How to access FTP service when using IPV6 ?

[profwalken]

Good morning,
I would like to know if you have already managed to configure the Truenas core FTP service in IPV6?
If so, how did you do it?

Currently I can only reach the FTP service in IPV4 with Port translation.

To give some more context:
In fact, I don't really have a choice, I have Windows or Debian machines which, via FTP, back up on my TNC13.
As more and more hardware works in IPV6, when resolving DNS, the priority answer seems to be in IPV6.
But and this is my concern, the FTP on TN13 is configured in IPv4 with a specific port. So as soon as the DNS resolution is answering first an IPV6 address, I can no longer access the FTP.

So to workaround the problem, either I can disable IPv6 on the remote machines, or I have to modify the backup settings so that the ftp stay accessible by public IPV4 and not by the FQDN.

This is the picture. If you ever have an idea to leave ipv6 active and the fqdn and that I am able to join the FTP for the backups that would be GREAT.

Thanks

 

[profwalken]

I'm not at deep understanding with IPV6 versus what it is with IPV4, so if you have any advices try to give some not too far from what could really need to be done in settings.
In others words details are appreciated

 

[Patrick M. Hausen]

I could not find and IP address setting in Service > FTP > Configure, just a port, commonly 21. When I enable the FTP service on my TN CORE 13.0-U4, this is the result as far as listening addresses are concerned:

Code:

root@freenas[~]# netstat -na|grep '21.*LISTEN'
tcp46      0      0 *.21                   *.*                    LISTEN     

So you need to

- put the IPv6 address of your TrueNAS in an AAAA DNS record for your FTP server
- permit access to that address on port 21 in your firewall

There is no NAT or port forwarding in IPv6. Each device has got a public address. The firewall simply blocks or permits according to policy.

 

[profwalken]

Thanks Patrick, but I'm not sure to understand what exactly i've to do
My FTP is not set on port 21 but another value.
Actually I have a FQDN giving DNS resolution to my ISP Public IP with IPv6 first and IPV4 2nd

Do you mean I have to register a new FQDN pointing on my TN13 NIC IGB0 inet6 address followed by my ftp port number?

 

[Patrick M. Hausen]

Yes. Set e.g. ftp.yourdomain.com to the public IPv4 address of your router but to the IPv6 address of your TrueNAS. Then on your router simply permit that port inbound with target <your TrueNAS IPv6 address>.

Inbound port forwarding is an artefact of NAT. There is no NAT in IPv6. Every device has got a unique global address.

 

[profwalken]

Hi, Patrick , sorry for maxi delay in answer, but what you explain me to do , I have no idea how to set this.

that simple phrase : ftp.yourdomain.com to the public IPv4 address of your router but to the IPv6 address of your TrueNAS
Can you explain in details what to set and where , also how to know which ipv6 is used by TNC13 ?

 

[Patrick M. Hausen]

You already configured port forwarding for IPv4 for your FTP service, right? And some hostname in DNS to go with the external IPv4 address of your router, right?

So in the TrueNAS network settings, interface level, you simply activate "Autoconfigure IPv6". TrueNAS will receive an IPv6 address from your router via static autoconfiguration, SLAAC. That address will look arbitrary but will in fact be static. You can look up the address in "Network Summary" in the UI. That is your IPv6 address.

You then need to

- create an AAAA record with e.g. ftp.mydomain.com and that address in your DNS. This depends entirely on who is your DNS provider and what methods they offer for customers to create entries, so I cannot help further than that.
- equally you need to open inbound connections for that IPv6 address and the port you use for the FTP control connection on your router. That also depends entirely on your router and I can't help.

HTH,
Patrick

 

[profwalken]

You already configured port forwarding for IPv4 for your FTP service, right? And some hostname in DNS to go with the external IPv4 address of your router, right?

Yes

in network summary there are 2 adresses in ipv6 column one starting with fe80 and another starting with 2a01 , is it the second one the right one I need to use for AAAA record ?

also for port number used in ftp settings this is not default 21 in my case but something like 12345, so do I need to open that one with IPV6 as is already existing for IPV4

equally you need to open inbound connections for that IPv6 address and the port you use for the FTP control connection on your router. That also depends entirely on your router and I can't help.

