[Firewall] Problem with IPv6 outgoing port 25 getting dropped

Lonnie Abelbeck lists at lonnie.abelbeck.com
Sun Dec 21 16:48:57 CET 2014

Hi Joachim,

It looks like you are setup properly with AIF.

Can you ping6 the SMTP IPv6 destination ?  traceroute6 may be useful as well.

Possibly DNS MX/AAAA records not setup properly for IPv6 on your SMTP relay ?


On Dec 21, 2014, at 4:49 AM, Joachim Achtzehnter <joachim at kraut.ca> wrote:

> After configuring IPv6 with the help of a 6in4 tunnel from SixXS I added the tunnel interface to the EXT_IF variable and set IPV6_SUPPORT=1. Everything seems to work, except for one problem:
> Outgoing connection attempt to port 25 with an IPv6 destination address time out. The exim4 mail server, which is running on the same host where the firewall is configured, has no problems with outgoing IPv4 connections, but IPV6 times out. I can duplicate the same behaviour using telnet to port 25, so it is no specific to exim4. There is nothing in the log about these drops. Tcpdump displays the outgoing SYN packets, but nothing coming back. Incoming connections to port 25 seem to work with IPv6.
> At first I suspected that SixXS is filtering port 25, but they claim that they are not, and have confirmed this again when I asked in their forum.
> I'm using the script version 2.0.1e as included with Debian. At first I wasn't doing anything special in the configuration with port 25, except to add it to OPEN_TCP.
> Might the firewall be dropping these packets? What should I do to diagnose this?
> Thanks,
> Joachim
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

More information about the Firewall mailing list