Unable to reach RIPE-whois through IPv6
Stefan Neufeind
neufeind at gmx.de
Sun Apr 29 19:03:52 CEST 2007
Stefan Neufeind wrote:
> Gert Doering wrote:
>> Hi,
>>
>> On Sun, Apr 29, 2007 at 03:22:14PM +0200, Stefan Neufeind wrote:
>>> I can ping the IPv6-address of whois.ripe.net from here, but whois seems
>>> to be unresponsive. Turning to IPv4 it works fine.
>>>
>>> whois.ripe.net. 567 IN A 193.0.0.135
>>> whois.ripe.net. 87 IN AAAA 2001:610:240:0:193::202
>>>
>>> Anybody knows details? Or maybe somebody at RIPE could have a look?
>> "works for me" - so you might have a MTU problem on the path.
>>
>> (Symptom: "telnet whois.ripe.net 43" works, entering your query string
>> on the next line works as well, but you won't see any response)
>
> Hmm, strange. Does "not work for me" :-(
> ping, traceroute6, tracepath6 seem to be fine.
>
> But even telnet sits there "connecting". And I suppose there is no
> firewall at RIPE actively blocking our IPv6-range :-)
Hi,
*argh* customer had applied a "restrictive" host-based firewall and
tried to allow only some inbound ports as as well as perform a match on
state ESTABLISHED,RELATED for packets relating to outbound connections.
Unfortunately there is no state-match for ip6tables/netfilter that ships
with Sarge. Afaik an update to Etch (planned soon) should imho resolve that.
Thank you for testing / helping out.
Regards,
Stefan
More information about the ipv6-ops
mailing list