2. The IPv6 firewall rule for the Ping service is not getting correctly translated to an ICMPv6 rule in ip6table.
Could you show what is wrong there? What kind of rule would you expect? May be an example...
2. The IPv6 firewall rule for the Ping service is not getting correctly translated to an ICMPv6 rule in ip6table.
I'm really happy with the IPv6 support in 10.2. Everything seems to be integrated really well. I just have one issue, which is that the qmail ports (25/465/587) are not available on our IPv6 test system. It's probably not really a Plesk-related error, but I have no clue where to look. It's a CentOS 5 container on a Virtuozzo server that was upgraded from 9.5 -> 10.0 -> 10.1 -> 10.2.
Hi I have a problem with plesk panel 10.2.
I have it installed on a Centos 5.5.
I can ping the ipv6 interface from the same network that plesk, but when a customer of another network other than try to ping the ipv6 interface gives the error timeout for this request.
I hope I can help and thanks for everything.
Could you show what is wrong there? What kind of rule would you expect? May be an example...
ACCEPT udp anywhere anywhere
ACCEPT tcp anywhere anywhere
ACCEPT icmpv6 anywhere anywhere
Firewall has an option to set allowed source IPs and by default is set into <any host> value. Would you mean here option to have <any ipv4 host> / <any ipv6 host> values? Or would you need to set whether rule is applied to a local IPv6 or local IPv4 interfaces?
Okay, if I set Ping to allowed in Plesk ... I would expect an ICMPv6 rule:
ACCEPT icmpv6 anywhere anywhere
These are message types (128 and 129) actually responsible for Ping. If you prohibit Ping, Plesk will add DROP rules for these ICMP message types:ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp type 128 code 0
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp type 129 code 0
DROP ipv6-icmp anywhere anywhere ipv6-icmp type 128 code 0
DROP ipv6-icmp anywhere anywhere ipv6-icmp type 129 code 0
Well, I thought maybe something like "allow ping on IPv4, but not on IPv6", so both option would be nice. Maybe it would be nice to make it possible to choose the destination (and protocol - currently only TCP and UDP can be selected) freely? So if I've more than one IP address, i could create individual rules for each one of them.
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp type 128 code 0
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp type 129 code 0
ACCEPT udp anywhere anywhere
ACCEPT tcp anywhere anywhere
On Linux/Unix-based servers, you should use the following operating systems: CentOS 5, OpenSuSE 11.3, Debian 5, Ubuntu 10, FreeBSD 8.1.
Turns out we had to add 'FLAGS = IPv6' to the xinetd configuration for the smtp services.
/sbin/ip6tables -P INPUT DROP
/sbin/ip6tables -P OUTPUT DROP
/sbin/ip6tables -A INPUT -i eth0 -p icmpv6 -j ACCEPT
/sbin/ip6tables -A OUTPUT -o eth0 -p icmpv6 -j ACCEPT
/sbin/ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
/sbin/ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/ip6tables -A OUTPUT -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/ip6tables -A INPUT -j REJECT
/sbin/ip6tables -A OUTPUT -j REJECT