Trying to create tcp socket connection between via an Ipv6 address, I get Network is unreachable (os error 101)
As a binding local address is used fe80::850***.
Probably it's because of fe80*** is local ipv6 address generated by OS. Is there a way to provide correct configuration for system to make a call via IPv6?
Short answer:
Your IPv6 connectivity is not setup correctly. This is most probably no configuration problem on your machine, but on the gateway router.
Long answer:
You get a "Network is unreachable" error because your operating system does not know how to reach the destination address. Usually it maintains a table called the routing table, where it looks up which network path leads to which ip subnet. It seems that in your case, there are several things missing.
Your interface probably has no configured non-link-local (fe80::/64) address
There is no routing table entry for the destination address range
In the IPv4 world these missing things are usually resolved by a DHCP server. In the IPv6 world, there are two possible configuration options. Either DHCPv6 is used or the IPv6 Stateless Address Autoconfiguration is used. It seems that neither is setup in your network. Note that correctly setting up one of these requires you to have administrative access to your gateway router.
As it required quite long time to find the main reason of the problem, will try to share the solution/investigation steps:
To make sure ipv6 is not configured properly just run 'ping6 ipv6.google.com'. It should return some error message like 'connect: Network is unreachable' or just stuck.
AWS ec2 instances by default are not assigned ipv6 global routable addresses(only ipv4 is assigned). Ipv6 addresses like 'fe80:*' are local routable and can't be used for global requests. To check the list of ip addresses, check eth0 config /sbin/ifconfig. Btw, AWS provides interface to generate global routable ipv6 address for ec2 instance (just check vpc/ec2 console pages - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-migrate-ipv6.html)
Check security group of ec2 instance and make sure that in route table ipv6 traffic is allowed.Specifically inbound and outbound rules should include '::/0' for ipv6(or one of them based on the need).
Try 'ping6 ipv6.google.com' again
Run the following command to check whether IPv6 is enabled:
ip addr
If only an IPv4 address is displayed, IPv6 is disabled. Enable it by referring to this tutorial.
If a link-local address (starting with fe80) is displayed, IPv6 is enabled but dynamic assignment of IPv6 addresses is not enabled.
If an IPv6 address other than fe80 is displayed, IPv6 is enabled and an IPv6 address has been assigned.
Related
I am very much new to network programming and maybe I am asking a very basic question.
I am working on a legacy C++ codebase where the windows 'getnameinfo' API is used to obtain the hostname from the given IP address. The obtained hostname is wrong and it belongs to a different VM in the domain.
Let us say, there is VM with hostname 'VM1' with IP 10.44.176.57 and
another VM with hostname 'VM2' and IP 10.44.176.24.
When IP 10.44.176.57 is passed to the getnameinfo() API, it resolves it to the hostname VM2.
The ping command also returns the same results.
When I ping hostname VM1 and VM2 both resolves to their correct respective IP addresses.
I checked in DNS manager, the IPs of VMs are assigned correctly.
My question is,
1) Why getnameinfo API is returning the wrong hostname?
2) Is there any way to verify the resolved hostname is the correct one ?
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-migrate-ipv6.html
There are lots of ipv6 roadblocks (cable/home internet, office network) that is ipv4 only, so we have a clustered application that runs dual stack ipv6 and ipv4.
We run a command against one of the clustered application nodes to report all the other nodes. Those come back in ipv6, but we need to interface to them via ipv4. So we'd like to be able to determine the ipv4 address from the reported ipv6 addresses.
One of the ipv4 --> ipv6 transition techniques is ipv6 addresses that have the ipv4 address embedded:
http://www.tcpipguide.com/free/t_IPv6IPv4AddressEmbedding-2.htm
I didn't see any mention of this in AWS info, anyone know if there is a way to do this?
I have a virtual machine instance running on Google Cloud Compute Engine — a preemptible free-tier CPU running Ubuntu 17.04. The end goal is to connect it to a MongoDB running on my local machine, a 2015 Macbook Pro (OS 10.12.6). But first, I've been trying to ensure the VM can reach my Mac via ping.
Running ping <VM's external IP> from my Mac works.
pinging my Mac from another Mac on the same wifi network works.
