2

I have a Ubuntu server 20.04, I cannot access my website outside of my house, I am running bind9, Apache2, PHP, MariaDB, I use Cloudflare and I have IPv6 enabled and I am in the DMZ on my router, ip address

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:23:24:08:58:1f brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.8/24 brd 192.168.1.255 scope global dynamic enp0s25
       valid_lft 84322sec preferred_lft 84322sec
    inet6 2604:99c0:8:2f0f:223:24ff:fe08:581f/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 43200sec preferred_lft 27000sec
    inet6 fe80::223:24ff:fe08:581f/64 scope link 
       valid_lft forever preferred_lft forever

Here is a screenshot of my Cloudflare settings:

Cloudflare settings

Here are my port forwarding settings:

enter image description here

A DNS propagation check shows the hostname and IPv6 are properly propagated.

Ifconfig

enp0s25: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.8  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::223:24ff:fe08:581f  prefixlen 64  scopeid 0x20<link>
        ether 00:23:24:08:58:1f  txqueuelen 1000  (Ethernet)
        RX packets 39144  bytes 8484850 (8.4 MB)
        RX errors 0  dropped 5561  overruns 0  frame 0
        TX packets 27929  bytes 5369531 (5.3 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19  memory 0xf0500000-f0520000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 70795  bytes 6729178 (6.7 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 70795  bytes 6729178 (6.7 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enter image description here

Improve this question
2
  • Comments are not for extended discussion; this conversation has been moved to chat.
    – DavidPostill
    Commented Aug 28, 2020 at 18:46
  • Comments have been moved to chat. Please don't add any more under the question.
    – DavidPostill
    Commented Aug 28, 2020 at 19:05

3 Answers 3

Reset to default
1

Nothing you’ve shown in your question points at the IPv6 firewall being correctly configured. IPv4 and IPv6 firewalling is completely separate because they are separate protocols.

Port forwarding is not commonly used with IPv6 because of not using NAT. Even your Exposed Host (often incorrectly labeled DMZ) settings are only effective for one protocol. If you have to input an IPv4 address, it’s even more obvious.

Dealing with IPv6 firewall rules is more challenging for your router; unlike before it does not necessarily control the IPv6 addresses of hosts on the local network. With SLAAC they can select it themselves. And then, the prefix could change at any time, changing all addresses again.

You need to find you router’s IPv6 firewall settings. On my FritzBox, I have dedicated IPv4/6 sections like this:

FritzBox Firewall Settings

Maybe try the “Firewall” settings next to the “Port Forwarding” settings.

If your router does not offer IPv6 firewall settings, this isn’t going to work. You should use IPv4 instead, probably in combination with a Dynamic DNS service.

Improve this answer
7
  • I don't have an IPv6 Firewall, they are the same firewall for me
    – Nate
    Commented Aug 30, 2020 at 14:56
  • They are most likely not. It may be the same router, but it’s still different pieces of software on the router doing the job. Like IPTables and IP6Tables on Linux. If you want more help finding the appropriate settings, you can add the exact make and model of your router to the question.
    – Daniel B
    Commented Aug 30, 2020 at 15:02
  • Yes, I do I can post screenshots
    – Nate
    Commented Aug 30, 2020 at 15:02
  • Look at my Edit please
    – Nate
    Commented Aug 30, 2020 at 15:04
  • I did not ask for out-of-context whatever but the router’s exact make and model. You can find this information on a label somewhere on the device.
    – Daniel B
    Commented Aug 30, 2020 at 17:31
0

Your router screenshot makes it look like you've only set up port forwarding to your local IPv4 address. Your router's NAT is most likely blocking any public requests to an internal address, even IPv6.

You would either need to expose your local IPv6 address for public requests (many routers have a 'DMZ' setting that allows this) to be able to hit the IPv6 side of your web server, or add a port forwarding entry for your IPv6 address as well.

Improve this answer
3
  • I am in the DMZ
    – Nate
    Commented Aug 28, 2020 at 22:19
  • In that case, my answer won't help much. I'll leave it here for others, but you should amend your question to mention that.
    – Jacob Hume
    Commented Aug 28, 2020 at 22:29
  • 1
    Is this any better?
    – Nate
    Commented Aug 28, 2020 at 22:32
0

You will first need to either disable IPV6 Firewall in your router. Go to http://192.168.1.1 and enter your router administrator login and password. Once inside follow the UI and you are done.

I too had this problem initially. I even called my ISP after thinking they may have blocked the port but realised my mistake. I never thought of my TP-LINK router had enabled IPV6 firewall. But now my Apache running on Ubuntu is accessible to the outside world.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .