私の VPS プロバイダーは IPv6 をサポートしています。そのため、Debian Buster で使用したいと考えています。
外部から VM に ping できません。 IPv4 は正常に動作しますが、IPv6 は失敗します。
私のは/etc/network/interfacesこんな感じです:
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
allow-hotplug eth0
iface eth0 inet dhcp
# dns-nameservers 0.0.0.0
iface eth0 inet6 auto
# dns-nameservers ::1
結果はifconfig次のようになります。
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 5.xxx.xx.xx netmask 255.255.252.0 broadcast 5.xxx.xx.xxx
inet6 fe80::xxx:9ff:xxxx:xxx prefixlen 64 scopeid 0x20<link>
inet6 2a03:xxxx:3f:28e:xxx:9ff:fe35:b164 prefixlen 64 scopeid 0x0<global>
ether 66:90:09:35:b1:64 txqueuelen 1000 (Ethernet)
RX packets 15477 bytes 945788 (923.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 258 bytes 39387 (38.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 80 bytes 6480 (6.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 80 bytes 6480 (6.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
アウトバウンド Ping は正常に動作します:
ping6 ipv6.google.com
結果:
PING ipv6.google.com(fra15s46-in-x0e.1e100.net (2a00:1450:4001:808::200e)) 56 data bytes
64 bytes from fra15s46-in-x0e.1e100.net (2a00:1450:4001:808::200e): icmp_seq=1 ttl=57 time=3.70 ms
静的 IPv6 アドレスを使用すると、外部から VM にアクセスできません。何かアイデアはありますか?
ip6テーブル -L
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
105 24367 ufw6-before-logging-input all * * ::/0 ::/0
105 24367 ufw6-before-input all * * ::/0 ::/0
0 0 ufw6-after-input all * * ::/0 ::/0
0 0 ufw6-after-logging-input all * * ::/0 ::/0
0 0 ufw6-reject-input all * * ::/0 ::/0
0 0 ufw6-track-input all * * ::/0 ::/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ufw6-before-logging-forward all * * ::/0 ::/0
0 0 ufw6-before-forward all * * ::/0 ::/0
0 0 ufw6-after-forward all * * ::/0 ::/0
0 0 ufw6-after-logging-forward all * * ::/0 ::/0
0 0 ufw6-reject-forward all * * ::/0 ::/0
0 0 ufw6-track-forward all * * ::/0 ::/0
Chain OUTPUT (policy ACCEPT 5 packets, 440 bytes)
pkts bytes target prot opt in out source destination
120 19258 ufw6-before-logging-output all * * ::/0 ::/0
120 19258 ufw6-before-output all * * ::/0 ::/0
17 1610 ufw6-after-output all * * ::/0 ::/0
17 1610 ufw6-after-logging-output all * * ::/0 ::/0
17 1610 ufw6-reject-output all * * ::/0 ::/0
17 1610 ufw6-track-output all * * ::/0 ::/0
Chain ufw6-before-logging-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw6-before-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw6-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw6-before-input (1 references)
pkts bytes target prot opt in out source destination
25 2470 ACCEPT all lo * ::/0 ::/0
0 0 DROP all * * ::/0 ::/0 rt type:0
66 20913 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 129
2 120 ufw6-logging-deny all * * ::/0 ::/0 ctstate INVALID
2 120 DROP all * * ::/0 ::/0 ctstate INVALID
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134 HL match HL == 255
2 144 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135 HL match HL == 255
6 400 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 141 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 142 HL match HL == 255
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 130
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 131
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 132
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 143
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 148 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 149 HL match HL == 255
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 151 HL match HL == 1
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 152 HL match HL == 1
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 153 HL match HL == 1
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 144
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 145
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 146
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 147
0 0 ACCEPT udp * * fe80::/10 fe80::/10 udp spt:547 dpt:546
0 0 ACCEPT udp * * ::/0 ff02::fb udp dpt:5353
0 0 ACCEPT udp * * ::/0 ff02::f udp dpt:1900
4 320 ufw6-user-input all * * ::/0 ::/0
Chain ufw6-before-output (1 references)
pkts bytes target prot opt in out source destination
25 2470 ACCEPT all * lo ::/0 ::/0
0 0 DROP all * * ::/0 ::/0 rt type:0
54 13450 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4
1 104 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 129
4 224 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133 HL match HL == 255
2 128 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136 HL match HL == 255
15 1080 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 141 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 142 HL match HL == 255
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 130
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 131
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 132
2 192 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 143
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 148 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 149 HL match HL == 255
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 151 HL match HL == 1
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 152 HL match HL == 1
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 153 HL match HL == 1
17 1610 ufw6-user-output all * * ::/0 ::/0
Chain ufw6-before-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ::/0 ::/0 rt type:0
0 0 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 129
0 0 ufw6-user-forward all * * ::/0 ::/0
Chain ufw6-after-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ufw6-skip-to-policy-input udp * * ::/0 ::/0 udp dpt:137
0 0 ufw6-skip-to-policy-input udp * * ::/0 ::/0 udp dpt:138
0 0 ufw6-skip-to-policy-input tcp * * ::/0 ::/0 tcp dpt:139
0 0 ufw6-skip-to-policy-input tcp * * ::/0 ::/0 tcp dpt:445
0 0 ufw6-skip-to-policy-input udp * * ::/0 ::/0 udp dpt:546
0 0 ufw6-skip-to-policy-input udp * * ::/0 ::/0 udp dpt:547
Chain ufw6-after-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw6-after-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw6-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw6-after-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw6-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw6-reject-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw6-reject-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw6-reject-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw6-track-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw6-track-output (1 references)
pkts bytes target prot opt in out source destination
1 80 ACCEPT tcp * * ::/0 ::/0 ctstate NEW
11 1090 ACCEPT udp * * ::/0 ::/0 ctstate NEW
Chain ufw6-track-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw6-logging-deny (1 references)
pkts bytes target prot opt in out source destination
2 120 RETURN all * * ::/0 ::/0 ctstate INVALID limit: avg 3/min burst 10
0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw6-logging-allow (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
Chain ufw6-skip-to-policy-input (6 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ::/0 ::/0
Chain ufw6-skip-to-policy-output (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
Chain ufw6-skip-to-policy-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ::/0 ::/0
Chain ufw6-user-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:22
4 320 ACCEPT tcp * * ::/0 ::/0 tcp dpt:80
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:443
0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:500
0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:4500
0 0 ACCEPT tcp * * 2a02:908:f84:9f60::/59 ::/0 tcp dpt:53
0 0 ACCEPT udp * * 2a02:908:f84:9f60::/59 ::/0 udp dpt:53
Chain ufw6-user-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw6-user-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw6-user-logging-input (0 references)
pkts bytes target prot opt in out source destination
Chain ufw6-user-logging-output (0 references)
pkts bytes target prot opt in out source destination
Chain ufw6-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination
Chain ufw6-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-port-unreachable
Chain ufw6-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0