When I use https://ipv6-test.com/validate.php to test my website for IPv6 ready, (example on a domain www.[private].com), the test is failed and it returns error:
IPv6 web server web server is unreachable : Connection refused
The other test sites like https://ready.chair6.net/ also failed the test with various errors about ipv6.
I have checked there is no error on the server when doing the test and I have done various things to enable ipv6. finally, I decided to ignore this problem as I don't know why the test failed but I can still ping the ipv6 address on my server. but I only have this question in mind:
does the test conclude that the website www.[private].com only accessible from a client who only connect using ipv6 address? If yes then I should be concern. What do you think?
Edit for clarification (to answer @Piotr P. Karwasz):
1) the server does listening to the IPv6:
2) This is the output of the ip6tables -nVL INPUT (note that I also disabled the firewall completely to test the site but connection refuse still there when doing curl like you have mentioned)
3) About the listening directive. Yes, the ipv6 listening directive is there. example the server got this setting:
server {
listen ipv4:80
listen ipv6:80 ipv6only=on;
}
server {
listen ipv4:443 ssl http2
listen ipv6:443 ssl http2 ipv6only=on;
}
4) The Ipv6 configuration is enabled:
also when doing this command:
[ -f /proc/net/if_inet6 ] && echo 'IPv6 ready system!' || echo 'No IPv6 support found! Compile the kernel!!'
The output is:
IPv6 ready system!
5) When doing this: netstat -napl | grep 80 Seems like nginx and httpd are running on ipv6 with no issue. The output is:
Other things about this server:
a) nginx_apache as reverse proxy (nginx as frontend and apache as backend)
b) Operating system is Centos 8
c) Using directadmin host at linode (linode has verified that there is no problem with IPv6 at their side).
Edit: Solved. Thanks to @Piotr P. Karwasz for pointing out that there was a typo in IP. It was a typo for one character IP where I put f305 instead of fe05
Edited domain name to prevent indexing by Search Engine.
You tested if your host is reachable via IPv6 with
ping
, but you didn't actually connect to it on port 80:The connection fails. This means that either:
your server does not listen on an IPv6 socket. You can check this with:
looking for a line like:
and than check the
Listen
directives in your configuration.a firewall is blocking the IPv6 port. Check with:
and if the policy is
DROP
and you don't have anACCEPT
rule for port 80, you need to add it.Edit: After your clarifications it seems you made a typo entering you IPv6 address in nginx configuration: you forgot the last 8 hex digits of the address. Unless you really need to specify on which address should nginx listen, just specify all addresses: