Unable to reach ipv6 address from outside.

[sagaracharya]

I have read some posts here and they mention that firewall should be disabled. I have already done that and allowed all inbound requests in router's firewall settings.

I do have Jio home router with a plan of Rs.399 per month and I use Parabola GNU/Linux OS.

When I execute curl localhost:<portnumber> , I get the correct response, but
on curl [ipv6]:<portnumber> , even on the server itself, I get connection refused at port <portnumber>.

I did check that the address on inet6 is same as my public ip. I did try to ping it from outside the network but can't connect.

I have fiddled a lot with firewall setting and have also tried both nat and classical routing options under routing, much to my disappointment. It should probably mean only that JIO has blocked all ports.

Please help in case someone has solved this thing.

 

[aztatine]

I run some servers on Jio fiber over IPv6 and they are accessible just fine from outside after adding an inbound IPv6 rule in the firewall.
If you get connection refused even from the same machine then chances are your server is only listening on IPv4 which is default for many programs. Post the output of

ss -6ltp

and

ss -4ltp

. In routing option you should stick to NAT.

 

[sagaracharya]

Aah yes. You're correct. There's no output for

ss -6ltp

And the server processes for -4 can be seen. Thanks, I'll get back once I proceed further.

 

[sagaracharya]

I changed my server config for ipv6.

Now, I can access through curl from local jio network (other device). I tried to use

curl [ip6]:<port>

from other network (ipv4 based from jio mobile tethering). And I get the following error:

curl: (7) Couldn't connect to server

I guess that the ipv6 doesn't translate to ipv4 correctly.

 

[aztatine]

The service can only be accessed over IPv6 from outside your home network. Currently IPv6 is supported mostly by mobile networks in India only. If it's a web server and you have a domain you can use cloudflare as a proxy to allow access from IPv4 networks.

 

[sagaracharya]

Thanks. I have set it up, reluctantly. Cloudfare collects almost all of my user's metadata but can't do much about that currently. What DNS settings should I have. I currently have ipv6 records straight through DNS without proxying and there's an A record with probably ipv4 of cloudfare VM, which doesn't route correctly.

What settings should I have on cloudfare to route ipv4 users to ipv6-only server?

 

---

[aztatine]

Without proxying there's no reason to use Cloudflare here. Their DNS service is just serving your IPv6 address and IPv4-only devices cannot connect. If you enable proxying cloudflare will announce it's own v4 and v6 address and forward the HTTP requests to your local device over IPv6 so anybody can connect. When proxying they will decrypt your HTTPS traffic so will have access to the full contents, not just statistical metadata.

 

[sagaracharya]

Yes, I saw their insane requirement for own Origin CA Cert. There's no way I'm allowing them to view full contents. That isn't happening. I'd rather shift to slower MTNL. If I do that, I might even create my own ipv4 to ipv6 proxying service. It shouldn't be that difficult to create.

I was hoping to proxy v4 requests and keep v6 requests direct from DNS.

 

[aztatine]

I was hoping to proxy v4 requests and keep v6 requests direct from DNS

I would also like to do that. This is technically possible but Cloudflare probably does not support that use case, at least according to this thread: Change to mode "DNS & Proxy" only for ipv6 AAAA record, but also get ipv4 A record affected unexpectedly

Just hope more wired broadband providers support IPv6 here soon.

 

[ackr8]

Yes, I saw their insane requirement for own Origin CA Cert.

That is only if you want Cloudflare SSL throughout the chain, you can use Let's Encrypt's certificate and set Security to Full.
EDIT : typo