On Fri, 19 Feb 2021 at 09:47, Simon Matter <simon.matter@xxxxxxxxx> wrote:
> > On Fri, 19 Feb 2021, Mathieu Baudier wrote:
> >
> >> Hello,
> >>
> >> On a remote server (in an IPv6-only infrastructure) I am getting the
> >> following error when trying to update CentOS 8 Streams x86_64:
> >>
> >> $ sudo dnf upgrade --refresh
> >> Failed to set locale, defaulting to C.UTF-8
> >> CentOS Stream 8 - AppStream
> >>
> >> 0.0 B/s | 0 B 00:16
> >> Errors during downloading metadata for repository 'appstream':
> >> - Curl error (7): Couldn't connect to server for
> >>
> http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=AppStream&infra=stock
> >> [Failed to connect to mirrorlist.centos.org port 80: Permission denied]
> >> Error: Failed to download metadata for repo 'appstream': Cannot prepare
> >> internal mirrorlist: Curl error (7): Couldn't connect to server for
> >>
> http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=AppStream&infra=stock
> >> [Failed to connect to mirrorlist.centos.org port 80: Permission denied]
> >
> > Try using an https:// URL.
>
> Are you sure? At least from here over IPv4, http works well but https
> doesn't work at all. Sounds strange if http would work only over IPv4 and
> https would work only over IPv6.
>
>
It wouldn't work anyway because CentOS mirrors do not have https. I tried
this from my home system
```
[ssmoogen@localhost ~]$ for i in "2001:4178:5:200::10"
"2600:1f16:c1:5e01:4180:6610:5482:c1c0" "2604:1380:2001:d00::3"
"2604:1580:fe02:2::10" "2604:1380:1001:6c00::1"; do curl -v6
"https://[${i}]/?release=8-stream&arch=x86_64&repo=AppStream&infra=stock";;
done
* Trying 2001:4178:5:200::10:443...
* connect to 2001:4178:5:200::10 port 443 failed: Permission denied
* Failed to connect to 2001:4178:5:200::10 port 443: Permission denied
* Closing connection 0
curl: (7) Failed to connect to 2001:4178:5:200::10 port 443: Permission
denied
* Trying 2600:1f16:c1:5e01:4180:6610:5482:c1c0:443...
* connect to 2600:1f16:c1:5e01:4180:6610:5482:c1c0 port 443 failed:
Permission denied
* Failed to connect to 2600:1f16:c1:5e01:4180:6610:5482:c1c0 port 443:
Permission denied
* Closing connection 0
curl: (7) Failed to connect to 2600:1f16:c1:5e01:4180:6610:5482:c1c0 port
443: Permission denied
* Trying 2604:1380:2001:d00::3:443...
* connect to 2604:1380:2001:d00::3 port 443 failed: Permission denied
* Failed to connect to 2604:1380:2001:d00::3 port 443: Permission denied
* Closing connection 0
curl: (7) Failed to connect to 2604:1380:2001:d00::3 port 443: Permission
denied
* Trying 2604:1580:fe02:2::10:443...
* connect to 2604:1580:fe02:2::10 port 443 failed: Permission denied
* Failed to connect to 2604:1580:fe02:2::10 port 443: Permission denied
* Closing connection 0
curl: (7) Failed to connect to 2604:1580:fe02:2::10 port 443: Permission
denied
* Trying 2604:1380:1001:6c00::1:443...
* connect to 2604:1380:1001:6c00::1 port 443 failed: Permission denied
* Failed to connect to 2604:1380:1001:6c00::1 port 443: Permission denied
* Closing connection 0
curl: (7) Failed to connect to 2604:1380:1001:6c00::1 port 443: Permission
denied
```
removing the -v gives the following error:
```
[ssmoogen@localhost ~]$ for i in "2001:4178:5:200::10"
"2600:1f16:c1:5e01:4180:6610:5482:c1c0" "2604:1380:2001:d00::3"
"2604:1580:fe02:2::10" "2604:1380:1001:6c00::1"; do curl -6
"https://[${i}]/?release=8-stream&arch=x86_64&repo=AppStream&infra=stock";;
done
curl: (7) Failed to connect to 2001:4178:5:200::10 port 443: Permission
denied
curl: (7) Failed to connect to 2600:1f16:c1:5e01:4180:6610:5482:c1c0 port
443: Permission denied
curl: (7) Failed to connect to 2604:1380:2001:d00::3 port 443: Permission
denied
curl: (7) Failed to connect to 2604:1580:fe02:2::10 port 443: Permission
denied
curl: (7) Failed to connect to 2604:1380:1001:6c00::1 port 443: Permission
denied
```
Notice that the permission denied is different from what was reported in
the original email. I am not sure why that is.
If I change that from https: to http all of the IP addresses work. So my
guess is that something is blocking the originator IP to those mirror
servers but it isn't clear what.
--
Stephen J Smoogen.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
