Is a pc behind a router visible to the net using ipv6?

ipv6

I've got a pc connected to the net behind a router, pretty standard stuff. I am wondering if any of the ipv6 addresses listed for my pc can be reached from the rest of the net. So far I've not had luck pinging or ssh'ing from a remote server (which does support ipv6 insofar as ping ipv6.google.com works, also true for my pc). Both the pings and ssh hang.
Should any of these ipv6 addrs in principle be visible from the rest of the net?

jeremy@jeremy-Blade:~/sw/tor-browser_en-US/Browser$ ifconfig
....    
wlp59s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.52  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 2a10:8006:1f6c:0:ad49:e1a3:327a:714c  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::3ad4:73bf:e4b1:b2e2  prefixlen 64  scopeid 0x20<link>
        inet6 fde5:3ccb:8b2:0:ad49:e1a3:327a:714c  prefixlen 64  scopeid 0x0<global>
        inet6 fde5:3ccb:8b2:0:b67a:b275:d6b5:63af  prefixlen 64  scopeid 0x0<global>
        inet6 2a10:8006:1f6c:0:7180:69bd:4b64:a3fd  prefixlen 64  scopeid 0x0<global>
        ether 9c:b6:d0:13:98:21  txqueuelen 1000  (Ethernet)
        RX packets 367229  bytes 331829936 (331.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 256033  bytes 171040955 (171.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ssh from a remote machine hangs after

root@scrpr:~# ssh -vvvvv jeremy@2a10:8006:1f6c:0:7180:69bd:4b64:a3fd
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "2a10:8006:1f6c:0:7180:69bd:4b64:a3fd" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 2a10:8006:1f6c:0:7180:69bd:4b64:a3fd [2a10:8006:1f6c:0:7180:69bd:4b64:a3fd] port 22.

and /var/log/auth.log shows no activity.

I haven't touched the ufw rules since installing ubuntu 20.04, status says

jeremy@jeremy-Blade:~/sw/tor-browser_en-US/Browser$ sudo service ufw status
● ufw.service - Uncomplicated firewall
     Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
     Active: active (exited) since Sat 2021-07-03 19:53:55 EEST; 27min ago
       Docs: man:ufw(8)
    Process: 535 ExecStart=/lib/ufw/ufw-init start quiet (code=exited, status=0/SUCCESS)
   Main PID: 535 (code=exited, status=0/SUCCESS)

Warning: journal has been rotated since unit was started, output may be incomplete.

Yes and no – the address is reachable by default, but a firewall can prevent it from being reachable.

(Seems to me that "visible to the net" doesn't mean the same thing as "reachable from the net" – they seem to be kind of opposites, at least in the sense that you're asking.)

If you have IPv6 at home, most likely your home router has its own firewall that only allows outbound connections (and responses) but blocks any inbound connections at the edge of the network. (And if you're using IPv6 at work or school, then it is even more likely that inbound access to the entire LAN is filtered by a firewall.)

Technically it's even possible that packets would be blocked at ISP level, affecting all customers (e.g. to 'encourage' them to pay for a business plan or something).

Run tcpdump -n -i wlp59s0 ip6 or wireshark -k -i wlp59s0 -f ip6 – this will show all IPv6 packets, even those that would be blocked by UFW or iptables. If this shows incoming pings, then the problem is your computer's firewall (i.e. UFW rules); if it shows incoming Neighbour Solicitations but not outgoing Neighbour Advertisements, the problem is either with your OS or with the actual address being wrong; and if it shows nothing at all, then it's definitely being blocked somewhere higher (i.e. on your router or ISP).

On Linux you should be using ip addr to check which IP addresses you have. The Linux 'ifconfig' is an old tool that often omits important information; it should be avoided. (This advice does not apply to BSDs, where ifconfig is the primary tool.)

In the 'ip addr' output, some of your IPv6 addresses may be marked "temporary" – those will expire and be replaced every few hours. For inbound connections, use the address that does not have the "temporary" flag next to it – that one is permanent and can be used in firewall rules, DNS, etc.

Related

Why does my monitor take over 5 minutes to display anything after turning it on?
Bash script special character
Taking ownership a folder in Windows 10 [closed]
manage TO-DO list in Notepad++
Wireless Keyboard Intermittently Stops Working
How can i make windows 10 boot loader load first then bitlocker
How to to automatically refuse GDPR consent requests?
Can I install unsigned Windows drivers to work without test mode or disabling driver signing and without buying a code signing certificate?
USB 3.0 port no longer recognizing USB 2.0 devices, seems to still work with USB 3.0 devices
how to cache credentials on Windows
Combining SUMIF() and SUBTOTAL() for Dynamic Subtotal
Not getting gigbit from a gigabit link?