Problem with Linux upgrades behind firewall



  1. DNS returns IPv6 addresses
  2. Some servers only accept IPv6 connections


I don’t know if others who have the same issue aren’t noticing it because of using GUIs to update, but the past few weeks I have been struggling with my (Debian-based) updates. Since update propagation to mirrors is often the reason I’d usually just wait, but then I looked at the returned errors in more detail. Following is an example (there are lots of them):

Err:1 stable InRelease
Cannot initiate the connection to (2a00:1450:400f:803::200e). - connect (101: Network is unreachable) [IP: 2a00:1450:400f:803::200e 80]

When I bypass IPFire and connect directly to the router (which also handles IPv6), everything works.

When I use something like this apt-get -o Acquire::ForceIPv4=true update it works in some cases, but in others the remote machines refuse IPv4 connections to the repositories.

In other words, I’m at a crossroad: I have to be able to update my machines and I refuse to bypass IPFire.

Any suggestions would be greatly appreciated; I have been a user since IPCop days and really prefer the simplicity (and low resource usage) of IPFire.


More info

At work I am behind a MikroTik which drops all IPv6 packets, and there upgrades from the same laptop work just fine (without telling apt-get to use IPv4).

Other than a different subnet, the only difference is that at home I am behind IPFire and at work not.

I would appreciate any ideas.