIT="yes"
IPV6_AUTOCONF="no"
IPV6_ROUTER="yes"
NM_CONTROLLED="no"
ONBOOT="yes"
HWADDR=40:61:86:EE:BE:3F
IPV6ADDR="2a01:238:4317:d800:d108:898c:628f:a199/128"
IPV6ADDR_SECONDARIES="2a01:238:4317:d800:0:bad:a55:cafe/128 2a01:238:4317:d800::/56 2a01:238:4317:d800::feed/128 2a01:238:4317:d800:cafe:dead:beef:0/128 2a01:238:4317:d800:d108:898c:628f:a199/128 2a01:238:4317:d800::feed/128 2a01:238:4317:d800:0:bad:a55:cafe/128 2a01:238:4317:d800:cafe:dead:beef:0/128 2a01:238:4317:d800:d108:898c:628f:a199/128 2a01:238:4317:d800::/0"
IPV6_DEFAULTGW=2a01:238:4317:d800::1
IPV6FORWARDING=yes

And my network configuration is:

HOSTNAME=cp.domain.tld
NETWORKING=yes
NETWORKING_IPV6=yes
IPV6_DEFAULTDEV=eth0
IPV6FORWARDING=yes
IPV6_AUTOCONF=no
IPV6_AUTOTUNNEL=no
IPV6_DEFAULTGW=2a01:238:4317:d800::1

ip -6 route:

[root@cp ~]# ip -6 route
::/96 via :: dev sit0  metric 256  mtu 1480 advmss 1420 hoplimit 4294967295
unreachable ::/96 dev lo  metric 1024  error -101 mtu 65536 advmss 65476 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101 mtu 65536 advmss 65476 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo  metric 1024  error -101 mtu 65536 advmss 65476 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo  metric 1024  error -101 mtu 65536 advmss 65476 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101 mtu 65536 advmss 65476 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo  metric 1024  error -101 mtu 65536 advmss 65476 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101 mtu 65536 advmss 65476 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo  metric 1024  error -101 mtu 65536 advmss 65476 hoplimit 4294967295
2a01:238:4317:d800::feed dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
2a01:238:4317:d800:0:bad:a55:cafe dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
2a01:238:4317:d800:cafe:dead:beef:0 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
2a01:238:4317:d800:d108:898c:628f:a199 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
2a01:238:4317:d800::/56 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101 mtu 65536 advmss 65476 hoplimit 4294967295
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
default via 2a01:238:4317:d800::1 dev eth0  metric 1  mtu 1500 advmss 1440 hoplimit 4294967295

Ping to google returns:

[root@cp ~]# ping6 ipv6.google.com -c 6
PING ipv6.google.com(ham02s13-in-x07.1e100.net) 56 data bytes
From 2a01:238:4317:d800:cafe:dead:beef:0 icmp_seq=2 Destination unreachable: Address unreachable
From 2a01:238:4317:d800:cafe:dead:beef:0 icmp_seq=3 Destination unreachable: Address unreachable
From 2a01:238:4317:d800:cafe:dead:beef:0 icmp_seq=4 Destination unreachable: Address unreachable
From 2a01:238:4317:d800:cafe:dead:beef:0 icmp_seq=5 Destination unreachable: Address unreachable
From 2a01:238:4317:d800:cafe:dead:beef:0 icmp_seq=6 Destination unreachable: Address unreachable

--- ipv6.google.com ping statistics ---
6 packets transmitted, 0 received, +5 errors, 100% packet loss, time 15001ms

