Topic Thread

Expand all | Collapse all

IPv6 working for smtp; not for http/https

  • 1.  IPv6 working for smtp; not for http/https

    Posted 05-30-2017 10:44

    We just enabled IPv6 on the FortiMail and inbound and outbound mail works great. However, connecting via http or https is not working. It's almost like the bindings are not right.

    I wish I could run a "netstat -na | grep :443.*LISTEN" but that doesn't seem to be an option. If I do an "execute telnettest fm.ipv6.example.com:25" (substitute my domain for example.com, obviously), it connects fine with a "Connected" message and an SMTP banner. If I do "execute telnettest fm.ipv6.example.com:443" it instantly rejects it with a "Connection refused" message.

    I know it's not a firewall issue, because I'm connecting from the FortiMail to itself... the packet never leaves the box.

    If I do the same commands with my IPv4 address it connects fine to https. Here's the output of my config:

    config system interface
    edit port1
    set type physical
    set mode static
    set ip 

    I'm guessing a reboot might fix it, but I don't really want to do that if I can avoid it. We're on version v5.3,build627,161208 (5.3.8 GA)



  • 2.  RE: IPv6 working for smtp; not for http/https

    Posted 05-30-2017 11:14

    Tested in lab v5.3.8 no issue accessing FML ipv6 http and https. Could you please double check your env?

     

    Thanks,

    Moyuan



  • 3.  RE: IPv6 working for smtp; not for http/https

    Posted 05-30-2017 17:52

    Presumably "check your env" is cool-guy lingo for "check your environment" (kind of like when my 11-year-old says "what evs" instead of "whatever."

    Not sure what that means anyway... of course I double-checked before I bothered to post this message.

    I do know that fm.ipv6.example.com resolves to only the IPv6 name, and that running "execute telnettest fm.ipv6.example.com:80" gives me a connection failed whereas running "execute telnettest fm.ipv6.example.com:25" succeeds. I would have tested using just the IPv6 address rather than a hostname, but FML doesn't seem to support the bracket notation -- e.g., [2001:db8::1]:80

    Thanks for mentioning that it is working okay on your v5.3.8. Did you happen to have rebooted between applying the IPv6 address and doing your test?



  • 4.  RE: IPv6 working for smtp; not for http/https

    Posted 05-30-2017 18:06

    I fixed it. It did need a "hiccup." I probably could have rebooted it, but instead I went and changed the http port to 81, then changed it back to 80. That fixed port 80. Then I went and changed https to port 444. Then I changed it back to 443, which fixed https. My guess is that changing the port number resets the listening daemon, which makes it re-bind to the addresses now present on the box--even the ones that weren't there when the daemon started previously. Viola.



  • 5.  RE: IPv6 working for smtp; not for http/https

    Posted 05-30-2017 18:53

    Good information