IPv6 incoming not working.
-
Hi
New to IPv6. I have Telus internet. Recently got IPv6 working with my new pfSense box. I can use the IPv6 internet normally, browse to sites, ping things, but anything incoming seems to be blocked and I would like to allow ICMP incoming, as well as other hosted services.
I am testing from a remote DigitalOcean box with IPv6 and Nmap for port scanning. Just using netcat to listen to ports, etc.
Running pfSense 2.4.0.b.20161118.1539.
Here is test-ipv6.com results.
https://i.imgur.com/icX93Ac.png
Here are my firewall rules for WAN and LAN
https://imgur.com/a/Q3js8
As I test I used```
nc -6 -l 8088Here's an example[root@router ~]# tcpdump -i em4 port 8088
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em4, link-type EN10MB (Ethernet), capture size 262144 bytes
14:20:17.354647 IP6 [REDACTED TESTING BOX].49448 > [REDACTED OS X MACHINE].8088: Flags [s], seq 3266173327, win 1024, options [mss 1460], length 0
14:20:18.355437 IP6 [REDACTED TESTING BOX].49449 > [REDACTED OS X MACHINE].8088: Flags [s], seq 3266107790, win 1024, options [mss 1460], length 0
14:20:35.622367 IP6 [REDACTED TESTING BOX].39544 > [REDACTED OS X MACHINE].8088: Flags [s], seq 2563870279, win 1024, options [mss 1460], length 0
14:20:36.622538 IP6 [REDACTED TESTING BOX].39545 > [REDACTED OS X MACHINE].8088: Flags [s], seq 2563804742, win 1024, options [mss 1460], length 0
14:20:41.631231 IP6 [REDACTED TESTING BOX].51385 > [REDACTED OS X MACHINE].8088: Flags [s], seq 2305422004, win 1024, options [mss 1460], length 0
14:20:42.631624 IP6 [REDACTED TESTING BOX].51386 > [REDACTED OS X MACHINE].8088: Flags [s], seq 2305356469, win 1024, options [mss 1460], length 0(Sorry for the somewhat abrupt and ad-hoc writeup of this, have a headache)
Thanks[/s][/s][/s][/s][/s][/s]
-
Hosting services to the internet works just as IPv4 but no NATting to a private space.
You specify a LAN host with an IPv6 IP and open the WAN port for that destination. -
@hda:
Hosting services to the internet works just as IPv4 but no NATting to a private space.
You specify a LAN host with an IPv6 IP and open the WAN port for that destination.I know, but first I'm trying to get ICMPv6 pings working, as a sanity test.
-
Uh huh, so you allow ICMPv6 only and are wondering why you cannot reach some port 8088 inside?
-
Put a rule in Floating anywhere anywhere (input/output) for ICMPv6
-
Floating or not won't matter, a rule for ICMPv6 won't ever match his internal machine listening on port 8088.
@jtl:
As I test I used```
nc -6 -l 8088 -
-
Floating or not won't matter, a rule for ICMPv6 won't ever match his internal machine listening on port 8088.
@jtl:
As I test I used```
nc -6 -l 8088I created another rule for port 8088 and that works. Here's a bit of a cluttered screenshot showing it. Left window is remote server, and right is netcat.
https://i.imgur.com/xGUavMh.png
Need to read up more on IPv6 sometime.