Running ping <Mac's IP> from the VM via the browser terminal does not work.
I've disabled my Mac's firewall. I've also configured my VM's firewall rules to allow all inbound and outbound traffic, to no avail:
ingress firewall rules, egress firewall rules
How might I get this instance to ping my Mac successfully?
Does your Mac's IP address begin with 10., 192.168., or between 172.16. and 172.32.? These are private addresses only reachable within your Mac's local network, which is (part of) why GCE cannot reach your VM.
This is part of a very common configuration. An ISP only allocates one (or a small number) of IP addresses to your home or business. A router on the network performs NAT to share that IP addess between computers on the local network, which instead use private IP addresses for themselves. As the router doesn't know what to do with the inbound MongoDB traffic, it blocks it.
There are two common ways around this that are usually found in your router settings:
"port forwarding" where you tell the traffic to forward all traffic on port 1234 to your Mac. This can get MongoDB working, but not ping.
If you have whole extra IP addresses, "DMZ" where your router directly forwards an entire extra IP to your instance. If you have only one IP address this is not an option as that IP is needed to be shared for other devices on the Wifi.
You likely also have a firewall on the router. If you use a DMZ or port-forwarding you must make sure that firewall allows traffic through too.
That said, I'm not sure that this is a sensible thing to do. Opening up your local network to the internet can create major security issues, plus it is likely unreliable more expensive (free tier only provides 1GB egress/month, your db traffic could exceed this).
Actually running MongoDB on instances within GCE is almost certainly a better option in every regard for you.
I am attempting to connect to my instance via PuTTY but when I attempt to connect with the inbound rule set to my private range (i.e 192.168.2.0/24) it just won't work. When I set it to the insecure 0.0.0.0/24 all is fine. Can anyone explain, or solve this issue. I am running Windows 7 with all current updates. My IP address is not static.
The 192.168.0.0/16 CIDR range is considered a private network, which means it is not routable. This also means that AWS, when receiving the connection from the PuTTY client on your machine (which might have an IP address of 192.168.2.1, for example), does not see the remote address of that connection as the IP address of your server. Instead, AWS probably sees the remote address of that incoming connection as being an IP address from your ISP. That's why allowing "0.0.0.0" as the inbound rule works; it allows incoming addresses from everywhere.
To find out what CIDR range to use as a more restrictive inbound range for your AWS security groups, you might connect in to your instance, then do:
$ env | grep SSH_CONNECTION
SSH_CONNECTION=1.2.3.4 54068 5.6.7.8 22
In particular, you are looking for the SSH_CONNECTION environment variable. Per the ssh man page, the SSH_CONNECTION environment variable
Identifies the client and server ends of the connection.
The variable contains four space-separated values: client IP address,
client port number, server IP address, and server port number.
Thus the first part of the value, the "1.2.3.4" in my contrived example, would show you the IP address that AWS sees your PuTTY connection as coming from; you can then use that IP address as the basis for a CIDR range.
Hope this helps!
I am trying to find a way that I can effectively change the IP and netmask of the computer that my programs are running on. I have to be able to maintain communications with a "box" that the user has access to and can change the IP of that box (but not that of the Linux host). Luckily the box broadcasts its IP over a multicast address. I am able to read that address and communicate to whatever IP the box is broadcasting. However, my problem is that when the box changes IPs outside of the subnet of the Linux host, I lose connectivity (as I would expect to happen).
As a result, I need a quick and dirty way to to change the IP and netmask of the Linux host when it detects that the IP being broadcast is outside it's subnet. I am aware that I can modify/edit the /etc/networking/interfaces file, but I was hoping to have something "live" where I wouldn't need to restart the networking interface or Linux host. Additionally, I would like to maintain all sockets that I have currently open during the change. My main issue is that I have a slew of connections run by other applications that cannot be corrupted as a result of the IP changeover. Also, if possible, I'd like to avoid having to redo having to run the multicast route add command for Linux after the host IP changeover.
Is there anything that I can do to satisfy these requirements? Thanks.
You don't want to change the IP address of the interface, you want to add an additional IP address and subnet to the interface. Search your Linux system documentation for IP Alias functionality.
Here's the HOWTO.