Allow IPv6 traffic through firewall



  • Hi all,

    I managed to successfully set up an IPv6 tunnel through pfSense towards tunnelbroker.net. I also managed to configure rtadvd to advertise itself as the default route and make it point to my Windows 2008 R2 DHCPv6 server to give out an IPv6 lease and provide DNS information. This works fine. From a client I can ping to i.e. ipv6.google.com. Traceroutes work fine as well and perfectly show the route.

    BUT.. any other traffic than IMCP traffic will fail on the pfSense firewall. The firewall log shows:

    GIF0 <internally used="" ipv6="">.55570 <external ipv6="" host="">.80 (?)

    GIF0 is my IPv6 tunnel interface. As the protocol it shows the question mark in brackets, so I'm guessing pfSense is not capable of looking into the IPv6 packets and define the type of traffic. I've tried all kinds of manual entries in the firewall rules to make it allow outgoing traffic, but none of them seem to work. But why DOES imcp work?

    Who can help me with the right firewall PASS rule to get this to work? I'm so close to finally having it work!</external></internally>



  • I've figured it out already! The correct firewall rule was:

    pass quick proto tcp from any to any

    I guess this can be made more secure by narrowing it down, but for now I'm happy with a working IPv6 link! :D


Log in to reply