4. IPv6 incoming not working.

IPv6 incoming not working.

  • J

    Hi

    New to IPv6. I have Telus internet. Recently got IPv6 working with my new pfSense box. I can use the IPv6 internet normally, browse to sites, ping things, but anything incoming seems to be blocked and I would like to allow ICMP incoming, as well as other hosted services.

    I am testing from a remote DigitalOcean box with IPv6 and Nmap for port scanning. Just using netcat to listen to ports, etc.

    Running pfSense 2.4.0.b.20161118.1539.

    Here is test-ipv6.com results.

    https://i.imgur.com/icX93Ac.png

    Here are my firewall rules for WAN and LAN

    https://imgur.com/a/Q3js8

    As I test I used```
    nc -6 -l 8088

    
Here's an example

    [root@router ~]# tcpdump -i em4 port 8088
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on em4, link-type EN10MB (Ethernet), capture size 262144 bytes
    14:20:17.354647 IP6 [REDACTED TESTING BOX].49448 > [REDACTED OS X MACHINE].8088: Flags [s], seq 3266173327, win 1024, options [mss 1460], length 0
    14:20:18.355437 IP6 [REDACTED TESTING BOX].49449 > [REDACTED OS X MACHINE].8088: Flags [s], seq 3266107790, win 1024, options [mss 1460], length 0
    14:20:35.622367 IP6 [REDACTED TESTING BOX].39544 > [REDACTED OS X MACHINE].8088: Flags [s], seq 2563870279, win 1024, options [mss 1460], length 0
    14:20:36.622538 IP6 [REDACTED TESTING BOX].39545 > [REDACTED OS X MACHINE].8088: Flags [s], seq 2563804742, win 1024, options [mss 1460], length 0
    14:20:41.631231 IP6 [REDACTED TESTING BOX].51385 > [REDACTED OS X MACHINE].8088: Flags [s], seq 2305422004, win 1024, options [mss 1460], length 0
    14:20:42.631624 IP6 [REDACTED TESTING BOX].51386 > [REDACTED OS X MACHINE].8088: Flags [s], seq 2305356469, win 1024, options [mss 1460], length 0

    (Sorry for the somewhat abrupt and ad-hoc writeup of this, have a headache)

    Thanks[/s][/s][/s][/s][/s][/s]

    0
  • H

    Hosting services to the internet works just as IPv4 but no NATting to a private space.
    You specify a LAN host with an IPv6 IP and open the WAN port for that destination.

    0
  • J

    @hda:

    Hosting services to the internet works just as IPv4 but no NATting to a private space.
    You specify a LAN host with an IPv6 IP and open the WAN port for that destination.

    I know, but first I'm trying to get ICMPv6 pings working, as a sanity test.

    0
  • D
    Banned

    Uh huh, so you allow ICMPv6 only and are wondering why you cannot reach some port 8088 inside?

    0
  • H

    Put a rule in Floating anywhere anywhere (input/output) for ICMPv6

    0
  • D
    Banned

    Floating or not won't matter, a rule for ICMPv6 won't ever match his internal machine listening on port 8088.

    @jtl:

    As I test I used```
    nc -6 -l 8088

    0
  • J

    @hda:

    Put a rule in Floating anywhere anywhere (input/output) for ICMPv6

    Worked

    0
  • J

    @doktornotor:

    Floating or not won't matter, a rule for ICMPv6 won't ever match his internal machine listening on port 8088.

    @jtl:

    As I test I used```
    nc -6 -l 8088

    I created another rule for port 8088 and that works. Here's a bit of a cluttered screenshot showing it. Left window is remote server, and right is netcat.

    https://i.imgur.com/xGUavMh.png

    Need to read up more on IPv6 sometime.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy