Hi,
This has started happening since 10.04 as far as we can tell. We'll reload CSF (csf -r) and all is good, 5 minute later the v6 rules have gone. We have some rules:
tcp|out|d=1234|d=host.example.org
Where host.example.org has a single v4 and single v6 address.
The v4 rules get created, the v6 rules are created, but then when the dyndns timer expires and the rules should be re-created, they are not, nothing at all, not a trace of the v6 address in the created ip6tables rules.
Nothing has changed in our config, these rules have worked for many months up until recently.
Thanks,
Karl
IPv6 - DynDNS rules not created after initial load
-
Karl Austin
- Junior Member
- Posts: 6
- Joined: 13 Mar 2017, 12:14
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: IPv6 - DynDNS rules not created after initial load
The code for DYNDNS has not changed for a long time (since v8.12) and we are unable to recreate an issue with IPv6 addresses. You should check whether the server is resolving the domain to an IPv6 address, e.g.:
Code: Select all
# host configserver.com
configserver.com has address 109.70.137.78
configserver.com has IPv6 address 2a01:c0:2:22::3
configserver.com mail is handled by 0 configserver.com.
-
Karl Austin
- Junior Member
- Posts: 6
- Joined: 13 Mar 2017, 12:14
Re: IPv6 - DynDNS rules not created after initial load
It is, was the first thing I checked.
Forgot to add, that if I do:
csf -r
The rules appear, it's only when it comes round to the refresh interval that they disappear again, until I do csf -r again.
Forgot to add, that if I do:
csf -r
The rules appear, it's only when it comes round to the refresh interval that they disappear again, until I do csf -r again.
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: IPv6 - DynDNS rules not created after initial load
That is odd. Is /var/lib/csf/csf.tempdyn being updated?
(check modified date+time) and does that file contain the IPv6 address?
Have you checked /var/log/lfd.log for errors relating to DYNDNS?
Does HOST point to the location of the host binary on your server correctly?
Are you using LF_IPSET?
Code: Select all
stat /var/lib/csf/csf.tempdynHave you checked /var/log/lfd.log for errors relating to DYNDNS?
Does HOST point to the location of the host binary on your server correctly?
Are you using LF_IPSET?
-
Karl Austin
- Junior Member
- Posts: 6
- Joined: 13 Mar 2017, 12:14
Re: IPv6 - DynDNS rules not created after initial load
No errors related to dyndns in the logs, checked that.
The IPs are in /var/lib/csf/csf.tempdyn - and it is being updated.
But they aren't in the ALLOWDYNOUT chain when I do csf -g <ip>
HOST = Is correct
IPSET - No
It does all the A records (we've a few hosts make use of the dyndns) fine, nothing with AAAA though, over multiple domains.
The IPs are in /var/lib/csf/csf.tempdyn - and it is being updated.
But they aren't in the ALLOWDYNOUT chain when I do csf -g <ip>
HOST = Is correct
IPSET - No
It does all the A records (we've a few hosts make use of the dyndns) fine, nothing with AAAA though, over multiple domains.
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: IPv6 - DynDNS rules not created after initial load
csf -g <ip> may not necessarily show an IPv6 address as there are so many ways it can be represented. If you want to check whether they are listed it would be better to simply use:
To confirm rDNS, use:
There's little more that we can suggest as we're unable to recreate any issues with IPv6 DynDNS.
Code: Select all
ip6tables -L ALLOWDYNIN -nvCode: Select all
ip6tables -L ALLOWDYNIN -v