ICMP filtered
-
I enabled IPv6 on pfSense 2.4.3, everything was working fine. Test-ipv6.com gave 10/10. However it showed ICMP filtered on http://ipv6-test.com/.
So I went ahead and add a firewall rule to allow IPv4+IPv6 ICMP to pass through, but it still show ICMP filtered.
Any idea how to solve this problem?
-
@jycai it may be your client. Windows by default filters icmp in its firewall. Try an iPhone if you can it doesn’t filter.
-
@isaacfl I tried both Iphone and Samsung, it still showed ICMP filtered on http://ipv6-test.com with the score of 18/20. So it must be the setting in pfsense.
-
@jycai if you see it filtered on the iPhone then you have your firewall rules not quite right on pfsense. It doesn’t allow anything through by default.
-
This is how I Setup IPv6 on Charter Cable with pfSense 2.4.3, can anyone tell me what is missing so I can fix this ICMP filtered issu?
- Setup System/Advanced/Networking
IPv6 Options: Allow IPv6
2.Setup WAN
For the WAN interface, set the following:
IPv4 Configuration Type: DHCP
IPv6 Configuration Type: DHCP6
DHCP6 Client Configuration
DHCPv6 Prefix Delegation size: 64
- Setup LAN
On the LAN settings page, use the following settings:
IPv6 Configuration Type: Track Interface
Track IPv6 Interface: WAN
IPv6 Prefix ID: 0
-
Add ICMP rule in firewall
-
Reboot!
Reboot pfsense.
- Setup System/Advanced/Networking
-
If you want to allow icmp inbound to your clients then you have to allow that - your rule is just allowing icmp to wan IP, not clients using ipv6 behind the firewall.
-
@johnpoz said in ICMP filtered:
If you want to allow icmp inbound to your clients then you have to allow that - your rule is just allowing icmp to wan IP, not clients using ipv6 behind the firewall.
Could you please tell me how to do that? Thanks.
-
Just like any other rule you would do.. Here is example of me allowing traffic ipv6 into my ntp server on ipv6, and also allowing traceroute into it.
For you using track on your lan, you could just use the ipv6 and lan net as destination
-
@jycai Here is my WAN rule for ICMP