#only ipv6 is accessible even throughthe router has portforwarded these

I tried to search online but not much help from them...

OS: Arch linux
Hardware: its decent well
fastfetch should show

/etc/hosts

# See hosts(5) for details.
127.0.0.1        localhost
::1              localhost```

```╰─$ sudo sysctl -p /etc/sysctl.d/99-sysctl.conf                                                           

net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mtu_probing = 1
net.core.default_qdisc = fq
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_congestion_control = bbr
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.tcp_syncookies = 1```

configs

ipv4 and ipv6 has internet connection but for ipv4 is inaccessible to outside... same with all other ports in ipv4 elase works

i am trying to connect ssh through ipv4... ipv6 is inaccessible through vpn...

                  -`                     @macbook
                 .o+`                    ------------
                `ooo/                    OS: Arch Linux x86_64
               `+oooo:                   Host: 82Q0
              `+oooooo:                  Kernel: Linux 6.12.1-arch1-1
              -+oooooo+:                 Uptime: 1 hour, 25 mins
            `/:-:++oooo+:                Packages: 2180 (pacman), 36 (flatpak)
           `/++++/+++++++:               Display (CSO1600): 2560x1600 @ 165 Hz in 16" [Built-in]
          `/++++++++++++++:              WM: Mutter (Wayland)
         `/+++ooooooooooooo/`            CPU: AMD Ryzen 7 5800H (16) @ 4.46 GHz
        ./ooosssso++osssssso+`           GPU: NVIDIA GeForce RTX 3070 Mobile / Max-Q
       .oossssso-`  `/ossssss+`          Memory: 6.02 GiB / 31.19 GiB (19%)
      -osssssso.      :ssssssso.         Swap: 0 B / 8.00 GiB (0%)
     :osssssss/        osssso+++.        Disk (/): 503.29 GiB / 741.56 GiB (68%) - ext4
    /ossssssss/        +ssssooo/-        Disk (/mnt/windows-part1): 882.10 GiB / 930.27 GiB (95%) - fuseblk
  `/ossssso+/:-        -:/+osssso+-      Disk (/mnt/windows-part2): 445.28 GiB / 666.52 GiB (67%) - fuseblk
 `+sso+:-`                 `.-/+oso:     Disk (/mnt/windows-part3): 234.12 GiB / 439.99 GiB (53%) - fuseblk
`++:.                           `-/+/    Battery (L20D4PC1): 100% [AC Connected]
.`                                 `/    Wifi: NOKIA-DBF1 - 802.11ax (Wi-Fi 6) - WPA2 (100%)
                                         Local IP (wlan0): 192.168.18.24/24
                                         DNS: 192.168.18.1 fe80::ae8f:a9ff:fea9:dbf1%wlan0
                                         Public IP: <redacted>
                                         Network IO (wlan0): 7.55 KiB/s (IN) - 1.88 KiB/s (OUT)```

@viscid sundial well

i need a bit of help here

i am suspecting is isp

Include /etc/ssh/sshd_config.d/*.conf




Port 22
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::






AllowUsers jake
PermitEmptyPasswords no
PasswordAuthentication no
PubkeyAuthentication yes

AuthorizedKeysFile    .ssh/authorized_keys









X11Forwarding yes


Subsystem    sftp    /usr/lib/ssh/sftp-server

PermitRootLogin no```
yup it solved the problem

but now i am left with this stupid ipv4 problem

Fastfetch is not a diagnostic tool fyi. And tbh I don’t know how to help you past what I said earlier

ah btw the firewall is not on

um

i did a dig command to my ip

actually a hostname ip froim duckdns

it did showup my ipv4 and ipv6

but it does not work... because ipv4 does not work

yeah logic

sudo ufw status

[sudo] password for jake: 
Unit firewalld.service could not be found.
sudo: ufw: command not found```

see this?

its not even installed

idk what else can actually cause the problem except isp

hmm ISP could but

i need to make sure its actually isp

i am not a network guy but hey ipv4 should work right

ipv6 is portforwarded then ipv4 should as well right

well ipv4 address is listed as local address in settings

idk what causes that

changing dns doesnt work

/etc/resolv.conf

nameserver 192.168.18.1
nameserver fe80::ae8f:a9ff:fea9:dbf1%wlan0```

i think its this issue here

uh its local dns...

no wonder it wont work?

Not necessarily

huuh

You should really configure a firewall on a server open to the internet

the stupid router didnt give me an option to chose ipv6 or ipv4

really

Yes

is it actually important

Yes

hmmf like

You only want to allow services you chose to be exposed

true

but i know how many ports i had opened

And fail2ban works by making firewall rules iirc

hoold on

fail2ban is a firewall as well?

i thought its just a ssh protection thing

Fail2ban blocks ip addresses that unsuccessfully connect more than a certain number of times

