2

This is driving me bonkers.

I have a Windows Server 2012 R2 machine running IIS 8.5. IPv6 is working fine on this machine. All the IPv6 test sites I browse indicate this machine is indeed running IPv6. Browsing ipv6test.google.com, for example, indicates IPv6 is running on this server.

My site's home page has some server-side code that displays the client's IP address. When I browse the site with an IPv6 connection, the site's home page displays the client's IPv6 IP address; when I browse with an IPv4 connection, the site's home page displays the client's IPv4 IP address, all as expected.

Everything must be working fine, right?

Here's the weirdness. There are several testing sites on the web that will tell you whether or not your site is "IPv6 Ready" (whatever that means). They all report my site is not IPv6 ready for the reasons shown below:

http://ipv6-test.com/validate.php This site finds my AAAA DNS record just fine but then says, "the web server is unreachable: Connection timed out", yet, as I mentioned, I can browse it via an IPv6 browser connection.

http://ip6tools.com/ As above, the AAAA DNS record points to my server. All tests pass except the "Website IPv6 Compatibility Check". The result is the very helpful message, "Web Server is not IPv6 Compatible!" (geez, thanks.)

http://ip6.nl/ This site gives me an error on the test for "IPv6-only DNS". The (very unhelpful) error is, "Doesn't work". I use ClouDNS.net as my name server and they do provide an IPv6 server (ns14.cloudns.net).

All of the above tests indicate my site is not IPv6 ready, yet, as I mentioned, I am able to browse via an IPv6 connection and the site displays the browser's client IPv6 (or IPv4 when using an IPv4 connection) IP address.

Here is some configuration information for my site:

It is registered with GoDaddy. The DNS hosting company is ClouDNS.net. Of course, I updated GoDaddy to use the ClouDNS.net name servers. ClouDNS.net does, to my knowledge, provide an IPv6 server. My web server is running at home, behind my router. I have Comcast Internet. I have my router configured to port-forward incoming IPv4 HTTP requests to my server's local IPv4 address. (Of course, the server's IPv6 address is already global, so port-forwarding" does not apply to the IPv6 address.)

Earlier I mentioned three sites that test a web site for "IPv6 readiness". I checked the IIS logs and saw no indication of any of these sites even trying to connect to my site. I'm not a Windows Server expert though so maybe I'm missing something.

I really think my site is IPv6 ready but I'm worried I might be missing something when several testing sites tell me it's not ready. can anyone offer an explanation of what might be going on here? Why are these sites telling me I'm not IPv6 ready (please don't tell me to contact the testing sites as I have tried that).

Thanks very much.

Improve this question
4
  • 2
    You forgot to mention your domain name.
    – Michael Hampton
    Commented Oct 15, 2014 at 1:59
  • Please tell us the hostname of your IPv6 server so we can run some tests.
    – Sander Steffann
    Commented Oct 15, 2014 at 8:29
  • Try an online portscanner to check whether your machine is indeed reachable.
    – countermode
    Commented Oct 16, 2014 at 13:29
  • For privacy, I prefer not to mention the domain. I am convinced that my router is somehow blocking the IPv6 traffic from the Internet. Of course, I can reach the site just fine because I am behind the router. Several calls to the router's tech support (NetGear) have failed to yield anything so I am switching to a different router maker after doing some research. I will re-post my results when the problem is solved.
    – Tom Baxter
    Commented Oct 18, 2014 at 14:18

1 Answer 1

Reset to default
0

If your router is providing a secure network, then it will block all incoming IPv6 addresses. I would expect any router which provides IPv4 NAT capabilities along with IPv6 would have a default deny policy. This would offer roughly the same security that an empty IPv4 NAT table would.

Check your router's firewall configuration, and open port 80 to your web servers IPv6 address. This would be the equivalent action to setting up an IPv4 NAT port forwarding rule.

It would be a security risk to just disable the IPv6 firewall.

Improve this answer
3
  • Well, if the router was blocking all incoming IPv6 addresses then I would not be able to reach site via an IPv6 client, which I can do with no problem.
    – Tom Baxter
    Commented Oct 15, 2014 at 3:36
  • @TomBaxter Most firewalls are now stateful. They will recognize traffic related to connections you opened, so you can connect to other sites. However, external requests to connect in to your system (web-site, or other services) will be blocked.
    – BillThor
    Commented Oct 15, 2014 at 12:45
  • I will check tonight....and call NetGear if needed. I will report on the problem once it's resolved.
    – Tom Baxter
    Commented Oct 15, 2014 at 14:14

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .