Hardware: Raspberry Pi at home / YunoHost version: 4.3.5 I have access to my server : Through SSH | through the webadmin Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
I try to access my server via IPv4 and IPv6. IPv6 seems to work partially. Connection to the internet works but the ports can not be reached.
Have a look at the diagnosis output.
Do you have basic understanding of the differences between IPv4 and IPv6? Does your ISP provide IPv6 connectivity (there still are ISP’s that are IPv4 only ), and did you find the place in your router to configure the firewall for IPv6?
Good questions My Knowledge of ip addresses is based on minor research. How I understood the difference is that ipv6 provides a much bigger number of addresses as ipv4. So the answer of the difference would be - same idea but ipv6 with a more complex adress.
I am pretty sure that I have ipv4 and ipv6:
It was not a quiz If you got some background, and already have IPv4 configured, it is a shorter explainer than when you don’t know where to find your router management page
Yes, looks good!
Your home connection only got 1 IPv4 (usually), but thousands of IPv6 (again, usually). As a result:
With IPv4
1 public IP per home connection
private IP’s for devices (192.168.x.y , 10.x.y.z, some less used ranges)
NAT to point a port on the public IP to a specific device on the LAN
check ‘whatismyip.com’ and such sites to find your home IP
With IPv6
thousands of public IP’s per home connection
each device has its own public IP
firewall needs to be opened for an IP and a port, but no NAT
whatismyipv6.com gives the IP of your computer (the one ending in :4050), not your home
your homeserver has another IP
That last bit: if you visit such a whatismyip-site with your phone (on WiFi) and with your computer, they will have the same IPv4, but different IPv6.
That means that you have to use the IP that Yunohost tells you for:
DNS configuration (in case of manual DNS for your domain name)
Open the firewall for that IP (not for the IP of your computer/laptop)
Thanks for the Info, now I have a much better understanding!
Quiz is absolutely fine for me
What I did was to open the required ports from the server / yunohost as requested for internet connection with ipv4 and ipv6 → My router gives also green light for that. (s. pictures)
Is the IPv6 that you see in the diagnosis the same IPv6 as in the screenshots, ending in 57bd?
I used to have a Fritz!Box (for ADSL, later fibre, not for cable but I expect them to work the same - it looks the same anyway) and it worked. Sometimes with some trouble, but mostly it was OK.
I’d say the forwardings in the screenshots look good.
When you use the pencil to edit a line, you can disable the forwarding temporarily (instead of deleting it with the red cross). If you do that for the IPv4 forward on port 443, can you still reach the Yunohost from outside the lan? That would imply IPv6 is working, even though Yunohost-diagnosis gives an error.
As an aside, did you know about fritzchecksum? When you got sick of using the Web-interface of the router, you can make a back-up, edit it, calculate the checksum, and upload it to the Fritzbox. The format is a bit peculiar, but more comfortable to work with if you want to edit mulptiple things. Keep a back-back-up, it is sensitive to errors.
IPv6 has an ‘external’ half (first 4 blocks) and an ‘internal’ half (the other 4). The internal half is the part you gave the black decoration.
I usually start counting from the back forwards to match IPv6 when I’m not sure about the external part. IPv6 allows a block of 0’s to be abbreviated like ::, zo your local IP (fe80…) is actually fe80:0000:0000:0000:29a3…
Diagnosis gives the external:internal parts of your Yunohost. The first four match the first four of your Fritzbox ( 2a02:810c:880:68e4 ), after that it’s different. These last four need to be set in the firewall rules as ‘IPv6 Interface-ID’, in those four entry boxes.
You can tell Spamhaus you are running your own mailserver, and they will take you off the ISP-provided list for a year.
For the rDNS your ISP should be able to help you: send them an email with your Yunohosts IPv6 and your domain, so they can add it to their configuration (or they can tell you where to find it in their web interface, if available).