pfSense as subrouter, track interface and routing problems
-
@JKnott Makes sense, thank you!
-
@JKnott well, it comes from pfSense WAN somehow
2023-12-02 23:35:52.560376 xx:xx:xx:xx:xx:5d (oui Unknown) > 33:33:00:00:00:01 (oui Unknown), ethertype IPv6 (0x86dd), length 198: fe80::xxxx:xxff:fexx:xx5d > ip6-allnodes: ICMP6, router advertisement, length 1445d is the MAC address/link local address of the WAN interface
-
That's not right. It can only be the LAN interface.
-
@JKnott Since I can't add a deny rule for router advertisement on WAN (I guess hidden rules come before to allow it), I added an ip6tables rule to
deny icmpv6 type 134 (RA) from fe80::xxxx:xxff:fexx:xx5dto all clients in the WAN of pfsense, and I don't get the route anymore. -
Well, I don't know what to say. It's a really strange system you have there. The MAC address comes from the NIC, not pfSense. So, if you're seeing the MAC, that is the 48 bit hardware address, on the LAN side, there must be some other path involved. This is why I asked you to provide the Packet Capture file, so that I can examine it in Wireshark.
