Hello,
Over the last few weeks I’ve been trying to get my Ubuntu server to be able to provide services over IPv6. The 2 services which it provides are SFTP/SSH (Port 22) and an Emby Media Server over a private port number. Both these services work well over my IPv4 connection. For IPv4, I simply logged into my modem (Telstra Smart Modem Gen 2), added the necessary port forwarding and the services worked. I didn’t even need to configure ufw and this works.
For some reason on IPv6, I have tried everything under the sun and external sites still report that my port is closed. Just focusing on SFTP/SSH Port 22, I have done the following:
-
Testing before changes,
Port 22 reported as closed -
Added IPv6 addresses and port 22 to Telstra Modem > Firewall > Port Forwarding > IPv6 Addresses > TCP (I know IPv6 doesn’t have port forwarding, this is just the Telstra Modem GUI structure for getting to the IPv6 port settings to open them)
Port 22 still reported as closed -
Expanded port range on Telstra Modem to ports 21-23 as I wasn’t sure if those numbers were inclusive or exclusive
Port 22 still reported as closed -
Tested opening an IPv6 port in the TCP private port range (A port between 49152-65535) on the Telstra modem
Private Port number reported as closed -
Temporarily completely disabled the Telstra Modem Firewall
Port 22 still reported as closed -
Re-enabled the Modem Firewall. Configured ufw (Wasn’t even enabled/configured before) with IPv6 enabled in the config to allow SSH/SFTP inbound, all outbound (Pretty much followed the instructions here: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu)
Port 22 still reported as closed
After this I created a post on Whirlpool forums here: https://forums.whirlpool.net.au/thread/3jm62nzx . I followed the guide provided, but it didn’t fix the issue (Will be providing an update on that forum shortly). I then contacted the ISP, but they weren’t much help.
I decided to ask for help here because I want to 100% confirm that my server has been configured correctly before proceeding any further with the ISP. Currently SSH/SFTP Port 22 works in the following configurations:
- IPv4 Local Network - Works
- IPv4 Accessing from outside the network - Works
- IPv6 Local Network - Works
- IPv6 Accessing from outside the network - Doesn’t work
Ubuntu Version on server: Ubuntu 24.04.2 LTS
output of ss -t -l -n -p “sport 22”:
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 *:22 *:*
ufw status output:
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
8096 ALLOW Anywhere
57238 ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
8096 (v6) ALLOW Anywhere (v6)
57238 (v6) ALLOW Anywhere (v6)
Modem IPv6 Configuration:
Protocol Private IP Address Port Range -Start Port Range -End +/-
BOTH #### 21 23
The private IP Address I’m using is listed as “scope global dynamic mngtmpaddr noprefixroute” under “ip addr”, but I’ve also tried using all IPv6 addresses listed at one point.
Note: the connections seem to be silently dropping or timing out, not being rejected. I confirmed this by testing port 22 on my modem’s IPv6 address instead and I get a “Permission Denied” on one of those port testing websites.
Any help would be greatly appreciated.
Cheers.