@JKnott said in ISP offering and testing an IPv6 BETA program, but it's not working and need some ideas: @bmeeks said in ISP offering and testing an IPv6 BETA program, but it's not working and need some ideas: I'm talking about lines #31 and #32 in the top window of the Wireshark display at times 140.049081 and 140.071568. Notice that reply from my ISP side that is sourced from port 547 (which is correct) and destined for port 547 (which is incorrect as I think it should be 546). Note also this says it is a Relay-reply message type. I see that replay reply, which I have never seen before. I have no idea what it's about. Yeah, me neither. I've sent your capture and mine to the consulting engineer for my ISP. I think perhaps setting all this up is new for him as well. Hence the BETA program. So, likely a learning curve for the both of us . Thank you for your input. You validated what I thought I understood. Just wanted another more experienced IPv6 user's view.

@myfamilydeservesbetter said in Editing the PHP SOURCECODE to enable ipv6 ?! // block in log inet6 all ridentifier 1000000105 label "Default deny rule IPv6": I also have a green check mark The green check mark means : this is a pass rule. Bytes "0" means : the rule hasn't matched (yet ) with traffic passed into the interface. Editing the PHP SOURCECODE to enable ipv6 Something really strange is going on.

@JKnott yea weird. :( I guess we’ll see but everything seems to be okay. I do appreciate your help through this.

@Bob-Dig Given the pictures are already there, what would it accomplish to provide more? I often post pictures when I think it would help.

@jimp I understand, that this is the case however I think it's sad that CE is neglected in this way.

@guardian said in WAN Firewall Rules for IPv6: Will IPv6 go through a bridge the same way as IPv4? Yep, as will IPX, NetBIOS, SNA, DECNet, etc..

@Gertjan Yes this would work if I not disable IPv6 in Advanced Settings and then catch the IPv6 with my own rules as you suggest. However, by allowing IPv6 in Advanced Settings, pfSense automatically add rules to allow any icmpv6, because this is needed for ipv6 to work. These rules cannot simply be overruled. It's not a big problem, at least I can control the logs a little better, but at least icmpv6 will be allowed and that is not something I wanted to begin with.

@asdjklfjkdslfdsaklj said in DHCPv6 PD not installing route after 23.05-RELEASE upgrade: new bug report. That link is also a bug .... I mean : click on it and enjoy. More edits : Since 5 days or so : If the patchs is applied and you "pkg install dhcpleases6" does it work ?

@matthewgcampbell Again, pfSense has to know the route to that subnet. It knows where that interface is, but not what's beyond it. Here's an example, though it's for IPv4 only. [image: 1689991824891-67e12ab2-1f09-4074-ab90-d157cad78d48-image.png] In order to access that 172.16.2.0 network, I had to tell pfSense where to find it. You may see your pings go out, but how far do you see the replies coming pack? You can use Packet Capture to watch for them. I bet you see them come into pfSense, but then what??? Without a route, pfSense cannot send them where they're supposed to go. I assume that delegated prefix is provided by your ISP.

@s0ulf3re I had a similar issue, now resolved (for the most part): Resolved: Did v23-05 break ipv6?

@Bob-Dig not dynamic prefixes but ULA prefixes which are mapped to a routable IPv6 NAT 1:1 like you set fc08::1000 to a client then you can route it with NPt to whatever prefixes you own you just map ULA/64 to native /64 used to do it many times you can do this with he.net native IP and have failover links and choose which interface to use. So all the IPv6 are static but not in the range of the routable IPv6 prefix However never done it with double NAT seems to be tricky

I should add that the only difference between my custom config and the default (non-advanced) config was that request refreshtime; was added and the DNS related request lines were removed. This why I have a suspicion that adding in request refreshtime might be the thing that actually helped.

@johnpoz I mostly do, except some university classes require we use it. [image: 1688851689003-r.png]

@insmod active just means the cache has expired ie no traffic. IPv6 uses NDP, arp for IPv6.. There is little point to trying to create traffic to keep that listing as "active"