Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    allow external traffic over ipv6

    Scheduled Pinned Locked Moved Firewalling
    12 Posts 3 Posters 850 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jon9314
      last edited by

      hi,
      I am having trouble accessing my web server from outside my LAN. I had it set up and everything was working great but I had a power failure and my pfsence install was corrupted(had to reinstall)
      now I can't find out how to allow incoming ipv6 communication through.
      any and all help would be greatly appreciated.
      i should have kept a recent backup of my config(I'm kicking myself now)

      1 Reply Last reply Reply Quote 0
      • chpalmerC Offline
        chpalmer
        last edited by

        What does your WAN rule set look like? Screenshots?

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • J Offline
          jon9314
          last edited by

          F479AD02-9FA3-4BE9-B2DF-6A88D7A6462A.png

          1 Reply Last reply Reply Quote 0
          • J Offline
            jon9314
            last edited by

            that last entry was what i thought i had before but it hasn’t helped.

            chpalmerC 1 Reply Last reply Reply Quote 0
            • chpalmerC Offline
              chpalmer @jon9314
              last edited by

              @jon9314

              Duplicate your IPv4 rule.

              Except make it IPv6 and make the source address the address of the machine your trying to reach. Source should probably be any unless your trying to block everything else but what is in your actual WAN net.

              I assume you have a public IP address on your WAN?

              Triggering snowflakes one by one..
              Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

              1 Reply Last reply Reply Quote 0
              • DerelictD Offline
                Derelict LAYER 8 Netgate
                last edited by Derelict

                Source WAN Net is not the internet.

                Source any is the internet.

                But you almost certainly do not want to allow source any to access all of destination LAN net.

                You most likely want source any source port any destination IP Address of Web Server destination port Web Port(s)

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • J Offline
                  jon9314
                  last edited by

                  Thanks for all the replies! As soon as I get home I'll make the suggested changes

                  1 Reply Last reply Reply Quote 0
                  • J Offline
                    jon9314
                    last edited by

                    unfortunately i still cannot access my server from outside my network on ipv6. i’m sure i’m overlooking something obvious.

                    1 Reply Last reply Reply Quote 0
                    • DerelictD Offline
                      Derelict LAYER 8 Netgate
                      last edited by

                      Well, saying "it doesn't work" doesn't help us help you at all.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • J Offline
                        jon9314
                        last edited by

                        yes, i do understand that☺️. i was looking through the system lags after i posted and there are a lot of things blocked and the rule that triggered them is a “default deny rule ipv6”. the thing is i can’t find that rule anywhere to disable it.

                        1 Reply Last reply Reply Quote 0
                        • DerelictD Offline
                          Derelict LAYER 8 Netgate
                          last edited by

                          You don't disable it.

                          You look at the blocks and see if it is traffic you want passed and pass it instead.

                          Chattanooga, Tennessee, USA
                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • J Offline
                            jon9314
                            last edited by

                            thanks again for your patience with me... just an update. yesterday after trying everything that had ben suggested i decided that maybe if i rebooted the firewall it would start working properly. unfortunately when i clicked on reboot it never came back up. i had to once again reinstall it. but on the bright side i entered the rule as i was told to and all is working again

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.