[Firewall] Problem with IPv6 outgoing port 25 getting dropped

Joachim Achtzehnter joachim at kraut.ca
Sun Dec 21 11:49:34 CET 2014

After configuring IPv6 with the help of a 6in4 tunnel from SixXS I added 
the tunnel interface to the EXT_IF variable and set IPV6_SUPPORT=1. 
Everything seems to work, except for one problem:

Outgoing connection attempt to port 25 with an IPv6 destination address 
time out. The exim4 mail server, which is running on the same host where 
the firewall is configured, has no problems with outgoing IPv4 
connections, but IPV6 times out. I can duplicate the same behaviour 
using telnet to port 25, so it is no specific to exim4. There is nothing 
in the log about these drops. Tcpdump displays the outgoing SYN packets, 
but nothing coming back. Incoming connections to port 25 seem to work 
with IPv6.

At first I suspected that SixXS is filtering port 25, but they claim 
that they are not, and have confirmed this again when I asked in their 

I'm using the script version 2.0.1e as included with Debian. At first I 
wasn't doing anything special in the configuration with port 25, except 
to add it to OPEN_TCP.

Might the firewall be dropping these packets? What should I do to 
diagnose this?



