1

My server: 64 bit Ubuntu 12.04.4 LTS. Provider: Linode.com. No other firewall is present.

I've these rules:

*filter

# Allow localhost traffic. This rule is for all protocols.
-A INPUT -s ::1 -d ::1 -j ACCEPT

-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -p icmpv6 -j ACCEPT

#Allow image server
-A INPUT -m tcp  -p tcp  --dport 31333  -j ACCEPT

-A INPUT -m tcp  -p tcp --dport 80 -j ACCEPT
-A INPUT -m tcp  -p tcp --dport 443 -j ACCEPT

COMMIT

The ping is working even from outside. But telnet is not working from localhost.

%  telnet -6 2600:3c00:0:0:f03c:91ff:fe73:2b08 80 
Trying 2600:3c00:0:0:f03c:91ff:fe73:2b08...

What could be the problem?

Ultimately my server will listen on port 31333 for requests from Chrome Browser WebSocket interface. And I want to see telnet on port 80 working first then I'll work on port 31333.

It looks like Apache needs to be bound to 64 bit address. But I've even added this line to see if ftp is working but still telnet can't connect:

-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT

New Trial As per suggestion by Michael Hampton I've run ip6tables -F to clear the rules and now running ip6tables -L shows:

Chain INPUT (policy DROP)
target     prot opt source              destination

Chain FORWARD (policy DROP)
target     prot opt source            destination

Chain OUTPUT (policy DROP)
target     prot opt source           destination

but still connect to port 80 does not work (with IPv4 it works):

# telnet -6 2600:3c00::f03c:91ff:fe73:2b08 80
Trying 2600:3c00::f03c:91ff:fe73:2b08... ^C
# telnet -6 2600:3c00:0:0:f03c:91ff:fe73:2b08 80
Trying 2600:3c00::f03c:91ff:fe73:2b08...

# telnet 23.239.30.81  80 
Trying 23.239.30.81... Connected to 23.239.30.81. Escape character is '^]'.
MadHatter
  • 78,442
  • 20
  • 178
  • 229
user5858
  • 243
  • 1
  • 5
  • 16
  • 1
    `::1` is not `2600:2c00::f03c:91ff:f773:2108`. I suggest instead of `-s ::1 -d ::1` in your localhost traffic rule, you use `-i lo`. This catches all loopback interface traffic regardless of the addresses involved. – user Aug 09 '15 at 14:31
  • Have you got another firewall somewhere? Exactly what sort of server is this? If you leased it, you should name the specific service provider and product. – Michael Hampton Aug 10 '15 at 15:58
  • @Michael Hampton 64 bit Ubuntu 12.04.4 LTS. Provider: Linode.com. No other firewall is present. – user5858 Aug 11 '15 at 04:56
  • The firewall rule you show is for port 21 (FTP control), while you're testing port 80 (HTTP). Did you really open up port 80 (or test port 21)? – Teun Vink Aug 11 '15 at 05:30
  • I've tested again. It does not connect to any ports. Telnet won't connect to port 80 or 443 or 31333(with node.js server running on IPV6) – user5858 Aug 11 '15 at 06:42
  • 1
    What happens if you turn off the firewall? – Michael Hampton Aug 13 '15 at 04:33
  • Which firewall? ufw isn't there. Are you asking me to flush the iptables firewall rules as explained in http://askubuntu.com/questions/250775/how-do-i-turn-off-the-firewall-in-ubuntu-12-04 – user5858 Aug 13 '15 at 04:41
  • @Michael .. I've updated the question – user5858 Aug 13 '15 at 05:01
  • I'm beginning to suspect that you don't have this address. Could you edit the output of `ip addr show` into your question? – MadHatter Aug 13 '15 at 06:17
  • Silly question, but does the firewall have output rules for telnet/ftp return traffic to be ACCEPT? The only I one I see is A OUTPUT -p icmpv6 -j ACCEPT Another comment is that the traceroute seemed to get stuck at 10 66 ms 111 ms 87 ms 0.0.0.f-static.reverse.softlayer.com – craigdfrench Aug 13 '15 at 05:09

1 Answers1

1

Your firewall is configured to drop all traffic, even without any rules. This will be the source of your problem.

Chain INPUT (policy DROP)
Chain OUTPUT (policy DROP)

Reset the policies of these tables to ACCEPT to restore connectivity.

ip6tables -P INPUT ACCEPT
ip6tables -P OUTPUT ACCEPT

Then you can get on with constructing a proper firewall.

Community
  • 1
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940