One more look at the iptables rules revealed that packets were being dropped by the default INPUT policy, but not all of them were! That was what this issue became after tweaking. However, because of that tweaking I inserted a rule to allow ICMPv6, but only for the main IP and not the rest of the IPs. I had forgotten about this and have now fixed it... All addresses are now reachable from various IPv6 endpoints around the world (suck that, Verizon!). With some exceptions that couldn't find me: core1.sjc2.he.netuser00265 wrote:Just as a follow-up, I've been messing with this and it seems to be related to ip6tables entries. I'm narrowing down the suspects. Seems that the default DROP policy for INPUT is the culprit, not matching some packets, even when there is a explicit rule to allow them through.
And one item worthy of note: there's a few different routers before the final router my server is at (sw-airway0), which depends on the route, but there's one without reverse hostname coming up: 2607:fe70::2:1 -- I know another router I frequently get is core0-eth2.