-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Well, so does that mean that your backend mirror has no ipv4 connectivity at all ? (for outgoing connections that is), or is that the one from the frontend that is used for outgoing connections (and so that needs to be allowed) ?
Correct the backend has no IPv4 connectivity.
[root@mirror ~]# ip a sh eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:77:b4:10 brd ff:ff:ff:ff:ff:ff inet6 2a02:168:7a0e:6:5054:ff:fe77:b410/64 scope global noprefixroute dynamic valid_lft 86347sec preferred_lft 14347sec inet6 fe80::5054:ff:fe77:b410/64 scope link valid_lft forever preferred_lft forever
The fronted IPs are served via a DNS CNAME and might be changed due to infrastructure flexibility.
PS.: If you can provide a username/password rsync access, I can move the backend into a mixed IPv4/IPv6 network. (NAT private IPv4 RC1918 / IPv6) The IPv6 address would change then.
Do you have any other idea? Maybe it is not mandatory (until IPv6 is available) to have a direct connection to our msync network? May I host the first msync IPv6 for Europe?
Problem is that actually nodes in our msync network only have ipv4 (something I'd like to change, but you'd be surprised how many DC don't provide ipv6)
It should really be changed _asap_. IPv6 was codified 1st of December 1995 in RFC1883. This is over _20_ years ago.