Not sure if my isp box (freebox revolution) will be smart enough to let me set this for ipv6

Thanks a lot for your precious help really appreciated

 

[Patrick M. Hausen]

in network summary there are 2 adresses in ipv6 column one starting with fe80 and another starting with 2a01 , is it the second one the right one I need to use for AAAA record

Correct. The first one is a so-called link local address. The one starting with 2a01 should be static as long as you do not change the MAC address of your TrueNAS (e.g. by using a new mainboard or ethernet card).

Not sure if my isp box (freebox revolution) will be smart enough to let me set this for ipv6

Well, that's definitely not a TrueNAS question, anymore. Best of luck/success.

To clarify (again, but probably won't hurt):

Regardless of the type of router/isp box, you generally configure for IPv4

• a port to open on the "outside"
• a destination IPv4 address on the "inside"

Clients on the internet connect to the external IP address of the router and port X and the router forwards these requests to your internal system.

In IPv6 this does not happen. Your TrueNAS has got a globally routable unique IPv6 address. So all the router needs to do is to permit these requests through to a certain destination address and port X. How exactly depends on the router.

 

[profwalken]

Thanks a lot Patrick , following your advices , I succeded in setting IPV6 access. In my head it was a big challenge but finally it went like a breeze with your help. like we say in french : il vaut mieux un qui sait que 10 qui cherchent.

 

[profwalken]

Hi @Patrick M. Hausen
I come back here as you helped me for IPV6 use on TNC13, now I'm experiencing loss of IPV6 connectivity for me it's like ramdom but perhaps it's not.
In fact NAS FTP service become unresponsive from IPV6 and continue to work fine with IPV4, I've already tried by myself more than a complete day before asking help here.
Truenas Igb0 is set to get IPV6 autoconfiguration and it seems to be ok, then I try ftp access from a specific FQDN pointing to IPV6 used in TNC13 config. this is also directed to a specific port not default 21.
Well this was or is working but really unreliable sometimes you get the FTP folders right on first try , and sometimes not .
As you impress me as you are so easy with truenas commands, hope you 'll be ok to try to help me to troubleshout this or if I'm lucky boy to fix it and get it so rock solid as it works with ipv4.

As you understood i'm not an expert on my side, please let me know how to start?

Thanks

 

[Patrick M. Hausen]

Does ifconfig on TrueNAS show you the IPv6 address that your DNS entry is pointing to? Does TrueNAS have the correct IPv6 default route? (netstat -rn)

 

[profwalken]

Hello Patrick,
yes ifconfig shows the same IPV6

Does TrueNAS have the correct IPv6 default route?

Well for this i'm not able to answer but the screen copy is here

Is there normal the IPV6 line with flag UHS is lo0 instead of igb0 ? From internet connexion try i often get 504 error message

 

[Patrick M. Hausen]

How does the default route to fe80::1 via lo0 come into play here? That does not look right.

 

[profwalken]

Well it was me thinking i need to add an ipv6 gateway to TNC13network settings, but now it's removed from NAS console I can't ping for example ping ping6.online .net I get --> Ping:UDP connect: No route to host

 

[Patrick M. Hausen]

You seem to have removed both gateways. I was not recommending to remove the one that ended in %igb0 - this one probably came from autoconfiguration as it should.

If you use IPv6 autoconfiguration, you must not set a gateway. Your router will announce valid prefixes and its own address. Reboot, possibly?

 

[profwalken]

No i only deleted the one I set manually in the IPv6 gateway field in global network settings and after deletion, I did reboot on NAS side only, the previous screen capture is from after reboot.

So if it miss one gateway that should be provided by autoconfiguration then do i need to reboot also the router and after the NAS ?

 

[profwalken]

I just did router reboot and I got back gateway adress missing.

pinging on ping6.online.net now is available and access to FTP on NAS is also working for now, so now I'll just wait and see if it's stable over the times or just for a short period and then goes back to unavailable?

In case this is definetly fixed, a big thanks for your help once again, I didn't understood in details what you asked me to do to get the feature working. I need to take a book on IPV6 explainations.

 

[Patrick M. Hausen]

It's just like IPv4 without NAT

Seriously, you might like this: https://github.com/becarpenter/book6

 

[profwalken]

Thanks Patrick.
My problem is back , the trigger is, I got a power outage due to UPS problem during the night, for now UPS is removed, but since the NAS restarted it seems IPV6 default gateway is no more.

So server is no more available from outside, and no ipv6 route from inside. I found several posts on the forum related to no more GW IPv6 using TNC, so is it something with a workaround to get things stable?
Do you have any idea what can cause this each time server is rebooting ?