outgoing IPv6 port 443 is blocked (for some sites)

Question

Hello,

My Azure host (nagios03) has IPv6 enabled. My goal is to use this host for monitoring public facing services on other hosts.

My current block is monitoring port 443 on IPv6 addresses. This seems to be the only port blocked.

Points of interest:

• the azure host does not have firewall enabled
• connecting to port 80 or port 443 on IP4 succeeds
• connecting to port 80 on IPv6 succeeds
• connecting to port 443 on IPv6 fails
• connections from another host all succeed (both IP4 and IPv6, both 80 and 443)

It's as if outgoing port 443 is blocked on IPv6 (well, except for google.com/.ca)

Here's an example (using better known host names:

[dvl@nagios03:
Connection to www.facebook.com 80 port [tcp/http] succeeded
[dvl@nagios03:
Connection to www.facebook.com 80 port [tcp/http] succeeded
[


Connection to 
[dvl@nagios03:~] $ nc -zv www.facebook.com
nc: connect to www
[dvl@nagios03:~] $ 

# these also fail:

[dvl@nagios03:~] $ nc -zv bsd.network
n

[dvl@nagios03:~] $ nc -zv www.youtube.com 443 -6
nc: connect to www.youtube.com port 443 (tcp) failed: No route to host
nc: connect to www.youtube.com port 443 (tcp) failed: No route to host
nc: connect to www.youtube.com port 
Connection to www.youtub

# and I don't know why these work but the above do not:

[dvl@nagio
Connection to www.google.ca 443 port [tcp/https] succeeded!

[dvl@nagios0
Connection to www.google.com 443 port [tcp/https] succeeded!

When I test the above failures from other hosts, they succeed.My initial thoughts were it's the hosts I'm trying to monitoring.

Now I think it's only my azure host.

Things I have eliminated:

• it's not the hosts I'm monitoring: tests work from other hosts
• it's not a firewall not the Azure host (the host is not running a firewall)
• it's not port 443 blocked - IP4 port 443 works

Ideas please?