None of my ports are accessible through ipv6

Support Installation
1

Hi
I just installed yunohost 11.2.8.2 32bits on an old machine 2Go 500Go at home.
I access my server through SSH and webadmin through livebox 5 orange.
On firewall page, I opened all desired ports like ssh 22 udp/tcp decidim.ovh ipv6’s address

I got the message major security Meltdown even after updating yunohost.
I’m following the installation guide and don’t succeed getting rid of the message neither opening ipv6 ports
I suppose i can ignore messages relate to mailing since I don’t plan setting up a mail server.
Thank you for helping

2

Hi Gilles,

Welcome to the forums! Looks good for a starter :slight_smile:

What does work?

  • Can you access your server in the LAN over IPv6, for example over SSH?
  • Does your ISP provide IPv6?
  • No problems reported (or encountered) over IPv4?

What do you mean with that?

Where did you get the message?

Yes, indeed. Apart from ignoring, you can enable or disable mail features per domain in the domain settings:

image
image740×388 16.9 KB

Good luck!

3

Hi
I get connected to the server through ssh with ipv6 address while checker.co tells that port 22 is closed for my ipv6

ssh 22 udp/tcp decidim.ovh ipv6’s address is what I wrote (with the ipv6 address) on my FAI’s firewall paramaters in order to open ports. But checker.co and yunohost’s diagnostic tells me that they are closed. By the way, I read somewhere that ipv6 ports should be open in nginx is this right ?

Message major security Meltdown even after updating yunohost appeared on system’s diagnostic.

4

Hi gilles,

I’m sorry, I still have no idea what decidim.ovh means in this context. I don’t know if it is important to solve your problem. Can you explain or make a link to a description? The same goes for FAI :slight_smile:

Is that surprising (that it works on the one hand, but a checker tells it does not work)? How and where did you do that?

Even though IPv6 is 25 years old now, still many routers do not pay any attention to configuring IPv6. Do you have a link to (a page in) the manual of your firewall?

Something to pay attention to: there are local IPv6 addresses (‘link-local’) and global IPv6 addresses. In case the IPv6 you used to test SSH starts with an ‘f’, it probably is a link-local address (comparable with 169… in IPv4-land), and can not be used to reach your system from outside your LAN. All my global IPv6 start with a 2 (though I’m sure there are that start with another number…).

Meltdown” is the name of a security flaw in the CPU. There have been updates for CPU’s (“microcode”) that should mitigate the risk. On Github a script is available to check whether your system is at risk; in short:

curl -L https://meltdown.ovh -o spectre-meltdown-checker.sh
wget https://meltdown.ovh -O spectre-meltdown-checker.sh
chmod +x spectre-meltdown-checker.sh
sudo ./spectre-meltdown-checker.sh

They suggest reading the script before executing it.

I think that the code in this script is the same as the code in the diagnosis, though.

5

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.