Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 works on LAN but not WAN/Firewall

    Scheduled Pinned Locked Moved IPv6
    1 Posts 1 Posters 241 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cybercare
      last edited by cybercare

      Hi all,

      Got an odd one (or just me being dumb). I've searched online but not really found anything to help and the fact the LAN works I don't want to risk breaking lol.

      Provider is AT&T Fiber:
      No gateway in-between, straight into ONT. 0 issues on v4, v6 0 issues on LAN. Just the firewall has issues with IT talking directly to v6

      Issues I can duplicate:
      Package list never load unless I disable IPv6 in advanced tab
      Using IPv6 only DNS fails
      Pinging from WAN to IPv6 fails.
      Updates can't be installed unless v6 is disabled
      Pinging from SSH to v6 fails.
      SSH just shows: PING6(56=40+8+8 bytes) 2001:506:XXXXX --> 2607:f8b0:XXXXX

      What is odd is if I ping selecting LAN as the source on the firewall ping works.
      So I suspect it's some sort of WAN or routing issue since overall v6 works for everything else. I'm not sure if I've got something set wrong or what??

      No other packages installed, no firewall rules blocking etc.

      What am I missing? lol The fact everything else works boggles my mind.

      WAN setup for v6 portions:

      DHCP6
      DHCPv6 Prefix Delegation size 60
      Send IPv6 prefix hint
      Do not wait for a RA

      Reserved networks blocked

      Nothing else is set

      For LAN:
      Set to track wan and IPv6 Prefix ID 1

      DHCPv6 Server & RA
      Range: ::1000 - ::2000
      Prefix Delegation Size: 64

      I've got tons of network experience but not tons as it relates to v6 since I've always been able to get it to work with other providers.

      Anything look/sound wrong?

      The WAN interface has:
      IPv6 Link Local
      fe80::8a96:XXXXXXXXXX
      IPv6 Address
      2001:506:XXXXXXXXXXX1
      Subnet mask IPv6
      128
      Gateway IPv6
      fe80::12e8:XXXXXXXXX

      LAN:
      IPv6 Link Local
      fe80::1:1%igb0
      IPv6 Address
      2600:1700:XXXXXXXXX
      Subnet mask IPv6
      64

      Thanks in advance!

      So I found this, not sure if related... Am I understanding correct that in this true native bypass mode I am in that the IP assigned to WAN is non-routable and that's the issue? (had I saw this post I'd have replied to it instead of new, sorry!)
      https://forum.netgate.com/topic/132024/working-around-at-t-s-terrible-native-ipv6-implementation

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.