Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 incoming not working.

    Scheduled Pinned Locked Moved IPv6
    8 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jtl
      last edited by

      Hi

      New to IPv6. I have Telus internet. Recently got IPv6 working with my new pfSense box. I can use the IPv6 internet normally, browse to sites, ping things, but anything incoming seems to be blocked and I would like to allow ICMP incoming, as well as other hosted services.

      I am testing from a remote DigitalOcean box with IPv6 and Nmap for port scanning. Just using netcat to listen to ports, etc.

      Running pfSense 2.4.0.b.20161118.1539.

      Here is test-ipv6.com results.

      https://i.imgur.com/icX93Ac.png

      Here are my firewall rules for WAN and LAN

      https://imgur.com/a/Q3js8

      As I test I used```
      nc -6 -l 8088

      
Here's an example

      [root@router ~]# tcpdump -i em4 port 8088
      tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
      listening on em4, link-type EN10MB (Ethernet), capture size 262144 bytes
      14:20:17.354647 IP6 [REDACTED TESTING BOX].49448 > [REDACTED OS X MACHINE].8088: Flags [s], seq 3266173327, win 1024, options [mss 1460], length 0
      14:20:18.355437 IP6 [REDACTED TESTING BOX].49449 > [REDACTED OS X MACHINE].8088: Flags [s], seq 3266107790, win 1024, options [mss 1460], length 0
      14:20:35.622367 IP6 [REDACTED TESTING BOX].39544 > [REDACTED OS X MACHINE].8088: Flags [s], seq 2563870279, win 1024, options [mss 1460], length 0
      14:20:36.622538 IP6 [REDACTED TESTING BOX].39545 > [REDACTED OS X MACHINE].8088: Flags [s], seq 2563804742, win 1024, options [mss 1460], length 0
      14:20:41.631231 IP6 [REDACTED TESTING BOX].51385 > [REDACTED OS X MACHINE].8088: Flags [s], seq 2305422004, win 1024, options [mss 1460], length 0
      14:20:42.631624 IP6 [REDACTED TESTING BOX].51386 > [REDACTED OS X MACHINE].8088: Flags [s], seq 2305356469, win 1024, options [mss 1460], length 0

      (Sorry for the somewhat abrupt and ad-hoc writeup of this, have a headache)

      Thanks[/s][/s][/s][/s][/s][/s]

      pfSense 2.4.2 - virtualized with PCIe passthrough on whitebox - 150/150 FTTP

      1 Reply Last reply Reply Quote 0
      • H
        hda
        last edited by

        Hosting services to the internet works just as IPv4 but no NATting to a private space.
        You specify a LAN host with an IPv6 IP and open the WAN port for that destination.

        1 Reply Last reply Reply Quote 0
        • J
          jtl
          last edited by

          @hda:

          Hosting services to the internet works just as IPv4 but no NATting to a private space.
          You specify a LAN host with an IPv6 IP and open the WAN port for that destination.

          I know, but first I'm trying to get ICMPv6 pings working, as a sanity test.

          pfSense 2.4.2 - virtualized with PCIe passthrough on whitebox - 150/150 FTTP

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            Uh huh, so you allow ICMPv6 only and are wondering why you cannot reach some port 8088 inside?

            1 Reply Last reply Reply Quote 0
            • H
              hda
              last edited by

              Put a rule in Floating anywhere anywhere (input/output) for ICMPv6

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                Floating or not won't matter, a rule for ICMPv6 won't ever match his internal machine listening on port 8088.

                @jtl:

                As I test I used```
                nc -6 -l 8088

                1 Reply Last reply Reply Quote 0
                • J
                  jtl
                  last edited by

                  @hda:

                  Put a rule in Floating anywhere anywhere (input/output) for ICMPv6

                  Worked

                  pfSense 2.4.2 - virtualized with PCIe passthrough on whitebox - 150/150 FTTP

                  1 Reply Last reply Reply Quote 0
                  • J
                    jtl
                    last edited by

                    @doktornotor:

                    Floating or not won't matter, a rule for ICMPv6 won't ever match his internal machine listening on port 8088.

                    @jtl:

                    As I test I used```
                    nc -6 -l 8088

                    I created another rule for port 8088 and that works. Here's a bit of a cluttered screenshot showing it. Left window is remote server, and right is netcat.

                    https://i.imgur.com/xGUavMh.png

                    Need to read up more on IPv6 sometime.

                    pfSense 2.4.2 - virtualized with PCIe passthrough on whitebox - 150/150 FTTP

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.