It uses firewall rules to do that iirc

ahhh

no wonder?

And it works on more than just ssh

sheesh

well

fail2ban doing all the work i guess

lol

well

apparently i disabled fail2ban and tested the ipv4

well no it didnt work

i guess its now isp

the maiiiin culprit

i might try restart the router to change the ip...

adn then ask them if they actually doing shit over there

sudo ss -utanpl | grep 22

[sudo] password for jake: 
tcp   LISTEN 0      128                              0.0.0.0:22         0.0.0.0:*    users:(("sshd",pid=1228,fd=8))            
tcp   LISTEN 0      4096                           127.0.0.1:631        0.0.0.0:*    users:(("cupsd",pid=1226,fd=8))           
tcp   LISTEN 0      128                                 [::]:22            [::]:*    users:(("sshd",pid=1228,fd=7))            
tcp   LISTEN 0      4096                               [::1]:631           [::]:*    users:(("cupsd",pid=1226,fd=7))      ```

welp

its does listening

hmmm

The dns settings on your computer will not affect inbound connectivity

i see

but in that does show its listening to port 22

Yes, is listening. Let's see the actually firewall rules, try sudo iptables -nL

[sudo] password for jake: 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            state NEW,RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            state NEW,RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            state NEW,RELATED,ESTABLISHED```

Autocorrect sucks for Linux commands, sorry

lol

i see that

Okay, accept all around

yup

i dont feels safe with lol

anyway its just ssh

Who is your ISP?

starhub

bruv

their isp...

i mean yeah its singapore

starhub

Mobile?

uh

lemme do nslookup

Oh, okay, I see now, they do broadband as well

Feels like you're behind cgnat

yup

cgnat?

ew whats that

Ipv6 would get past that because they wouldn't bother nat'ing it

interesting

Carrier-grade NAT

i did nating and portforward on that router setting

ah

cool shit does it mean i cant do shit?

But if your external ipv4 address is not actually public, then it's not your port forwarding in question

well

its public dig can go check

Whatsmyip.org and DM me your IP?

ight

cant sent

um friend req?

yup

its public

but what

it doesnt make any sense

nmap is taking a loooong time to complete

lol

i tried that as well

um

it will fail anyway

no ping, no port scan

why?

yeah

idk why

okay

tried that

I almost guarantee you are behind cgnat

shit?

https://forums.hardwarezone.com.sg/threads/singapore-isp-comparisons.6665380/

THEY HAD LIMTIS???????????????????????????????
DISGUSTING

whatevs, you have ipv6, just look down on your domain from the future!

um i dont think my network plan is at 1gbps

lol

its accessible through duckdns but without ipv4 website wont load

if it's not one of these large plans, then even more I bet you are behing cgnat

publish your AAAA record instead

really?

hmm

cloudfare?

uh duckdns has ipv6 support

i guess its AAAA grade

can i send you my duckdns thing

ipv4 has A records, ipv6 has AAAA records. They are functionally identical

do nslookups

it will show two ips..

cool

can always try calling the isp and ask for a non-cgn ip

ah ill try it next week

got somthing better to do

aw man isp

its always isp

I gotta call mine too. I can't use as much as they are giving me, so I need to downgrade my plan so I can pay less

really

dam

my router is currently a vm in my hyprvisor, I have trouble breaking 500 mbit through it

so I don't need 1200 from xfinity

ah cool

i think my broadband is 500mbps

they defo pushed cgnat limit on it

i might change to this plan

Just make sure you also get the static ip

ight

After some work in dms, I suspect it is a cgnat issue

sorry for my bad mouse handwriting

mmm

!solved

Current status: likely ISP / cgnat / static ip address issue. Very little control on Nokia ISP router. "Port forwarding" option, but absolutely no confirmation of the external ip address. Ipv6 working as expected.

current isp: starhub

it has no CGNAT

..?

what is isp currently smokin

nmap -Pn IPADDRESS -p 22
Starting Nmap 7.95 ( https://nmap.org ) at 2024-12-01 18:30 PST
Nmap scan report for SSERDDAPI.starhub.net.sg (IPADDRESS)
Host is up.

PORT   STATE    SERVICE
22/tcp filtered ssh

Nmap done: 1 IP address (1 host up) scanned in 3.74 seconds

¯_(ツ)_/¯

ikr

its so weirrrrrrrrrrrrrrrrrrrrrrrrrd

i either isp is blocking smth

i think my isp hates tor snowflake server

disabled it welll

it apparently didnt fix

i guess its tims to restart my touter and gef a new ip

welp

it fixed itself

nowi have another problem