telnet: connect to address IPV6 Connection refused

Issues related to configuring your network
User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: telnet: connect to address IPV6 Connection refused

Post by TrevorH » 2021/04/03 20:10:57

It means that none of the packets ever reach your machine. The most likely explanation for that is an external firewall that stops the packets before they reach you. Or maybe your routing is incorrect.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

zahn-martin
Posts: 35
Joined: 2020/05/05 19:44:15

Re: telnet: connect to address IPV6 Connection refused

Post by zahn-martin » 2021/04/04 06:33:23

Helllo Trevor

Thanks for your valuable answer ... but I'm sure that the problem points in another direction.

If I issue from client kamet:

root@kamet:~> nmap -6 -p 25,22,53,5060 makalu.akadia.com

Starting Nmap 5.51 ( http://nmap.org ) at 2021-04-04 08:24 MEST
Nmap scan report for makalu.akadia.com (2a02:121e:58e2::1)
Host is up (0.00084s latency).
PORT STATE SERVICE
22/tcp open ssh
25/tcp closed smtp <===================================== Please note !
53/tcp open domain
5060/tcp open sip

Then:

root@kamet:~> telnet makalu.akadia.com 53
Trying 2a02:121e:58e2::1...
Connected to makalu.akadia.com.
Escape character is '^]'.
Connection closed by foreign host.

Everything is OK !

Then:

root@kamet:~> telnet makalu.akadia.com 25
Trying 2a02:121e:58e2::1...
telnet: connect to address 2a02:121e:58e2::1: Connection refused

From my point of view - it is a IPv6 Problem, but I do not know the solution (again: NO internal, external Firewall, the machine are side by side)

Best Regards from Switzerland - Martin

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: telnet: connect to address IPV6 Connection refused

Post by TrevorH » 2021/04/04 07:47:21

Many ISPs block port 25 trraffic unless it's directed towards their own mail servers. Check with them.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: telnet: connect to address IPV6 Connection refused

Post by jlehtone » 2021/04/04 08:17:03

What does the tcpdump show for port 53 when you kamet:~> telnet makalu.akadia.com 53?
This would verify whether tcpdump sees traffic.

"Machines are side by side". How are they connected? Direct cable, both connected to a switch, or what?

zahn-martin
Posts: 35
Joined: 2020/05/05 19:44:15

Re: telnet: connect to address IPV6 Connection refused

Post by zahn-martin » 2021/04/04 12:24:45

On kamet:

telnet makalu.akadia.com 53
Trying 2a02:121e:58e2::1...
Connected to makalu.akadia.com.
Escape character is '^]'.
Connection closed by foreign host.

Port 53 successful

On makalu:

root@makalu:> tcpdump -i enp0s31f6 -vv dst makalu.akadia.com -n -nn -l and port 53
tcpdump: listening on enp0s31f6, link-type EN10MB (Ethernet), capture size 262144 bytes

No output

zahn-martin
Posts: 35
Joined: 2020/05/05 19:44:15

Re: telnet: connect to address IPV6 Connection refused

Post by zahn-martin » 2021/04/04 12:39:30

The same Tests with IPV4.

Server chogolisa.akadia.com IPv4
Client kamet.akadia.com IPv4

root@kamet:> nmap chogolisa.akadia.com

Starting Nmap 5.51 ( http://nmap.org ) at 2021-04-04 14:25 MEST
Nmap scan report for chogolisa.akadia.com (84.253.50.195)
Host is up (0.00018s latency).
rDNS record for 84.253.50.195: chogolisa
Not shown: 993 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp <================================ is now open
53/tcp open domain
143/tcp open imap
443/tcp open https
587/tcp open submission
993/tcp open imaps
MAC Address: D0:50:99:97:B6:71 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds

root@kamet:> telnet chogolisa.akadia.com 25
Trying 84.253.50.195...
Connected to chogolisa.akadia.com.
Escape character is '^]'.
220 chogolisa.akadia.com ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.

Connection to Port 25 is successful !

Tcpdump on chogolisa

root@chogolisa:/var/log> tcpdump -i enp0s31f6 -vv dst chogolisa.akadia.com -n -nn -l and port 25
tcpdump: listening on enp0s31f6, link-type EN10MB (Ethernet), capture size 262144 bytes
14:26:13.241256 IP (tos 0x10, ttl 64, id 38005, offset 0, flags [DF], proto TCP (6), length 60)
84.253.50.201.39826 > 84.253.50.195.25: Flags , cksum 0xd265 (correct), seq 3673019035, win 14600, options [mss 1460,sack,TS val 2632468206 ecr 0,nop,wscale 7], length 0

Tcpdump shows an output.

So you see - everything is working with IPV4

My conclusion:

- It has nothing to do with the firewalls (internal or external because they do not exist)
- Provider does not block Port 25
- It seems an error in the IPV6 implementation of Centos 7.8 (I cannot change for now to Centos 7.9)
- It is not advisable to use IPV6 on Centos 7.8

zahn-martin
Posts: 35
Joined: 2020/05/05 19:44:15

Re: telnet: connect to address IPV6 Connection refused

Post by zahn-martin » 2021/04/04 12:51:13

My conclusion:

- It has nothing to do with the firewalls (internal or external because they do not exist)
- Provider does not block Port 25
- It seems an error in the IPV6 implementation of Centos 7.8 (I cannot change for now to Centos 7.9)
- It is not advisable to use IPV6 on Centos 7.8

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: telnet: connect to address IPV6 Connection refused

Post by TrevorH » 2021/04/04 14:27:00

If there is no ISP involed then perhaps you haven't told postfix to listen on ipv6. What is the output from ss -antupl | grep ":25"
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

zahn-martin
Posts: 35
Joined: 2020/05/05 19:44:15

Re: telnet: connect to address IPV6 Connection refused

Post by zahn-martin » 2021/04/04 15:12:29

root@makalu:/var/log> ss -antupl | grep ":25"
tcp LISTEN 0 100 127.0.0.1:25 *:* users:(("smtpd",pid=19824,fd=7),("master",pid=16599,fd=92))
tcp LISTEN 0 100 84.253.50.195:25 *:* users:(("smtpd",pid=19824,fd=6),("master",pid=16599,fd=91))
tcp LISTEN 0 100 [2a02:121e:58e2::1]:25 [::]:* users:(("smtpd",pid=19824,fd=8),("master",pid=16599,fd=93))

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: telnet: connect to address IPV6 Connection refused

Post by jlehtone » 2021/04/04 15:23:11

If you have verified that tcpdump on makalu does see IPv6 traffic from kamet,
(except to smtp), then
what does tcpdump on kamet does show when
kamet attempts to telnet to kamalu' smtp?

(Do not assume that traffic is destined to kamalu.)


What is ip -6 ro on kamet?
Last edited by jlehtone on 2021/04/04 15:51:04, edited 1 time in total.

Post Reply