Facebook
Twitter
Could you show what is wrong there? What kind of rule would you expect? May be an example...
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
IPv6
- Thread starter SamHH
- Start date
Could you show what is wrong there? What kind of rule would you expect? May be an example...
qmail not working over ipv6
I'm really happy with the IPv6 support in 10.2. Everything seems to be integrated really well. I just have one issue, which is that the qmail ports (25/465/587) are not available on our IPv6 test system. It's probably not really a Plesk-related error, but I have no clue where to look. It's a CentOS 5 container on a Virtuozzo server that was upgraded from 9.5 -> 10.0 -> 10.1 -> 10.2.
I'm really happy with the IPv6 support in 10.2. Everything seems to be integrated really well. I just have one issue, which is that the qmail ports (25/465/587) are not available on our IPv6 test system. It's probably not really a Plesk-related error, but I have no clue where to look. It's a CentOS 5 container on a Virtuozzo server that was upgraded from 9.5 -> 10.0 -> 10.1 -> 10.2.
Turns out we had to add 'FLAGS = IPv6' to the xinetd configuration for the smtp services.
M
mikelg
Guest
Ping ipv6 interface
Hi I have a problem with plesk panel 10.2.
I have it installed on a Centos 5.5.
I can ping the ipv6 interface from the same network that plesk, but when a customer of another network other than try to ping the ipv6 interface gives the error timeout for this request.
I hope I can help and thanks for everything.
Hi I have a problem with plesk panel 10.2.
I have it installed on a Centos 5.5.
I can ping the ipv6 interface from the same network that plesk, but when a customer of another network other than try to ping the ipv6 interface gives the error timeout for this request.
I hope I can help and thanks for everything.
It looks like you don't have a default gateway set. Are you using stateless autoconfiguration or manual configuration?
Check your routing table with netstat -A inet6 -r
M
mikelg
Guest
I use a manual configuration with dual stack and the interface ipv4 if you take a gateway, but in the plesk admin panel is not where you configure the gateway.
Also when I edit the files with the configuration of two stacks and restart the network disappears ipv6. And I have to repair on the plesk ipv6.
Also when I edit the files with the configuration of two stacks and restart the network disappears ipv6. And I have to repair on the plesk ipv6.
Last edited by a moderator:
Okay, if I set Ping to allowed in Plesk, it get's translated to
in ip6tables. I would expect an ICMPv6 rule:
Last edited:
Well, I thought maybe something like "allow ping on IPv4, but not on IPv6", so both option would be nice. Maybe it would be nice to make it possible to choose the destination (and protocol - currently only TCP and UDP can be selected) freely? So if I've more than one IP address, i could create individual rules for each one of them.
Last edited:
Perhaps I don't understand something in your request.
If Ping is allowed in Plesk we put the following rules
These are message types (128 and 129) actually responsible for Ping. If you prohibit Ping, Plesk will add DROP rules for these ICMP message types:
Could you clarify what you think is wrong with "ping" configuration here?
Regards
I see. Could you tell more about goal of such fine-grained configuration? Some samples maybe. I would assume it may be required if Plesk is used as sort of Webmin (server configuration panel), but I wonder whether they may some use for hosting needs too...
This is not what I get on my system (Ubuntu 8.04), I get what I've previously posted:
Could this be because some older Linux versions are not supporting the type or code for ICMPv6 (I think I've read this somewhere)?
Knarf
Basic Pleskian
After upgrading to Plesk 10.3.1 my server was reachable via ipv6.
Hoewever, after applying the Plesk firewall rules, my server was not reachable via ipv6 anymore. Ping didn't work anymore and ports where blocked. So there must be some sort of buggy firewall rule that doesn't work on my server, but I couldn't trace it yet.
Strato has an ipv6 manual and they suggest the following basic firewall settings, which work fine with ping and port 80:
This firewall rules are working fine so I just added similar lines with the other ports and it is working for now.
Strato also warned that in- and outgoing ICMPv6-traffic should not be blocked.
I hope the developers can find which rule makes the difference and repare the bug so it works for this setup too.
Maybe it is a good idea, if it were possible to add custom firewall rules which are added after the Plesk firewall rules?
Thanks.
Hoewever, after applying the Plesk firewall rules, my server was not reachable via ipv6 anymore. Ping didn't work anymore and ports where blocked. So there must be some sort of buggy firewall rule that doesn't work on my server, but I couldn't trace it yet.
Strato has an ipv6 manual and they suggest the following basic firewall settings, which work fine with ping and port 80:
Code:
/sbin/ip6tables -P INPUT DROP
/sbin/ip6tables -P OUTPUT DROP
/sbin/ip6tables -A INPUT -i eth0 -p icmpv6 -j ACCEPT
/sbin/ip6tables -A OUTPUT -o eth0 -p icmpv6 -j ACCEPT
/sbin/ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
/sbin/ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/ip6tables -A OUTPUT -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/ip6tables -A INPUT -j REJECT
/sbin/ip6tables -A OUTPUT -j REJECTStrato also warned that in- and outgoing ICMPv6-traffic should not be blocked.
I hope the developers can find which rule makes the difference and repare the bug so it works for this setup too.
Maybe it is a good idea, if it were possible to add custom firewall rules which are added after the Plesk firewall rules?
Thanks.
Last edited:
Similar threads