`/56` sounds like a routed prefix. Did the provider specify a `/64` to use for the link prefix? Can you ping the gateway? — kasperd, Jun 25 '15 at 08:56
No, I did not get an /64 prefix. Only a /56 and /128. I've tried to ping my gateway but it's not reachable as well :( — Handoko, Jun 25 '15 at 08:58
2a01:238:4317:d800:d108:898c:628f:a199/128 is what they gave me — Handoko, Jun 25 '15 at 09:04
That is an address inside your `/56`. Did they tell you exactly what that address is supposed to be used for? I am thinking that `2a01:238:4317:d800::/64` is supposed to be your link prefix. Inside your link prefix you need to know the gateway address for your `/56` and the default gateway. Which of the two is `2a01:238:4317:d800:d108:898c:628f:a199`? — kasperd, Jun 25 '15 at 09:11
The address you specified as `2a01:238:4317:d800::/0` looks incorrect for two reasons. The last 64 bits are all zero, so it looks like a network address rather than an interface address. And the prefix length of `0` is certainly wrong. That one probably needs to be removed from the list. — kasperd, Jun 25 '15 at 09:14
I see. The housing company doesn't want to give me some more information and support because there's no error on their side. Though they gave me a manual for ubuntu. In the manual there was written something about editting the loopback interface — Handoko, Jun 25 '15 at 09:16
Kk thanks. That was automatically generated by the housing company.... :( — Handoko, Jun 25 '15 at 09:16
It's finally working!!!!!! Because of you I've been focussing more on my gateway. It seemed it had to be fe80::1 Thanks alot! — Handoko, Jun 25 '15 at 09:20
Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/25182/discussion-between-kasperd-and-handoko). — kasperd, Jun 25 '15 at 09:20

Falcon Momot · Accepted Answer · 2015-06-23T23:24:38.760

4

The best thing to do is to check whether you can talk to IPv6 sites such as ipv6.google.com from your server. This will help you determine whether the problem is your local configuration, or your IPv6 connection - if you can ping distant IPv6 sites, the problem might be your firewall or HTTP daemon, but if you can't, it's the connection.

You have a routeable address. So, it might be a problem with your host or your transit provider, or a routing issue elsewhere.

For what it's worth, at the time of writing, I can't ping your server from my HE.net tunnel.

Given the updated information, there's something else I remember that I left out. If you've configured the address explicitly (i.e. it wasn't automatically configured by RA), which it looks like since the address is a mnemonic one and I see it in your static configuration, it might just not know its gateway configuration. The way to configure this depends on your distribution, but it should be right next to where you configured the IP.

For yours, you simply need to add one line to ifcfg-eth0:

IPV6_DEFAULTGW=2a01:238:4317:d800::1

Replace that address with the correct gateway if it is something else. Check that you can use ping6 to ping that gateway, too.

Bizzarely, it looks like your distribution doesn't add a local network route for your configured static addresses either (and so, it can't find the gateway). So, you'll need to add it in /etc/sysconfig/network-scripts/route6-eth0:

2a01:238:4317:d800::/56 dev eth0

edited Jun 23 '15 at 23:24

answered Jun 22 '15 at 22:51

Falcon Momot

25,244
15
63
92

1

Hmm. It seems I can't ping outside indeed. So that might be the problem. Tomorrow I'll try to contact the company where my server is being housed and see what they can do to help me. Thanks for your quick answer! – Handoko Jun 22 '15 at 22:58
I've called with the housing company but they couldn't help me since it's an unmanaged server. So I've updated my post now with some infomation about my settings. – Handoko Jun 23 '15 at 14:31
I've updated my answer and now it should actually solve your trouble. – Falcon Momot Jun 23 '15 at 21:50
I've did what you told me and got a little closer. According to the housing company the routing on their side is correct. After the implementation of the default GW I get this message – Handoko Jun 23 '15 at 22:20
[root@cp sbin]# ping6 ipv6.google.com PING ipv6.google.com(ham02s13-in-x00.1e100.net) 56 data bytes From fe80::4261:86ff:feee:be3f icmp_seq=2 Destination unreachable: Address unreachable From fe80::4261:86ff:feee:be3f icmp_seq=3 Destination unreachable: Address unreachable From fe80::4261:86ff:feee:be3f icmp_seq=4 Destination unreachable: Address unreachable From fe80::4261:86ff:feee:be3f icmp_seq=6 Destination unreachable: Address unreachable [16]+ Stopped ping6 ipv6.google.com – Handoko Jun 23 '15 at 22:21
What's in your routing table? `ip -6 route` – Falcon Momot Jun 23 '15 at 23:13
I've added it onto my question now :) – Handoko Jun 23 '15 at 23:15
/etc/sysconfig/network-scripts/route6-eth0 doesn't exist on my server...... – Handoko Jun 23 '15 at 23:59

IPv6 web server unreachable

1 Answers1