Can't connect to IPv6 ports on Ubuntu server over the Internet

Hello,

Over the last few weeks I’ve been trying to get my Ubuntu server to be able to provide services over IPv6. The 2 services which it provides are SFTP/SSH (Port 22) and an Emby Media Server over a private port number. Both these services work well over my IPv4 connection. For IPv4, I simply logged into my modem (Telstra Smart Modem Gen 2), added the necessary port forwarding and the services worked. I didn’t even need to configure ufw and this works.

For some reason on IPv6, I have tried everything under the sun and external sites still report that my port is closed. Just focusing on SFTP/SSH Port 22, I have done the following:

  • Testing before changes,
    Port 22 reported as closed

  • Added IPv6 addresses and port 22 to Telstra Modem > Firewall > Port Forwarding > IPv6 Addresses > TCP (I know IPv6 doesn’t have port forwarding, this is just the Telstra Modem GUI structure for getting to the IPv6 port settings to open them)
    Port 22 still reported as closed

  • Expanded port range on Telstra Modem to ports 21-23 as I wasn’t sure if those numbers were inclusive or exclusive
    Port 22 still reported as closed

  • Tested opening an IPv6 port in the TCP private port range (A port between 49152-65535) on the Telstra modem
    Private Port number reported as closed

  • Temporarily completely disabled the Telstra Modem Firewall
    Port 22 still reported as closed

  • Re-enabled the Modem Firewall. Configured ufw (Wasn’t even enabled/configured before) with IPv6 enabled in the config to allow SSH/SFTP inbound, all outbound (Pretty much followed the instructions here: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu)
    Port 22 still reported as closed

After this I created a post on Whirlpool forums here: https://forums.whirlpool.net.au/thread/3jm62nzx . I followed the guide provided, but it didn’t fix the issue (Will be providing an update on that forum shortly). I then contacted the ISP, but they weren’t much help.

I decided to ask for help here because I want to 100% confirm that my server has been configured correctly before proceeding any further with the ISP. Currently SSH/SFTP Port 22 works in the following configurations:

  • IPv4 Local Network - Works
  • IPv4 Accessing from outside the network - Works
  • IPv6 Local Network - Works
  • IPv6 Accessing from outside the network - Doesn’t work

Ubuntu Version on server: Ubuntu 24.04.2 LTS

output of ss -t -l -n -p “sport 22”:

State       Recv-Q      Send-Q           Local Address:Port             Peer Address:Port      Process      
LISTEN      0           4096                         *:22                          *:*                      

ufw status output:

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
8096                       ALLOW       Anywhere                  
57238                      ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
8096 (v6)                  ALLOW       Anywhere (v6)             
57238 (v6)                 ALLOW       Anywhere (v6)             

Modem IPv6 Configuration:

Protocol	Private IP Address	Port Range -Start	Port Range -End	+/-
BOTH		####				21					23

The private IP Address I’m using is listed as “scope global dynamic mngtmpaddr noprefixroute” under “ip addr”, but I’ve also tried using all IPv6 addresses listed at one point.

Note: the connections seem to be silently dropping or timing out, not being rejected. I confirmed this by testing port 22 on my modem’s IPv6 address instead and I get a “Permission Denied” on one of those port testing websites.

Any help would be greatly appreciated.

Cheers.

Hi,
I’m pretty new to IPv6 myself. Just having built an IPv6 enabled VPS in recent days, I’ve faced a similar situation and I found out IPv6 isn’t “as straight forward as IPv4” (but still really simple anyway).

Try this:

  1. on your destination, run this command:

curl ifconfig.me

The above will show your public IP address, hopefully IPv6 one, if your network is configured properly on your host as well as on the router.

  1. now try to ssh to that IP address from outside…

NOTES:

  • you don’t really need “port range” for SSH, just allow TCP/22 (not sure why UDP/22 might be needed but well, OpenSSH server is listening on both, TCP as well as UDP so why not)
  • is it possible that on LAN you’re using local network IPv6 which isn’t accessible from the outside world?
  • when configured correctly, the router’s DHCP server should assign you a public IPv6 address which is directly routable from the internet (when allowed on the router) - this is the difference to IPv4 which uses NAT (network address translation), that is basically only needed for IPv4 purely because of IPv4 address space starvation and doesn’t work like that in IPv6 as I’ve learned.
  • alternatively, if you’re not using DHCP, you’ll need to assign your machine a static IPv6, that’s accessible from the internet, i.e. not just locally available IPv6 (available only on your “enclosed” LAN or WLAN)

Hope this helped…