Get superfast AT&T Fiber internet
SCSIraidGURU's profile

Tutor

 • 

65 Messages

Monday, February 5th, 2024 6:43 PM

Issues with AT&T Fiber IPv6 Delegated address

I switched one of the Fortinet 60E firewall interfaces back to my AT&T Fiber.   The server gets this address:   2600:1700:b101:808f:20c:29ff:fea5:7fec 

www.scsiraidguru.com is a web server on this server.  SSL Labs states it can't contact it on IPv6.   Fortinet tech said it isn't routing to the Firewall.   The AT&T modem shows it as the right PD:  2600:1700:b101:808f:/64.   Calling AT&T is useless.  No one there knows IPv6.    My Godaddy DNS has it configured as the AAAA record.   

Ubuntu 22.04 on Web Server

WAN1 has AT&T Fiber is on on DMZ.  Fortinet shows the PD subnet on the interface.  Outbound traffic isn't working.  Updates of Ubuntu were done in IPv6 on Comcast.  Now, they are not working right in IPv6.  It has issues with inbound traffic to the web server.   I know the server is configured properly.   It worked on Comcast and works on IPv4.  

WAN2 has Comcast,  IPv6 works on all other Fortinet interfaces.   Comcast is raising the price, so I am downgrading it. 

Fortinet was able to ping the WAN1 IPv6 address from AT&T.


Tutor

 • 

406 Messages

2 months ago

Did you turn off the Reflexive ACL option in the AT&T gateway?

Community Support

 • 

231.2K Messages

2 months ago

Hi @SCSIraidGURU

We understand your concern. Let's get the help you need!
In order to help you with the steps to troubleshoot, please let us know which operating systems (OS) are you using?

Looking forward for your response.

 

Thank you,

Sarah, AT&T Community Specialist

 

Tutor

 • 

65 Messages

2 months ago

Ubuntu 22.04 is the operating system.   I moved the web server from Comcast WAN2 to AT&T WAN1.  Comcast worked great.  They were going to raise the price to $90 for 400 Mbps Down/35 Mbps Up.  More than the AT&T fiber.   The WAN1 address can be pinged from Fortinet.  

I will check the modem to see if reflexive ACL is disabled.  It should be disabled since it is a control list for their firewall.  The modem connects to the Fortinet 60E firewall.  Everything is passed to it.   The Fortinet 60E firewall handles all the duties.  The modem firewall is disabled and acts as the pass through.  


Two web sites: 
https://www.scsiraidguru.com/
https://mc.scsiraidguru.com/


(edited)

Community Support

 • 

231.2K Messages

2 months ago

Hi @SCSIraidGURU,

Thank you for the response. Since we don't have the exact settings to disable the IPv6for Ubuntu Operating System. Hence, please Co-ordinate with the respective client(Ubuntu Operating System) for further assistance.

Feel free to contact us back for further assistance.

Thank you,

Sarah, AT&T Community Specialist.

 

Tutor

 • 

65 Messages

2 months ago

I want to enable IPv6 on AT&T Forum and get it properly routing.  2600:1700:b101:808f:/64 is the last PD Subnet.  WAN1 is using the first 2600:1700:b101:8080:/64.   How come they can't give me a /61 block starting with 2600:1700:b101:8088:/64.  Comcast gives me an entire /60 with 16 x /64 blocks.   No one at AT&T understands IPv6.  



ACE - Expert

 • 

35K Messages

2 months ago

I was able to get to your sites after correcting the typos in the URL.  I've done a little playing with Arduino (mainly ESP8266 boards) and RPis, but nothing has made it out of the play stage. :)

(edited)

Tutor

 • 

65 Messages

2 months ago

I fixed the typos and checked them.   Let me check the firewall logs.   I see no IPv6 traffic to the web servers.   Did you connect with IPv4?  109.105.51.162 was the last Ipv4 address to connect to the web servers.   

my https://mc.scsiraidguru.com/ site has many of my Arduino projects.   Our children 5 and 8 are learning to program on them.  

(edited)

ACE - Expert

 • 

35K Messages

2 months ago

Ah... yes, I have IPv6 disabled for various reasons.

The last two projects I was working on were:

a Fast Fourrier transform to detect my washer's completion melody (I got it so it could recognize it 80% of the time, which wasn't good enough for me. :) )

a TELNET proxy so that I can bring the serial port of a remote UPS back to where I have devices on which I can run the UPS' monitoring software.  The ESP8266 board started giving me issues when I tried to hook up the serial interface.  I've been meaning to test it with a full size Arduino.  My other option is a very cheap, lower power x86 box to run some linux that would support the software.  (RPi won't do because stoopid vendor only has amd64 builds, not arm builds).

(edited)

Tutor

 • 

65 Messages

2 months ago

IPv6 is not easy to configure.   You should be using SSH instead of Telnet.  Telnet isn't secure.   I have two ESP8266 fail.   I am looking at getting the WIFI versions of the Arduino soon.   I have 9 Arduinos and one Raspberry Pi 4B.   RPi uses ARM processors not AMD.  

Tutor

 • 

65 Messages

2 months ago

1.) AT&T Fiber needs an inbound route to the PD 
2.) AT&T Fiber needs the PD to start at 8088 not 808F, so we have at least /61 block of addresses.

Comcast gives me the full /60.  

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.