IPv6 Not able to ping WAN to LAN
-
WAN IP: 2001:df7:7640:a000::6/64
LAN IP: 2001:df7:7640:bc4a::1/64
Client IP: 2001:df7:7640:bc4a:a2ef:a000:ba00::1/64Firewall rule in LAN port
Allow all ipv6
any source
any destinationBut I am not able to reach internet on ipv6.
I am able to ping WAN port though of pfsense though -
And what are the rules on your wan.. Do allow ipv6 through to this clients IP
Out of the box pfsense is not going to allow anything into wan… So no you would not be able to ping through to ipv6 unless you allow it.
-
WAN Also IPv6 any is allowed
I am not able to send any packet from LAN to WAN
Nor WAN to LAN on IPv6 -
Can your client ping your lan ipv6 IP? Your going to need to post up your rules for your lan and your wan if you want someone to help you point out what your doing wrong.
Out of the box lan allows any any ipv6 on lan… So if your client is getting a vlan ipv6 on your lan segment it should be able to ping your lan ipv6 and your wan ipv6.
From the outside.. Nobody would be able to ping your wan ipv6 or your clients behind it on your lan unless you allow for it.
-
What does netstat -r show for the default route on IPv6? It should be a link local address, as that's what IPv6 normally uses for routing.
-
I am able to ping following from my machine
- LAN gateway ie LAN port of Pfsense
- WAN Port of pfsense from LAN
- WAN port of pfsense from Internet
I am not able to ping
- anything other than WAN port such as 2001:4860:4860::8888 ( Google DNS is not ping)
- I am not able to ping my LAN port from Internet
even though policy is IPv6 any to any
-
ubuntu@ipv6testBed:~$ ip -6 route show
2001:df7:7640:bc4a::/64 dev ens18 proto ra metric 100 pref medium
fe80::/64 dev ens18 proto kernel metric 256 pref medium
default via fe80::21a:64ff:fe78:e820 dev ens18 proto static metric 100 pref medium -
What policy?? Post up your rules.. Both lan and wan
-
- Yes my Client is able to ping both LAN port of pfsense and WAN port of pfsense but nothing beyond it
- If i login to pfsense, I am able to ping anything on Ipv6 from pfsense shell
Can your client ping your lan ipv6 IP? Your going to need to post up your rules for your lan and your wan if you want someone to help you point out what your doing wrong.
Out of the box lan allows any any ipv6 on lan… So if your client is getting a vlan ipv6 on your lan segment it should be able to ping your lan ipv6 and your wan ipv6.
From the outside.. Nobody would be able to ping your wan ipv6 or your clients behind it on your lan unless you allow for it.
-
What policy?? Post up your rules.. Both lan and wan
![Screen Shot 2018-05-04 at 8.19.25 PM.png](/public/imported_attachments/1/Screen Shot 2018-05-04 at 8.19.25 PM.png)
![Screen Shot 2018-05-04 at 8.19.25 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-05-04 at 8.19.25 PM.png_thumb)
![Screen Shot 2018-05-04 at 8.18.55 PM.png](/public/imported_attachments/1/Screen Shot 2018-05-04 at 8.18.55 PM.png)
![Screen Shot 2018-05-04 at 8.18.55 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-05-04 at 8.18.55 PM.png_thumb) -
where did you come up with those addresses. I don't show any AS number for your wan IP
No AS number was found for 2001:df7:7640:a000::6
No AS number was found for 2001:df7:7640:bc4a::1You can not just make numbers up? And use them…
-
Don't worry I have changed my IP while posting query for security reasons, my actual ip is routable and has a very clear route-object
where did you come up with those addresses. I don't show any AS number for your wan IP
No AS number was found for 2001:df7:7640:a000::6
No AS number was found for 2001:df7:7640:bc4a::1You can not just make numbers up? And use them…
-
Well impossible to help you without being able to see if traffic gets to your wan or not, etc. In a traceroute.
PM me your actual IPs
-
It is reaching upto my WAN port of Pfsense
I am not authorized to share IP details