Second Lan network same interface
-
"I had to set the VIP prefix to /64"
what else would you have set it too?
-
The default is /128, so if you forget to change it…
Now I can add gazillions of security cameras to that network! ;)
-
I just tried pinging ipv6.google.com from a computer with a ULA and I see the requests heading out of the WAN port. I guess I should create a rule to block ULA addresses.
-
Yup. Just like RFC1918.
-
I just created a floating rule to block fc::/7 in both directions, but the pings are still leaving the firewall.
-
Did you kill the existing states?
Or at least stop and restart the ping?
-
You should also check quick there.
-
I did try it and it didn't make any difference. I'm using Wireshark, to monitor the cable from the firewall to cable modem. I just set it again and it's still not blocking.
-
Well, that virtual IP killed my network again. I had to remove it for things to work properly.
-
IDK again, man. Works here…
Packet capture on WAN for fc00::/7 shows nothing as well.
![Screen Shot 2017-09-08 at 3.21.53 PM.png](/public/imported_attachments/1/Screen Shot 2017-09-08 at 3.21.53 PM.png)
![Screen Shot 2017-09-08 at 3.21.53 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-09-08 at 3.21.53 PM.png_thumb) -
I have absolutely no idea what's causing these problems. I'm running the latest version on a refurb computer.
-
Everything I am doing is 2.4-RC on a XenServer VM. I have no reason to believe 2.3.4_1 on a physical would be any different.