Unable to reach RIPE-whois through IPv6

Stefan Neufeind neufeind at gmx.de
Sun Apr 29 19:03:52 CEST 2007

Stefan Neufeind wrote:
> Gert Doering wrote:
>> Hi,
>> On Sun, Apr 29, 2007 at 03:22:14PM +0200, Stefan Neufeind wrote:
>>> I can ping the IPv6-address of whois.ripe.net from here, but whois seems
>>> to be unresponsive. Turning to IPv4 it works fine.
>>> whois.ripe.net.         567     IN      A
>>> whois.ripe.net.         87      IN      AAAA    2001:610:240:0:193::202
>>> Anybody knows details? Or maybe somebody at RIPE could have a look?
>> "works for me" - so you might have a MTU problem on the path.
>> (Symptom: "telnet whois.ripe.net 43" works, entering your query string
>> on the next line works as well, but you won't see any response)
> Hmm, strange. Does "not work for me" :-(
> ping, traceroute6, tracepath6 seem to be fine.
> But even telnet sits there "connecting". And I suppose there is no
> firewall at RIPE actively blocking our IPv6-range :-)


*argh* customer had applied a "restrictive" host-based firewall and
tried to allow only some inbound ports as as well as perform a match on
state ESTABLISHED,RELATED for packets relating to outbound connections.
Unfortunately there is no state-match for ip6tables/netfilter that ships
with Sarge. Afaik an update to Etch (planned soon) should imho resolve that.

Thank you for testing / helping out.


More information about the ipv6-ops mailing list