Comments (2)
hsanjuan
commented on August 24, 2024
2
It seems 64:ff9b:1::/48 is used for ipv4 translation... essentially you need to update your AddrFilters to exclude whatever Hetzner is using for LAN addresses. The server profile includes some well-known ranges but it seems to be missing this one. I guess it should be included...
Of course, let's not forget that Hetzner sucks, that they don't implement any network isolation and instead they put this shitty netscan detector and make ipfs-users life hard without giving any warning. You may well ask their support what private IP ranges to avoid because they may belong to other customers, but instead of dealing with Hetzner support, it is better that you buy yourself an icecream and spend the remaining time migrating off to a sane cloud provider that doesn't make you deal with this BS, if possible (in my humble and personal opinion).
from kubo.
aschmahmann
commented on August 24, 2024
Mostly agree with @hsanjuan, but poking into this more it looks like there are a few things going on here (although lmk if I'm wrong).
::/8was reserved by IETF and has carved out some uses https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xml- For some reason there are machines out there with what seem to be invalid addresses like
::5054:ff:fe92:8bc9(i.e. they don't fall under one of the approved uses in a space reserved by IETF) - Hetzner yells at you for dialing these addresses... which they could just drop because they're invalid, but it also seem like fair game for go-libp2p to block dialing these addresses too
- For some reason there are machines out there with what seem to be invalid addresses like
64:ff9b:1::/48should be add to the server profile filters in kubo because it's a private IP range64:ff9b::/96is a valid public IP space per https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml64:ff9b::175:1005falls into this range rather than the one above which should be filtered in kubo. If I'm doing the conversion correctly this is 1.117.16.5 (apparently a Tencent datacenter in China). This means Hetzner is blaming you for dialing what should be valid IP addresses... they might just have a filter for::/8and yell at you for dialing anything in that range (since the loopback addresses shouldn't touch the network anyway).
If so this would mean the actions here are:
- Add filters (likely in go-libp2p, although they could be hardcoded in kubo if necessary) that block the subset of
::/8that's undefined - Add
64:ff9b:1::/48to the server profile filters in kubo - Hetzner users should tell them that 64:ff9b::/96 is fair game
- See https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml (globally reachable column)
- See RFC 6052
- Hetzner users can also choose to block this range as well while they wait on Hetzner to deal with the issue
from kubo.
Related Issues (20)
- websocket: failed to close network connection: close tcp HOT 8
- Describe environment variable names/expected values in config docs HOT 1
- Cannot retrieve content by addressing with SHA256 (raw binary?) HOT 1
- api/v0/resolve returns invalid JSON
- Release 0.30 HOT 7
- IPFS RPC API documentation HOT 1
- Ipfs kubo node memory usage increases endlessly HOT 3
- /api/v0/get can't save file and not equal cmd: ipfs get HOT 4
- kubo behind haproxy unable to return deserialized responses HOT 3
- Exception 0xc0000005 0x8 0x0 0x0 when try to run ipfs. HOT 2
- Binding UDP sockets to a non-IP address HOT 3
- Lost Some of the files HOT 3
- panic: runtime error: invalid memory address or nil pointer dereference
- Memory leak HOT 19
- Add ability to deny serving any `Paths` content on a gateway by default
- Debian handler scripts - Copy or Submodule? HOT 1
- Set the public gateway in the web UI, custom ports are not accepted.
- Add a grace period to obtain the lock to avoid "Error: lock /data/ipfs/repo.lock: someone else has the lock"
- Download & upload IPNS records through API / CLI HOT 1
- race condition bug or a flaky test: TestAddMultipleGCLive
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubo.