On Fri, 19 Feb 2021 at 09:47, Simon Matter simon.matter@invoca.ch wrote:
On Fri, 19 Feb 2021, Mathieu Baudier wrote:
Hello,
On a remote server (in an IPv6-only infrastructure) I am getting the following error when trying to update CentOS 8 Streams x86_64:
$ sudo dnf upgrade --refresh Failed to set locale, defaulting to C.UTF-8 CentOS Stream 8 - AppStream
0.0 B/s | 0 B 00:16Errors during downloading metadata for repository 'appstream':
- Curl error (7): Couldn't connect to server for
http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=AppS...
[Failed to connect to mirrorlist.centos.org port 80: Permission denied] Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: Curl error (7): Couldn't connect to server for
http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=AppS...
[Failed to connect to mirrorlist.centos.org port 80: Permission denied]
Try using an https:// URL.
Are you sure? At least from here over IPv4, http works well but https doesn't work at all. Sounds strange if http would work only over IPv4 and https would work only over IPv6.
It wouldn't work anyway because CentOS mirrors do not have https. I tried this from my home system ``` [ssmoogen@localhost ~]$ for i in "2001:4178:5:200::10" "2600:1f16:c1:5e01:4180:6610:5482:c1c0" "2604:1380:2001:d00::3" "2604:1580:fe02:2::10" "2604:1380:1001:6c00::1"; do curl -v6 "https://%5B$%7Bi%7D%5D/?release=8-stream&arch=x86_64&repo=AppStream&..."; done * Trying 2001:4178:5:200::10:443... * connect to 2001:4178:5:200::10 port 443 failed: Permission denied * Failed to connect to 2001:4178:5:200::10 port 443: Permission denied * Closing connection 0 curl: (7) Failed to connect to 2001:4178:5:200::10 port 443: Permission denied * Trying 2600:1f16:c1:5e01:4180:6610:5482:c1c0:443... * connect to 2600:1f16:c1:5e01:4180:6610:5482:c1c0 port 443 failed: Permission denied * Failed to connect to 2600:1f16:c1:5e01:4180:6610:5482:c1c0 port 443: Permission denied * Closing connection 0 curl: (7) Failed to connect to 2600:1f16:c1:5e01:4180:6610:5482:c1c0 port 443: Permission denied * Trying 2604:1380:2001:d00::3:443... * connect to 2604:1380:2001:d00::3 port 443 failed: Permission denied * Failed to connect to 2604:1380:2001:d00::3 port 443: Permission denied * Closing connection 0 curl: (7) Failed to connect to 2604:1380:2001:d00::3 port 443: Permission denied * Trying 2604:1580:fe02:2::10:443... * connect to 2604:1580:fe02:2::10 port 443 failed: Permission denied * Failed to connect to 2604:1580:fe02:2::10 port 443: Permission denied * Closing connection 0 curl: (7) Failed to connect to 2604:1580:fe02:2::10 port 443: Permission denied * Trying 2604:1380:1001:6c00::1:443... * connect to 2604:1380:1001:6c00::1 port 443 failed: Permission denied * Failed to connect to 2604:1380:1001:6c00::1 port 443: Permission denied * Closing connection 0 curl: (7) Failed to connect to 2604:1380:1001:6c00::1 port 443: Permission denied ```
removing the -v gives the following error: ``` [ssmoogen@localhost ~]$ for i in "2001:4178:5:200::10" "2600:1f16:c1:5e01:4180:6610:5482:c1c0" "2604:1380:2001:d00::3" "2604:1580:fe02:2::10" "2604:1380:1001:6c00::1"; do curl -6 "https://%5B$%7Bi%7D%5D/?release=8-stream&arch=x86_64&repo=AppStream&..."; done curl: (7) Failed to connect to 2001:4178:5:200::10 port 443: Permission denied curl: (7) Failed to connect to 2600:1f16:c1:5e01:4180:6610:5482:c1c0 port 443: Permission denied curl: (7) Failed to connect to 2604:1380:2001:d00::3 port 443: Permission denied curl: (7) Failed to connect to 2604:1580:fe02:2::10 port 443: Permission denied curl: (7) Failed to connect to 2604:1380:1001:6c00::1 port 443: Permission denied ```
Notice that the permission denied is different from what was reported in the original email. I am not sure why that is.
If I change that from https: to http all of the IP addresses work. So my guess is that something is blocking the originator IP to those mirror servers but it isn't clear what.