telnet: connect to address IPV6 Connection refused
-
- Posts: 35
- Joined: 2020/05/05 19:44:15
telnet: connect to address IPV6 Connection refused
I have a server and a client both on centos 7.8.
Server: makalu.akadia.com with Postfix and IPv6 Adress: 2a0258e2::1
Client: kamet.akadia.com
If i telnet on the server to makalu.akadia.com everything is OK.
root@makalu: telnet makalu.akadia.com 25
Trying 2a0258e2::1...
Connected to makalu.akadia.com.
Escape character is '^]'.
220 makalu.akadia.com ESMTP Postfix
nmap show open ports:
root@makalu:/var/log> nmap -6 makalu.akadia.com
Starting Nmap 6.40 ( http://nmap.org ) at 2021-04-02 12:44 MEST
Nmap scan report for makalu.akadia.com (2a0258e2::1)
Host is up (0.000019s latency).
rDNS record for 2a0258e2::1: chogolisa
Not shown: 995 closed ports
PORT STATE SERVICE
25/tcp open smtp
53/tcp open domain
143/tcp open imap
587/tcp open submission
993/tcp open imaps
Nmap done: 1 IP address (1 host up) scanned in 1.72 seconds
Everything is OK.
Now the same thing from the client:
root@kamet:/etc> telnet makalu.akadia.com 25
Trying 2a0258e2::1...
telnet: connect to address 2a0258e2::1: Connection refused
not OK.
nmap shows port 25 as closed
root@kamet:~> nmap -6 -p 25 makalu.akadia.com
Starting Nmap 6.40 ( http://nmap.org ) at 2021-04-02 12:48 MEST
Nmap scan report for makalu.akadia.com (2a0258e2::1)
Host is up (0.00076s latency).
PORT STATE SERVICE
25/tcp closed smtp
MAC Address: 8C:59:C3:D1:39:8A (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds
With an closed port 25 it is of course immpossible to connect.
I googled many many articles about this and I found no solution.
So the question is: Why port 25 is on Server open (as it should be) and on the client closed (fully ununderstand).
Server: makalu.akadia.com with Postfix and IPv6 Adress: 2a0258e2::1
Client: kamet.akadia.com
If i telnet on the server to makalu.akadia.com everything is OK.
root@makalu: telnet makalu.akadia.com 25
Trying 2a0258e2::1...
Connected to makalu.akadia.com.
Escape character is '^]'.
220 makalu.akadia.com ESMTP Postfix
nmap show open ports:
root@makalu:/var/log> nmap -6 makalu.akadia.com
Starting Nmap 6.40 ( http://nmap.org ) at 2021-04-02 12:44 MEST
Nmap scan report for makalu.akadia.com (2a0258e2::1)
Host is up (0.000019s latency).
rDNS record for 2a0258e2::1: chogolisa
Not shown: 995 closed ports
PORT STATE SERVICE
25/tcp open smtp
53/tcp open domain
143/tcp open imap
587/tcp open submission
993/tcp open imaps
Nmap done: 1 IP address (1 host up) scanned in 1.72 seconds
Everything is OK.
Now the same thing from the client:
root@kamet:/etc> telnet makalu.akadia.com 25
Trying 2a0258e2::1...
telnet: connect to address 2a0258e2::1: Connection refused
not OK.
nmap shows port 25 as closed
root@kamet:~> nmap -6 -p 25 makalu.akadia.com
Starting Nmap 6.40 ( http://nmap.org ) at 2021-04-02 12:48 MEST
Nmap scan report for makalu.akadia.com (2a0258e2::1)
Host is up (0.00076s latency).
PORT STATE SERVICE
25/tcp closed smtp
MAC Address: 8C:59:C3:D1:39:8A (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds
With an closed port 25 it is of course immpossible to connect.
I googled many many articles about this and I found no solution.
So the question is: Why port 25 is on Server open (as it should be) and on the client closed (fully ununderstand).
Re: telnet: connect to address IPV6 Connection refused
I hope that you mean: "I have installed CentOS 7.8 and applied yum update regularly, so in practice I have up to date (7.9)"
because the other meaning: "I still have old 7.8 packages even though they have many known security holes"
is not sane nor safe. Please, update.
Are you using 'telnet' just to probe ports? I have not used/had it for years. Ancient, deprecated, insecure.
A thing with firewall is that "Who is asking?" can make a difference.
The default in CentOS 7 is to configure firewall with FirewallD.
If you use it, then the first question is:
Code: Select all
$ sudo firewall-cmd --get-active-zones
Code: Select all
$ sudo firewall-cmd --zone=zone-name --list-all
They can be shown in iptables syntax:
Code: Select all
$ sudo iptables -S
$ sudo iptables -t nat -S
$ sudo iptables -t mangle -S
External connection attempts are handled by rules of some "zone" and they most likely reject. Show "closed".
-
- Posts: 35
- Joined: 2020/05/05 19:44:15
Re: telnet: connect to address IPV6 Connection refused
Actually there is no firewall between the two hosts - this is a testing environment, thats why i use telnet - just for testing IPV6
Re: telnet: connect to address IPV6 Connection refused
The 'malaku' has nothing in iptables -S, etc output?
