Network Error - IPV6 related

[aks]

So now that you've got valid IPv4 and IPv6 addresses and routes - is everything working right?

[agriz]

So now that you've got valid IPv4 and IPv6 addresses and routes - is everything working right?

Sir,

After they setup that ipv6, i am not getting that error.
But i have not done anything in my server side.

Please kindly advice me.

I am using csf to manage iptables.
There i have only enabled few ports like 80,53, 443

I don't know how to use ports for ipv6

I don't know how to use ipv6.
Please suggest something. I haven't configured anything in DNS.
Do we need to specify anything in the /etc/hosts?

I am so confused. I have no clue on this.

I need to secured instead of just making it to work.
Please advice. I see many ports are added for ipv6 in csf.

[aks]

The original problem you posted was due to the AAA record (DNS IPV6 record) for the address was being used to try and access the website. Having IPV6 live on the interface has "removed" the problem.
As for ports, the ports used for well known services (like tcp/80 for http) are the same across IPV4 and IPV6.
I do not know of this program "csf" to manage the firewall - perhaps speak to the vendor?

[agriz]

Sir,

How do i check which ports are opened for ipv4 and ipv6 separately.
Because i don't want much ports to be open. I have disable most of the ports.

Code: Select all

netstat --listen

I can't see the port numbers. just names.

there are two tcp6
rockwell and rndc
raw6 0 0 [::]:ipv6-icmp [::]:* 7

what is ipv6-icmp

I don't want ipv6 connection to ssh. I i have only ipv4
I guess rockwell is related with ssh?

Code: Select all

netstat -vatn

tcp 0 0 ip:80 ip1:56584 ESTABLISHED
tcp 0 0 ip:80 ip2:49804 TIME_WAIT
tcp 0 0 ip:80 ip3:14248 TIME_WAIT
tcp 0 0 ip:80 ip4:39141 TIME_WAIT
tcp 0 0 ip:80 ip5:36581 TIME_WAIT
tcp 0 1 ip:80 ip6:35312 FIN_WAIT1
tcp 0 0 127.0.0.1:9000 127.0.0.1:45211 TIME_WAIT
tcp 0 0 ip:80 ip7:63999 TIME_WAIT
tcp 0 0 ip:80 ip8:10845 TIME_WAIT
tcp 0 0 ip:80 ip9:52401 TIME_WAIT
tcp 0 0 ip:80 ip10:25535 TIME_WAIT
tcp 0 0 ip:80 ip11:52044 TIME_WAIT


I am getting lot of time_wait.
few established.


So,

I want to open very few ports. (ipv4 and ipv6)
http, https, dns, ssh, mysql.
I don't want any mail, ftp or other ports.
So, please tell how do i ensure that unwanted ports are closed for ipv4 and ipv6.
Please tell me why am i facing that time_wait?

[agriz]

Sir,

Can you also suggest me some good books to learn the basics which will give me some knowledge to run the server?
Please help

Thanks

[aks]

How do i check which ports are opened for ipv4 and ipv6 separately.

ss -antp4
where:
-a This will display all network listening and not listening (i.e.: established) ports.
-n This stops resolving port names (so post the output of the port number not the same - i.e.: 80 in stead of http).
-t This mean only TCP ports.
-4 This means for IPv4.

ss -antp6
where:
-a This will display all network listening and not listening (i.e.: established) ports.
-n This stops resolving port names (so post the output of the port number not the same - i.e.: 80 in stead of http).
-t This mean only TCP ports.
-6 This means for IPv6.

More detail on the awesome ss command can be found by typing:
man ss
at the command prompt.

what is ipv6-icmp

Google will tell you. See https://en.wikipedia.org/wiki/Internet_ ... _version_6

I want to open very few ports. (ipv4 and ipv6) http, https, dns, ssh, mysql. I don't want any mail, ftp or other ports.

Then switch off those services thus a socket would not be opened for them.

So, please tell how do i ensure that unwanted ports are closed for ipv4 and ipv6.

See above.

Please tell me why am i facing that time_wait?

When the communication is completed, the socket is not immediately closed. Google for that there are several states a TCP socket can be in.

Books? There are thousands of them. To be honest I started so long ago now, I couldn't recommend any of them for beginner level stuff.

[agriz]

Sir,

Thanks for your detailed reply.

Code: Select all

State      Recv-Q Send-Q                                                    Local Address:Port                                                      Peer Address:Port
LISTEN     0      128                                                                  :::22                                                                :::*      users:(("sshd",10748,4))
LISTEN     0      128                                                                 ::1:953                                                                 :::*      

I think it is litening to sshd port.

ipv4
i got only 80, 53, 953 and sshd port.


===
I haven't used my ipv6 address in any configuration.
Is that okay? I need to add them anywhere?

[aks]

LISTEN 0 128 :::22 :::* users:(("sshd",10748,4))

Yes that is sshd listening on all interfaces for connections.

I haven't used my ipv6 address in any configuration.
Is that okay? I need to add them anywhere?

Now I don't understand what you're after.

[agriz]

I am sorry sir.
I was not feeling good.
I will ask the question in detail after reading something about this.

Thanks for your help sir.