WAN rule for my ipv6 webserver is not working as expected.
-
I have my pfSense router connected to a dual stack bridged cable modem connection.
Dual stack works 100% for my LAN and WLAN networks.
Now I was working on making my DMZ network working with ipv6.The problem i am facing is:
I configured my Apache2 webserver to run on both ipv6 and ipv4.
Locally this is working now.Since I read IPv6 doesn't work / need NAT anymore my thought was and I read online I just have to create a WAN rule to let IPv6 in with destination of the ipv6 address of my webserver and the ports 80 & 443 of course.
I created that rule but wen I test it with https://internet.nl & https://ready.chair6.net/ it fails.In the firewall log I see "Default deny rule IPv6 (1000000105)".
What am i doing wrong?For now i disabled the ipv6 http(s) rule till i have found the problem with it.
-
@gerard64
Show the IPv6-address that you have on your server3v6, at least the beginning.
Your assumption is correct, you don't need anything more than this rule, if everything else is working correct. -
@gerard64 a few things. You sure your alias has the IPv6 address your server is using? Also how exactly are you testing, are you using a fqdn that points to the IPv6 of the server? Or the IP itself?
In the firewall log I see "Default deny rule IPv6 (1000000105)".
This would mean that the rule you had placed to allow the traffic never triggered.. Wrong destination IP, or the traffic was not actually hitting the IP(s) you allowed the traffic to be going to.
-
@bob-dig said in WAN rule for my ipv6 webserver is not working as expected.:
@gerard64
Show the IPv6-address that you have on your server3v6, at least the beginning.
Your assumption is correct, you don't need anything more than this rule, if everything else is working correct.
@johnpoz said in WAN rule for my ipv6 webserver is not working as expected.:
@gerard64 a few things. You sure your alias has the IPv6 address your server is using? Also how exactly are you testing, are you using a fqdn that points to the IPv6 of the server? Or the IP itself?
In the firewall log I see "Default deny rule IPv6 (1000000105)".
This would mean that the rule you had placed to allow the traffic never triggered.. Wrong destination IP, or the traffic was not actually hitting the IP(s) you allowed the traffic to be going to.
I checked it several times because i don't want to make a fool of myself on this forum. I also tried without the :: so included all the ...0000:0000:0000.... that didn't change anything either.
At the DNS server of my domain registrar I pointed the domain and subdomains to the wan ipv6 address of the router.
I tested with the fqdn https://www.mydomain.tld
If the traffic didn't hit the wan ip it wouldn't give a log entry, i assume.
I checked everything many times over and over knowing i am overlooking something simple but i can't see it can
t find it
-
@gerard64 said in WAN rule for my ipv6 webserver is not working as expected.:
At the DNS server of my domain registrar I pointed the domain and subdomains to the wan ipv6 address of the router.
This is not correct, it has to point directly to the server.
-
@bob-dig
Oke wow I tested it and sure enough traffic is coming in now.I have to get used to this.
Doesn't feel good without NAT and directly to the webserver ipv6 address
The test at internet.nl says: there are different websites on ipv4 and ipv6. So i have to check that at a friends house what the difference is.
This is definitely a step forward, thank you!
-
@bob-dig you beat me too it ;) good catch..
-
@johnpoz said in WAN rule for my ipv6 webserver is not working as expected.:
@bob-dig you beat me too it ;) good catch..
DNS was your guess first. Can't have it.
@johnpoz said in WAN rule for my ipv6 webserver is not working as expected.:
how exactly are you testing, are you using a fqdn that points to the IPv6 of the server?
This would mean that the rule you had placed to allow the traffic never triggered.. Wrong destination IP
