Q: I recently set up two DNS servers and a SMTP server in our companies DMZ with IPv6 IP addresses. They are all in the same subnet, but I am unable to ping each system from the other. I have used ping6 and still not answering. Also our DNS servers are not able to query each other or make zone transfers via IPv6 addresses.
A: Most likely cause is the firewall. At first this may sound odd since you probably know enough to have port 53 open for DNS and port 25 open for SMTP. But the problem that most people run into is that fact that ARP is no longer available in Ipv6.
In the past, when multiple machines were on the same subnet you did not need to configure any routing. ARP (Address Resolution Protocol) would handle the routing of machines on the same subnet using Layer 2 of the OSI Model. ARP is no longer supported in IPv6. It’s functionality has been given to NDP (Neighbor Discovery Protocol) which is incorporated into ICMPv6.
With this being said, you will need to open ICMP on the system running IPv6 in order to have the same functionality as ARP.
To allow ICMPv6 traffic we can use ip6tables like so:
ip6tables -I INPUT -p ipv6-icmp -j ACCEPT
Then save iptables:
service ip6tables save
Now your traffic should flow freely between systems on the same subnet.
The above commands will work on Red Hat, CentOS and Fedora versions previous to them switching to systemd (I beleive it was Fedora 15). After Fedora 15 you will need to use the following command to save your ip6tables configuration:
ip6tables-save > /etc/sysconfig/ip6tables
I hope this helps you, if you need more help please sound off in the comments.