[SOLVED] IPv6 Address not working in Alias

NogBadTheBad

Are there any rules above the NFS Server separator?

Also any reason why you have tcp and udp rules, rather than tcp/udp?

Have you killed the states?

Crunk_Bass

Thanks for your quick reply.
2003*::22 is not listed under Diagnostics / Tables
The addresses of the hosts I added with FQDN are inside the HOST_NFSClient table.
Both addresses (IPv4 and IPv6) are listed if they are dual stack.

When I copy the firewall entry and replace HOST_NFSClient with the IPv6 address I added to the alias the connection is working.
In my opinion there must be something wrong with the alias.

@NogBadTheBad said in IPv6 Address not working in Alias:

Are there any rules above the NFS Server separator?

Yes, but the behaiviour doesn't change when I move the rules to the top.

@NogBadTheBad said in IPv6 Address not working in Alias:

Also any reason why you have tcp and udp rules, rather than tcp/udp?

I could not find a definitive answer which protocol is used and I wanted to see if it is true you need both and if so which one gets more traffic.

@NogBadTheBad said in IPv6 Address not working in Alias:

Have you killed the states?

Yes

NogBadTheBad

This post is deleted!

Crunk_Bass

I do not have issues with the hosts.
The IPv6 address I added does not work.
Host resolution is fine.

NogBadTheBad

@Crunk_Bass

Yup just reread your post then deleted my comment

Crunk_Bass

I just hit the Empty Table button on the Diagnostics / Tables page.
Now there are no entrys in HOST_NFSClient and it seems they do not get added back again.

I tried restarting the DNS resolver, saved the alias again and hit apply changes.

Status / System Logs / System / DNS Resolver lists

Nov 18 17:02:30	filterdns		Adding Action: pf table: HOST_NFSClient host: hostname1.example.com
Nov 18 17:02:30	filterdns		Adding Action: pf table: HOST_NFSClient host: hostname2.example.com
Nov 18 17:02:30	filterdns		Adding Action: pf table: HOST_NFSClient host: hostname3.example.com
Nov 18 17:02:30	filterdns		Adding Action: pf table: HOST_NFSClient host: hostname4.example.com
Nov 18 17:02:30	filterdns		Adding Action: pf table: HOST_NFSClient host: 2003:a:*::22

but the list stays empty.

JeGr

URL Aliases are only refreshed after the time period defined in advanced settings. Default: 300s so you have to wait for at least 5min for them to repopulate or make a change, save the alias again and apply changes to force-reload the rules.

Konstanti

@Crunk_Bass
Hello
try from the console to execute such command
pfctl -t HOST_NFSClient -T add your_ipv6_address

Are there any errors ?
if there are no errors, what shows
pfctl -t HOST_NFSClient -Ts

Crunk_Bass

@Konstanti adding the IP address from the command line works as expected.
After executing the command the IP address is shown under Diagnostics / Tables.
The other addresses that were present before I emptied the table are still missing.

Your second command lists the IP I added (same output as Diagnostics / Tables)

@JeGr Thanks for pointing that out. I knew I saw a setting somewhere regarding the time period the addresses are updated but didn't find it. The value is on default (300s) but until now nothing got added to the list.

Shoud I try restarting the firewall or do want to find out where the issue exactly is?
No problem if it takes a few days. As a workaround I added the rules manually for the IP addresses I need.

Crunk_Bass

Thank you all very much for your help.

I rebooted the firewall and until now (uptime 20h) the aliases are working as expected.