Cloudron breaks IPv6 support on Amazon Lightsail
-
Dear all,
Unfortunately, Cloudron breaks the IPv6 support of Amazon Lightsail.
Steps to reproduce:
- Create a Lightsail instance (e.g., a dual-stack IPv4 and IPv6 instance in Frankfurt with Ubuntu 24.04 OS only for USD 12).
- Log into the new instance and confirm that IPv6 is working, e.g., by running:
curl https://ipv6.icanhazip.com- Install Cloudron (with or without the --provider lightsail flag).
wget https://cloudron.io/cloudron-setup chmod +x cloudron-setup ./cloudron-setup --provider lightsail- Reboot at the end of the installation.
- Log in to the instance again. Important: Wait at least 10 minutes.
- Try
curl https://ipv6.icanhazip.comagain. IPv6 is no longer working.
When executing
ip ayou see the lifetime of the IPv6 address. Once this lifetime expires, the IPv6 connection breaks.
Is there a known fix for this issue?
-
Dear all,
Unfortunately, Cloudron breaks the IPv6 support of Amazon Lightsail.
Steps to reproduce:
- Create a Lightsail instance (e.g., a dual-stack IPv4 and IPv6 instance in Frankfurt with Ubuntu 24.04 OS only for USD 12).
- Log into the new instance and confirm that IPv6 is working, e.g., by running:
curl https://ipv6.icanhazip.com- Install Cloudron (with or without the --provider lightsail flag).
wget https://cloudron.io/cloudron-setup chmod +x cloudron-setup ./cloudron-setup --provider lightsail- Reboot at the end of the installation.
- Log in to the instance again. Important: Wait at least 10 minutes.
- Try
curl https://ipv6.icanhazip.comagain. IPv6 is no longer working.
When executing
ip ayou see the lifetime of the IPv6 address. Once this lifetime expires, the IPv6 connection breaks.
Is there a known fix for this issue?
@hcj-online yes, this was fixed a while ago in https://git.cloudron.io/platform/box/-/commit/7f87af5a0827af431a3ecb8bfca4bc693c3707b0 . It's part of the next release.
To fix locally:
- Edit
/home/yellowtent/box/setup/start/cloudron-firewall.sh - Around line 111, add the line
$ip6tables -t filter -A CLOUDRON -p udp --sport 547 --dport 546 -j ACCEPT - Reboot server
-
The code around that block should look like this:
# ICMPv6 is very fundamental to IPv6 connectivity unlike ICMPv4 echo "==> Allow ICMP" $iptables -t filter -A CLOUDRON -p icmp --icmp-type echo-request -j ACCEPT $iptables -t filter -A CLOUDRON -p icmp --icmp-type echo-reply -j ACCEPT $ip6tables -t filter -A CLOUDRON -p ipv6-icmp -j ACCEPT $ip6tables -t filter -A CLOUDRON -p udp --sport 547 --dport 546 -j ACCEPT ipxtables -t filter -A CLOUDRON -p udp --sport 53 -j ACCEPT # for ldap,dockerproxy server (ipv4 only) to accept connections from apps. for connecting to addons and mail container ports, docker already has rules $iptables -t filter -A CLOUDRON -p tcp -s 172.18.0.0/16 -d 172.18.0.1 -m multiport --dports 3002,3003 -j ACCEPT -
Thanks! Adding the line solves the issue. Time to roll out the update!
-
G girish has marked this topic as solved on
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login