• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] IPv6 Tunnel up, Not passing traffic to LAN

Scheduled Pinned Locked Moved IPv6
6 Posts 5 Posters 3.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • I
    IOWNSU
    last edited by Mar 7, 2012, 3:24 AM Mar 6, 2012, 9:55 PM

    Hi All,

    Have got my tunnel up and working, and can ping IPv6 stuff from the firewall

    
PING6(56=40+8+8 bytes) 2001:470:*******::2 --> 2001:4810::110
16 bytes from 2001:4810::110, icmp_seq=0 hlim=55 time=215.180 ms
16 bytes from 2001:4810::110, icmp_seq=1 hlim=55 time=212.745 ms
16 bytes from 2001:4810::110, icmp_seq=2 hlim=55 time=214.642 ms
16 bytes from 2001:4810::110, icmp_seq=3 hlim=55 time=214.564 ms
16 bytes from 2001:4810::110, icmp_seq=4 hlim=55 time=213.170 ms
^C
--- ip6.me ping6 statistics ---
6 packets transmitted, 5 packets received, 16.7% packet loss
round-trip min/avg/max/std-dev = 212.745/214.060/215.180/0.935 ms

    I can also ping hosts within my routed /64

    
PING6(56=40+8+8 bytes) 2001:470:****::1 --> 2001:470:****::fe
16 bytes from 2001:470:****::fe, icmp_seq=0 hlim=64 time=1.474 ms
16 bytes from 2001:470:****::fe, icmp_seq=1 hlim=64 time=0.843 ms
16 bytes from 2001:470:****::fe, icmp_seq=2 hlim=64 time=1.031 ms
16 bytes from 2001:470:****::fe, icmp_seq=3 hlim=64 time=0.927 ms
^C
--- 2001:470:****::fe ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.843/1.069/1.474/0.243 ms

    The firewall can be pinged on its /64 routed address from the internet (And other open ports accessable):

    
PING 2001:470:****::1: 56 data bytes
64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=0\. time=323\. ms
64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=1\. time=317\. ms
64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=2\. time=317\. ms
64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=3\. time=318\. ms
64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=4\. time=317\. ms

----2001:470:****::1 PING Statistics----
5 packets transmitted, 5 packets received, 0% packet loss
round-trip (ms)  min/avg/max/stddev = 317./319./323./2.7


    
Checked port 5555 on Host/IP 2001:470:****::1...

 The checked port (5555) is online/reachable!

Completed portscan in 0.2807 seconds

    My issue is that 2001:470:::fe cannot be accessed from the internet, and 2001:470::fe cannot access the internet

    
PING 2001:470:****::fe: 56 data bytes

----2001:470:****::fe PING Statistics----
5 packets transmitted, 0 packets received, 100% packet loss


    Checked port 80 on Host/IP 2001:470:****::fe...

 The checked port (80) is offline/unreachable

Reason: Connection timed out (110)

Portscan ran for 8.0096 seconds

    My Firewall Rules are as follows:

    My WAN Interface has:

    PASS IPv4 ICMP	 66.220.18.42	 *	 WAN address	 *	 *	 none	  	 HE.NET Allow ICMP

    My LAN Interface has:

    PASS IPv4 *	 LAN net	 *	 *	 *	 *	 none	  	 Default allow LAN IPv4 to any rule
PASS IPv6 *	 LAN net	 *	 *	 *	 *	 none	  	 Default allow LAN IPv6 to any rule

    My WANv6 Interface has:

    PASS IPv6 ICMP	 *	 *	 *	 *	 *	 none
PASS IPv6 TCP	 *	 *	 2001:470:****::fe	 80 (HTTP)	 *	 none	  	 Hypervisory Admin
PASS IPv6 TCP	 *	 *	 2001:470:****::1	 5555	 *	 none	  	 Firewall

    Any ideas where i have gone wrong ?

    1 Reply Last reply Reply Quote 0
    • I
      IOWNSU
      last edited by Mar 7, 2012, 2:23 AM

      Interesting. The above config has started working with no further intervention.

      1 Reply Last reply Reply Quote 0
      • J
        jigpe
        last edited by Mar 28, 2012, 4:58 AM

        thanks for posting this. in order to get ipv6 work, my workstation should be win7 right? or os that supports ipv6 except win xp right?

        1 Reply Last reply Reply Quote 0
        • D
          databeestje
          last edited by Mar 28, 2012, 6:46 PM

          yes

          1 Reply Last reply Reply Quote 0
          • M
            Matthias
            last edited by Mar 29, 2012, 1:29 AM

            I'm not sure this can be marked solved as there really isn't an answer as to why this was happening. I seem to be having the same issue right now ever since upgrading to the latest snapshots. I'll randomly lose my IPv6 connectivity, the gateway is still up and I can ping ipv6 addresses from the firewall but not from any of my LAN workstations. My last known working config was the pfSense-Full-Update-2.1-DEVELOPMENT-i386-20111125-1741.tgz

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by Mar 29, 2012, 5:26 AM

              @Matthias:

              I'm not sure this can be marked solved as there really isn't an answer as to why this was happening. I seem to be having the same issue right now ever since upgrading to the latest snapshots. I'll randomly lose my IPv6 connectivity, the gateway is still up and I can ping ipv6 addresses from the firewall but not from any of my LAN workstations. My last known working config was the pfSense-Full-Update-2.1-DEVELOPMENT-i386-20111125-1741.tgz

              post info in a new thread, there are countless reasons this can happen and it's not likely yours is the same as the OP's. HE.net has been flaky for me of late, you may be seeing the same, or there may be some kind of issue. Post a new thread with traceroute6 output from a LAN host when it's not working.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received