Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow IPv6 traffic through firewall

    Scheduled Pinned Locked Moved
    Firewalling
    1
    2
    3.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MrKoen
      last edited by

      Hi all,

      I managed to successfully set up an IPv6 tunnel through pfSense towards tunnelbroker.net. I also managed to configure rtadvd to advertise itself as the default route and make it point to my Windows 2008 R2 DHCPv6 server to give out an IPv6 lease and provide DNS information. This works fine. From a client I can ping to i.e. ipv6.google.com. Traceroutes work fine as well and perfectly show the route.

      BUT.. any other traffic than IMCP traffic will fail on the pfSense firewall. The firewall log shows:

      GIF0 <internally used="" ipv6="">.55570 <external ipv6="" host="">.80 (?)

      GIF0 is my IPv6 tunnel interface. As the protocol it shows the question mark in brackets, so I'm guessing pfSense is not capable of looking into the IPv6 packets and define the type of traffic. I've tried all kinds of manual entries in the firewall rules to make it allow outgoing traffic, but none of them seem to work. But why DOES imcp work?

      Who can help me with the right firewall PASS rule to get this to work? I'm so close to finally having it work!</external></internally>

      1 Reply Last reply Reply Quote 0
      • M
        MrKoen
        last edited by

        I've figured it out already! The correct firewall rule was:

        pass quick proto tcp from any to any

        I guess this can be made more secure by narrowing it down, but for now I'm happy with a working IPv6 link! :D

        1 Reply Last reply Reply Quote 0
        • First post
          Last post