Problems with IPv6 traffic in transparent filtering bridge setup
-
We set up pfsense 2.4.0-beta a while back with three interfaces (WAN_EXTERNAL, WAN_INTERNAL & LAN).
NAT is enabled for the LAN interface which is connected to our private network switch. WAN_INTERNAL and WAN_EXTERNAL
are bridged and connected to other switches. Let's call them filtered external and external, respectively.The LAN interface (ixl1) is configured with a static IPv4 address (no IPv6), WAN_EXTERNAL (ixl0) configured via DHCP & SLAAC, WAN_INTERNAL (ixl2) no IPv4 & IPv6 address.
This used to work fine up until a week ago when we updated to the latest available beta version and replaced the network card. Since
then the computers on the filtered external network cannot establish IPv6 connections anymore. NAT for the internal network and IPv4
traffic work fine.I set a filter rule to allow and log IPv6 traffic on WAN_INTERNAL and WAN_EXTERNAL and I can see the outgoing packets in the log.
But I don't see any return packets coming back through WAN_EXTERNAL. Any ideas what could go wrong here or what I could check
to figure it out?PS: The firewall itself can reach machines on both sides (e.g. ping6, nmap -6)
-
Did you manage to solve this?
Turns out 2.4 does not support traffic shaper in bridge mode.
Did you use traffic shaper? -
Take a look at your dhcpc6 log file. When I used a bridge interface with ipv6 there were issues that caused my local clients to lose access on ipv6 and my log file showed the client failing to recognize the bridge interface
I would recommend not using a bridge. These are old bugs that aren't getting worked on.