There is still the difference that 'malaku' and 'kamet' might resolve name "malaku" to address or route differently, because it is localhost for one of them.
Who does listen to the port? On which interfaces?
There is still the difference that 'malaku' and 'kamet' might resolve name "malaku" to address or route differently, because it is localhost for one of them.
Who does listen to the port? On which interfaces?
Code: Select all
[malaku]$ sudo ss -tulpn | cat
Re: telnet: connect to address IPV6 Connection refused
Since this is ipv6, you need to use ip6tables not iptables to see the relevant rules.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 35
- Joined: 2020/05/05 19:44:15
Re: telnet: connect to address IPV6 Connection refused
iptables -S on makalu - no firewall for testing!
The ultimativel question is why nmap shows different things on the server and on the client.
On makalu (IPV6 Server):
nmap -6 -p 25 makalu.akadia.com
Starting Nmap 6.40 ( http://nmap.org ) at 2021-04-02 16:01 MEST
Nmap scan report for makalu.akadia.com (2a0258e2::1)
Host is up (0.000043s latency).
rDNS record for 2a0258e2::1: chogolisa
PORT STATE SERVICE
25/tcp open smtp <========================================= !!!!!!
Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds
On kamet (IPV6 client)
nmap -6 -p 25 makalu.akadia.com
Starting Nmap 6.40 ( http://nmap.org ) at 2021-04-02 16:00 MEST
Stats: 0:00:00 elapsed; 0 hosts completed (0 up), 1 undergoing ND Ping Scan
ND Ping Scan Timing: About 100.00% done; ETC: 16:00 (0:00:00 remaining)
Nmap scan report for makalu.akadia.com (2a0258e2::1)
Host is up (0.00083s latency).
PORT STATE SERVICE
25/tcp closed smtp <============================================= !!!!
MAC Address: 8C:59:C3:D1:39:8A (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds
If kamet also uses: 25/tcp open smtp then everything is ok and telnet works, the problem is only the closed state in nmap.
Again: NO firewall between the two hosts, both machine are IPV6 enabled.
The ultimativel question is why nmap shows different things on the server and on the client.
On makalu (IPV6 Server):
nmap -6 -p 25 makalu.akadia.com
Starting Nmap 6.40 ( http://nmap.org ) at 2021-04-02 16:01 MEST
Nmap scan report for makalu.akadia.com (2a0258e2::1)
Host is up (0.000043s latency).
rDNS record for 2a0258e2::1: chogolisa
PORT STATE SERVICE
25/tcp open smtp <========================================= !!!!!!
Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds
On kamet (IPV6 client)
nmap -6 -p 25 makalu.akadia.com
Starting Nmap 6.40 ( http://nmap.org ) at 2021-04-02 16:00 MEST
Stats: 0:00:00 elapsed; 0 hosts completed (0 up), 1 undergoing ND Ping Scan
ND Ping Scan Timing: About 100.00% done; ETC: 16:00 (0:00:00 remaining)
Nmap scan report for makalu.akadia.com (2a0258e2::1)
Host is up (0.00083s latency).
PORT STATE SERVICE
25/tcp closed smtp <============================================= !!!!
MAC Address: 8C:59:C3:D1:39:8A (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds
If kamet also uses: 25/tcp open smtp then everything is ok and telnet works, the problem is only the closed state in nmap.
Again: NO firewall between the two hosts, both machine are IPV6 enabled.
Re: telnet: connect to address IPV6 Connection refused
If you run nmap on the server against its own external ip address then the kernel knows it is local and bypasses the firewall rules.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 35
- Joined: 2020/05/05 19:44:15
Re: telnet: connect to address IPV6 Connection refused
I do not understand - I use no firewall.
iptables -L -n is empty on the server.
iptables -L -n is empty on the server.
Re: telnet: connect to address IPV6 Connection refused
Again, iptables is for ipv4 and only shows you rules for ipv4. You need to use ip6tables tp see ipv6 rules.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 35
- Joined: 2020/05/05 19:44:15
Re: telnet: connect to address IPV6 Connection refused
Thank you Trevor for your explanation. Here is the output of ip6tables:
root@makalu:> ip6tables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I think no firewall rules, so I do not understand:
root@kamet:/etc> nmap -6 -p 25 makalu.akadia.com
Starting Nmap 6.40 ( http://nmap.org ) at 2021-04-02 18:38 MEST
Nmap scan report for makalu.akadia.com (2a0258e2::1)
Host is up (0.00074s latency).
PORT STATE SERVICE
25/tcp closed smtp <========================================== !!!
MAC Address: 8C:59:C3:D1:39:8A (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds
root@makalu:> ip6tables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I think no firewall rules, so I do not understand:
root@kamet:/etc> nmap -6 -p 25 makalu.akadia.com
Starting Nmap 6.40 ( http://nmap.org ) at 2021-04-02 18:38 MEST
Nmap scan report for makalu.akadia.com (2a0258e2::1)
Host is up (0.00074s latency).
PORT STATE SERVICE
25/tcp closed smtp <========================================== !!!
MAC Address: 8C:59:C3:D1:39:8A (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds