IPv6 traceroute not showing first hop (pfSense)
-
@johnpoz said in IPv6 traceroute not showing first hop (pfSense):
@jknott said in IPv6 traceroute not showing first hop (pfSense):
That MAC is for my desktop computer.
And how is that???
Where is pfsense mac in this trace... If pfsense is not a HOP, and doesn't lower the TTL then no it wouldn't respond with icmp..
You see from my above sniff... That mac is pfsense interface.. and my raspberry pi sending the trace.. How is the dest mac in your sniff your PC? When it should be the mac address of your pfsense interface that is the gateway for your client doing the trace.
On the desktop computer:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 74:d4:35:5b:f5:fa brd ff:ff:ff:ff:ff:ffAnd pfSense firewall:
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE>
ether 00:16:17:a7:f2:d3
hwaddr 00:16:17:a7:f2:d3Whether captured on pfSense or desktop computer, the packets between them should show the same MAC addresses. The WAN link will have the pfSense & ISP MACs. The capture I posted about 41 minutes ago was on the LAN side, caputerd in Wireshark on the desktop. The one 4 days ago was on the WAN link, captured with Packet Capture on pfSense. Regardless, whether I have packet captures or not, pfSense is not responding to the traceroute time outs, as I showed with the command line capture earlier. There is only one path from my local network to the Internet and that is via pfSense and cable modem.
-
Ok now that we have cleared that up... Are you doing any policy routing? Are you doing any port forwarding... Have you modified any tunables?
I can not duplicate this problem.. Pfsense should answer these out of the box. So have you tried icmp traceroute?
-
@johnpoz said in IPv6 traceroute not showing first hop (pfSense):
Ok now that we have cleared that up... Are you doing any policy routing? Are you doing any port forwarding... Have you modified any tunables?
No to all the above. Also, given that pfSense is the first hop, why should routing or port forwarding make a difference? An IPv6 packet with a hop limit of 1 should always trigger a TTL timeout without exception.
I can not duplicate this problem.. Pfsense should answer these out of the box. So have you tried icmp traceroute?
Yes and same thing.
-
I've just noticed something else. IPv6 pings to the WAN interface also fail. IPv4 pings do work.
-
On my system, for both ipv4 and ipv6, the first hop is my ISP. All hops give an address and most of the will resolve. The result is similar for both udp and icmp.
-
@bimmerdriver said in IPv6 traceroute not showing first hop (pfSense):
On my system, for both ipv4 and ipv6, the first hop is my ISP. All hops give an address and most of the will resolve. The result is similar for both udp and icmp.
When I do a traceroute, on IPv4, from a computer behind my pfSense firewall, pfSense is the first hop and the first one beyond doesn't show an address. At the moment, there's a problem with my ISP providing IPv6, so I'll have to wait for that to be fixed before seeing what happens with IPv6.
-
@jknott said in IPv6 traceroute not showing first hop (pfSense):
@bimmerdriver said in IPv6 traceroute not showing first hop (pfSense):
On my system, for both ipv4 and ipv6, the first hop is my ISP. All hops give an address and most of the will resolve. The result is similar for both udp and icmp.
When I do a traceroute, on IPv4, from a computer behind my pfSense firewall, pfSense is the first hop and the first one beyond doesn't show an address. At the moment, there's a problem with my ISP providing IPv6, so I'll have to wait for that to be fixed before seeing what happens with IPv6.
Very strange. I'm doing the same thing, but getting a different result.
-
So your getting the results I get, where it just works out of the box @bimmerdriver
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
@johnpoz said in IPv6 traceroute not showing first hop (pfSense):
So your getting the results I get, where it just works out of the box @bimmerdriver
It works fine for me on IPv4, but not IPv6. As I mentioned above, my WAN port is not responding to pings on IPv6, but does on IPv4.
-
@johnpoz said in IPv6 traceroute not showing first hop (pfSense):
So your getting the results I get, where it just works out of the box @bimmerdriver
FWIW, I have rule to pass ipv4 and ipv6 echoreq. Nothing else. I get 20/20 on ipv6-test.com (when it works) and 10/10 on test-ipv6.com.
