[SOLVED]IPv6 Ping/Access from Outside & DHCP Assign to Client
-
Hi guys,
1. I'm trying to figure out how on earth can i allow http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-ping.php to Ping my IPv6 address. I've followed the guide on http://doc.pfsense.org/index.php/Using_IPv6_on_2.0 and still being lost. When i open http://www.kame.net i can see the dancing turtle and assume my connection is on IPv6 Address. The site http://test-ipv6.com/ also confirms my dual stack address which is 2001:470:35:bd::ffe3 . Am i missing Rules to allow? Here's my current rules http://pastebin.com/KwQzwuxe
2. I'm still confuse after reading over and over again the http://doc.pfsense.org/index.php/Using_IPv6_on_2.0 . It does gives out IPv6 address to my Win XP SP3 PC and as i mentioned earlier, all ok but when comes to ping from outside, it doesn't respond. By the way, i'm on pppoe dynamic address if anything ring a bell. And does my range seems ok ? As per below
Subnet 2001:470:35:bd:0:0:0:0
Subnet mask 64 bits
Available range 2001:470:35:bd:0:0:0:1 - 2001:470:35:bd:ffff:ffff:ffff:ffffFirst box : 2001:470:35:bd:0:0:0:FF00 Second box : 2001:470:35:bd:0:0:0:FFFF
And the address that i got >>> 2001:470:35:bd::ffe3 << Weird to me hmmmI'd appreciate if you guys could point me to the right direction or any guides that can help with my situation.
Some info about my he.net :IPv6 Tunnel Endpoints
Server IPv4 Address:216.218.221.42
Server IPv6 Address:2001:470:35:bd::1/64
Client IPv4 Address:60.xxx.xxx.xxx
Client IPv6 Address:2001:470:35:bd::2/64
Available DNS Resolvers
Anycasted IPv6 Caching Nameserver:2001:470:20::2
Anycasted IPv4 Caching Nameserver:74.82.42.42
Routed IPv6 Prefixes
Routed /64:2001:470:36:bd::/64Thanks for helping out
P/S : I'm on PPPoE connection and it's 2.10 AM GMT +8 Kuala Lumpur. Guess i'll go to sleep first and turn off my pc. Will get back once i got up .
-
Hi guys,
Just to let you know i've use dibbler a dhcpv6 client and below are the config
–--- snippet ------
iface "Local Area Connection" {
ia
option domain
}And my ipv6 if in cmd shows
Interface 4: Ethernet: Local Area Connection
Guid {7552437D-85FB-4F73-9FC4-6864BE5231F6}
uses Neighbor Discovery
uses Router Discovery
link-layer address: 6c-f0-49-49-cf-74
preferred global 2001:470:35:bd::ffe3, life 92m57s/47m57s (manual)
preferred link-local fe80::6ef0:49ff:fe49:cf74, life infinite
multicast interface-local ff01::1, 1 refs, not reportable
multicast link-local ff02::1, 1 refs, not reportable
multicast link-local ff02::1:ff49:cf74, 1 refs, last reporter
multicast link-local ff02::1:ff00:ffe3, 1 refs, last reporter
link MTU 1500 (true link MTU 1500)
current hop limit 64
reachable time 39500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 1
default site prefix length 48Here's the netsh interface ipv6 show route output
C:\Documents and Settings\admin>netsh interface ipv6 show route
Querying active state…Publish Type Met Prefix Idx Gateway/Interface Name
------- -------- ---- ------------------------ --- ---------------------
no Autoconf 256 ::/0 4 fe80::2e0:56ff:fe4d:1427C:\Documents and Settings\admin>
My tunnel is currently UP and working, i haven't run dibbler dhcpv6 client but i can open http://ipv6.google.com and http://www.kame.net shows a dancing turtle. Could anyone can please ping my IPv6 address please for testing purpose. I haven't done any changes on Rule in pfsense, still using the same rule allow ICMPv6 and all traffic. Thanks
-
UPDATE :
1. Problem resolved on this issue. I can now run Dual Stack IPv4 & IPv6 Mail Server/Web Server/DNS Server or anything. After extensive reading, i finally understand that i need to add Rules on my HE.Net Interface –> http://192.168.0.1/firewall_rules.php?if=opt1 . This is the interface originally OPT1 that i need to add Rules to Pass IPv6 TCP/UDP to my PC IPv6 Address. Sure it's not secure, but this serves as testing purpose and not to be use as in real thing. And finally i'm certified as Administrator in He.Net IPv6 certification.
2. Seems the address issue 2001:470:35:bd::ffe3 assign by DHCPv6 server kinda bugging me. I thought i would get something like 2001:470:35:bd::2:1:ffe3 or anything besides that one. Guess i really need to understand how the assign goes on. But it works that for sure.
Regarding the no 1 , before i add those rules, i've done some test via external websites that checks my IPv6 connectivity to my Web Server (internal LAN) on port 80 . Says everything was perfect on port 80 (it manage to grab my Apache info) and i can't understand as to why i need a specific rules to Pass IPv6 traffic to specific address on other port such as 25/110/143 and others. Have i found an issue?
If i may suggest, to update http://doc.pfsense.org/index.php/Using_IPv6_on_2.0 with a new guide section for anyone who wants to host/run IPv6 servers etc:Apache/DNS/Mail behind pfsense .
Thank you guys - Keep up the good work ! two thumbs up for pfSense and looking forward to 2.1 release!
-
Correct, you make firewall rules on the ipv6 interface to allow traffic into your lan ipv6 address. It is routing as it should.
Default firewall rule is to block everything and allow what you need.