Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] IPv6 Tunnel up, Not passing traffic to LAN

    Scheduled Pinned Locked Moved
    IPv6
    5
    6
    3.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      IOWNSU
      last edited by

      Hi All,

      Have got my tunnel up and working, and can ping IPv6 stuff from the firewall

      
PING6(56=40+8+8 bytes) 2001:470:*******::2 --> 2001:4810::110
16 bytes from 2001:4810::110, icmp_seq=0 hlim=55 time=215.180 ms
16 bytes from 2001:4810::110, icmp_seq=1 hlim=55 time=212.745 ms
16 bytes from 2001:4810::110, icmp_seq=2 hlim=55 time=214.642 ms
16 bytes from 2001:4810::110, icmp_seq=3 hlim=55 time=214.564 ms
16 bytes from 2001:4810::110, icmp_seq=4 hlim=55 time=213.170 ms
^C
--- ip6.me ping6 statistics ---
6 packets transmitted, 5 packets received, 16.7% packet loss
round-trip min/avg/max/std-dev = 212.745/214.060/215.180/0.935 ms

      I can also ping hosts within my routed /64

      
PING6(56=40+8+8 bytes) 2001:470:****::1 --> 2001:470:****::fe
16 bytes from 2001:470:****::fe, icmp_seq=0 hlim=64 time=1.474 ms
16 bytes from 2001:470:****::fe, icmp_seq=1 hlim=64 time=0.843 ms
16 bytes from 2001:470:****::fe, icmp_seq=2 hlim=64 time=1.031 ms
16 bytes from 2001:470:****::fe, icmp_seq=3 hlim=64 time=0.927 ms
^C
--- 2001:470:****::fe ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.843/1.069/1.474/0.243 ms

      The firewall can be pinged on its /64 routed address from the internet (And other open ports accessable):

      
PING 2001:470:****::1: 56 data bytes
64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=0\. time=323\. ms
64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=1\. time=317\. ms
64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=2\. time=317\. ms
64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=3\. time=318\. ms
64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=4\. time=317\. ms

----2001:470:****::1 PING Statistics----
5 packets transmitted, 5 packets received, 0% packet loss
round-trip (ms)  min/avg/max/stddev = 317./319./323./2.7


      
Checked port 5555 on Host/IP 2001:470:****::1...

 The checked port (5555) is online/reachable!

Completed portscan in 0.2807 seconds

      My issue is that 2001:470:::fe cannot be accessed from the internet, and 2001:470::fe cannot access the internet

      
PING 2001:470:****::fe: 56 data bytes

----2001:470:****::fe PING Statistics----
5 packets transmitted, 0 packets received, 100% packet loss


      Checked port 80 on Host/IP 2001:470:****::fe...

 The checked port (80) is offline/unreachable

Reason: Connection timed out (110)

Portscan ran for 8.0096 seconds

      My Firewall Rules are as follows:

      My WAN Interface has:

      PASS IPv4 ICMP	 66.220.18.42	 *	 WAN address	 *	 *	 none	  	 HE.NET Allow ICMP

      My LAN Interface has:

      PASS IPv4 *	 LAN net	 *	 *	 *	 *	 none	  	 Default allow LAN IPv4 to any rule
PASS IPv6 *	 LAN net	 *	 *	 *	 *	 none	  	 Default allow LAN IPv6 to any rule

      My WANv6 Interface has:

      PASS IPv6 ICMP	 *	 *	 *	 *	 *	 none
PASS IPv6 TCP	 *	 *	 2001:470:****::fe	 80 (HTTP)	 *	 none	  	 Hypervisory Admin
PASS IPv6 TCP	 *	 *	 2001:470:****::1	 5555	 *	 none	  	 Firewall

      Any ideas where i have gone wrong ?

      1 Reply Last reply Reply Quote 0
      • I
        IOWNSU
        last edited by

        Interesting. The above config has started working with no further intervention.

        1 Reply Last reply Reply Quote 0
        • J
          jigpe
          last edited by

          thanks for posting this. in order to get ipv6 work, my workstation should be win7 right? or os that supports ipv6 except win xp right?

          1 Reply Last reply Reply Quote 0
          • D
            databeestje
            last edited by

            yes

            1 Reply Last reply Reply Quote 0
            • M
              Matthias
              last edited by

              I'm not sure this can be marked solved as there really isn't an answer as to why this was happening. I seem to be having the same issue right now ever since upgrading to the latest snapshots. I'll randomly lose my IPv6 connectivity, the gateway is still up and I can ping ipv6 addresses from the firewall but not from any of my LAN workstations. My last known working config was the pfSense-Full-Update-2.1-DEVELOPMENT-i386-20111125-1741.tgz

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                @Matthias:

                I'm not sure this can be marked solved as there really isn't an answer as to why this was happening. I seem to be having the same issue right now ever since upgrading to the latest snapshots. I'll randomly lose my IPv6 connectivity, the gateway is still up and I can ping ipv6 addresses from the firewall but not from any of my LAN workstations. My last known working config was the pfSense-Full-Update-2.1-DEVELOPMENT-i386-20111125-1741.tgz

                post info in a new thread, there are countless reasons this can happen and it's not likely yours is the same as the OP's. HE.net has been flaky for me of late, you may be seeing the same, or there may be some kind of issue. Post a new thread with traceroute6 output from a LAN host when it's not working.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post