1 Topic by mediatis

  • mediatis
  • Member
  • Offline
  • Registered: 2022-04-19
  • Posts: 9

Topic: NFTables is blocking IPv6 Address Assignment in AWS

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.5.2
- Deployed with iRedMail Easy or the downloadable installer? Downloadable
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi there,

we are running into a strange issue, after we have setup iRedMail, we were unable to get an IPv6 assigned in AWS. If we stop nftables, the IPv6 Address is assigned correctly. What do we need to change in nftables to be able to get an IPv6 Address  assigned to our installation?

Greetings

Mediatis

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Cthulhu

  • Cthulhu
  • Member
  • Online
  • Registered: 2019-06-04
  • Posts: 907

Re: NFTables is blocking IPv6 Address Assignment in AWS

what you mean by getting an IPv6 assigned?
the ip6 and ip4 are configured in /etc/network/interfaces and dont interfere with nftables in anyway

3 Reply by mediatis

  • mediatis
  • Member
  • Offline
  • Registered: 2022-04-19
  • Posts: 9

Re: NFTables is blocking IPv6 Address Assignment in AWS

Not for AWS, there it is assigned from the AWS-System and given to the OS by DHCP, this works perfectly fine for IPv4, but it totally does not work for IPv6. So if I enable nftables and it tries to assign an IPv6 via dhclient it fails with timeout. If I disable nftables and assign an IPv6 with dhclient it does so. So it is a case where nftables is involved. and all I would like to do now is allow the dhcprequest for IPv6 the same way it is allowed for IPv4.

4 Reply by Cthulhu

  • Cthulhu
  • Member
  • Online
  • Registered: 2019-06-04
  • Posts: 907

Re: NFTables is blocking IPv6 Address Assignment in AWS

then you need to allow ipv6-icmp as input

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: NFTables is blocking IPv6 Address Assignment in AWS

IPv6 ICMP is allowed in the nftables rules shipped in iRedMail.