Rule to allow port 80 using IPV6

user5858 asked:

My server: 64 bit Ubuntu 12.04.4 LTS. Provider: Linode.com. No other firewall is present.

I’ve these rules:

*filter

# Allow localhost traffic. This rule is for all protocols.
-A INPUT -s ::1 -d ::1 -j ACCEPT

-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -p icmpv6 -j ACCEPT

#Allow image server
-A INPUT -m tcp  -p tcp  --dport 31333  -j ACCEPT

-A INPUT -m tcp  -p tcp --dport 80 -j ACCEPT
-A INPUT -m tcp  -p tcp --dport 443 -j ACCEPT

COMMIT

The ping is working even from outside.
But telnet is not working from localhost.

%  telnet -6 2600:3c00:0:0:f03c:91ff:fe73:2b08 80 
Trying 2600:3c00:0:0:f03c:91ff:fe73:2b08...

What could be the problem?

Ultimately my server will listen on port 31333 for requests from Chrome Browser WebSocket interface. And I want to see telnet on port 80 working first then I’ll work on port 31333.

It looks like Apache needs to be bound to 64 bit address. But I’ve even added this line to see if ftp is working but still telnet can’t connect:

-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT

New Trial
As per suggestion by Michael Hampton I’ve run ip6tables -F to clear the rules and now running ip6tables -L shows:

Chain INPUT (policy DROP)
target     prot opt source              destination

Chain FORWARD (policy DROP)
target     prot opt source            destination

Chain OUTPUT (policy DROP)
target     prot opt source           destination

but still connect to port 80 does not work (with IPv4 it works):

# telnet -6 2600:3c00::f03c:91ff:fe73:2b08 80
Trying 2600:3c00::f03c:91ff:fe73:2b08... ^C
# telnet -6 2600:3c00:0:0:f03c:91ff:fe73:2b08 80
Trying 2600:3c00::f03c:91ff:fe73:2b08...

# telnet 23.239.30.81  80 
Trying 23.239.30.81... Connected to 23.239.30.81. Escape character is '^]'.

My answer:


Your firewall is configured to drop all traffic, even without any rules. This will be the source of your problem.

Chain INPUT (policy DROP)
Chain OUTPUT (policy DROP)

Reset the policies of these tables to ACCEPT to restore connectivity.

ip6tables -P INPUT ACCEPT
ip6tables -P OUTPUT ACCEPT

Then you can get on with constructing a proper firewall.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.