[SOLVED] IPv6 Tunnel up, Not passing traffic to LAN



  • Hi All,

    Have got my tunnel up and working, and can ping IPv6 stuff from the firewall

    
    PING6(56=40+8+8 bytes) 2001:470:*******::2 --> 2001:4810::110
    16 bytes from 2001:4810::110, icmp_seq=0 hlim=55 time=215.180 ms
    16 bytes from 2001:4810::110, icmp_seq=1 hlim=55 time=212.745 ms
    16 bytes from 2001:4810::110, icmp_seq=2 hlim=55 time=214.642 ms
    16 bytes from 2001:4810::110, icmp_seq=3 hlim=55 time=214.564 ms
    16 bytes from 2001:4810::110, icmp_seq=4 hlim=55 time=213.170 ms
    ^C
    --- ip6.me ping6 statistics ---
    6 packets transmitted, 5 packets received, 16.7% packet loss
    round-trip min/avg/max/std-dev = 212.745/214.060/215.180/0.935 ms
    
    

    I can also ping hosts within my routed /64

    
    PING6(56=40+8+8 bytes) 2001:470:****::1 --> 2001:470:****::fe
    16 bytes from 2001:470:****::fe, icmp_seq=0 hlim=64 time=1.474 ms
    16 bytes from 2001:470:****::fe, icmp_seq=1 hlim=64 time=0.843 ms
    16 bytes from 2001:470:****::fe, icmp_seq=2 hlim=64 time=1.031 ms
    16 bytes from 2001:470:****::fe, icmp_seq=3 hlim=64 time=0.927 ms
    ^C
    --- 2001:470:****::fe ping6 statistics ---
    4 packets transmitted, 4 packets received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 0.843/1.069/1.474/0.243 ms
    
    

    The firewall can be pinged on its /64 routed address from the internet (And other open ports accessable):

    
    PING 2001:470:****::1: 56 data bytes
    64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=0\. time=323\. ms
    64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=1\. time=317\. ms
    64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=2\. time=317\. ms
    64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=3\. time=318\. ms
    64 bytes from firewall.*.com (2001:470:****::1): icmp_seq=4\. time=317\. ms
    
    ----2001:470:****::1 PING Statistics----
    5 packets transmitted, 5 packets received, 0% packet loss
    round-trip (ms)  min/avg/max/stddev = 317./319./323./2.7
    
    
    
    Checked port 5555 on Host/IP 2001:470:****::1...
    
     The checked port (5555) is online/reachable!
    
    Completed portscan in 0.2807 seconds
    
    

    My issue is that 2001:470:::fe cannot be accessed from the internet, and 2001:470::fe cannot access the internet

    
    PING 2001:470:****::fe: 56 data bytes
    
    ----2001:470:****::fe PING Statistics----
    5 packets transmitted, 0 packets received, 100% packet loss
    
    
    Checked port 80 on Host/IP 2001:470:****::fe...
    
     The checked port (80) is offline/unreachable
    
    Reason: Connection timed out (110)
    
    Portscan ran for 8.0096 seconds
    
    

    My Firewall Rules are as follows:

    My WAN Interface has:

    PASS IPv4 ICMP	 66.220.18.42	 *	 WAN address	 *	 *	 none	  	 HE.NET Allow ICMP
    

    My LAN Interface has:

    PASS IPv4 *	 LAN net	 *	 *	 *	 *	 none	  	 Default allow LAN IPv4 to any rule
    PASS IPv6 *	 LAN net	 *	 *	 *	 *	 none	  	 Default allow LAN IPv6 to any rule
    

    My WANv6 Interface has:

    PASS IPv6 ICMP	 *	 *	 *	 *	 *	 none
    PASS IPv6 TCP	 *	 *	 2001:470:****::fe	 80 (HTTP)	 *	 none	  	 Hypervisory Admin
    PASS IPv6 TCP	 *	 *	 2001:470:****::1	 5555	 *	 none	  	 Firewall
    

    Any ideas where i have gone wrong ?



  • Interesting. The above config has started working with no further intervention.



  • thanks for posting this. in order to get ipv6 work, my workstation should be win7 right? or os that supports ipv6 except win xp right?



  • yes



  • I'm not sure this can be marked solved as there really isn't an answer as to why this was happening. I seem to be having the same issue right now ever since upgrading to the latest snapshots. I'll randomly lose my IPv6 connectivity, the gateway is still up and I can ping ipv6 addresses from the firewall but not from any of my LAN workstations. My last known working config was the pfSense-Full-Update-2.1-DEVELOPMENT-i386-20111125-1741.tgz



  • @Matthias:

    I'm not sure this can be marked solved as there really isn't an answer as to why this was happening. I seem to be having the same issue right now ever since upgrading to the latest snapshots. I'll randomly lose my IPv6 connectivity, the gateway is still up and I can ping ipv6 addresses from the firewall but not from any of my LAN workstations. My last known working config was the pfSense-Full-Update-2.1-DEVELOPMENT-i386-20111125-1741.tgz

    post info in a new thread, there are countless reasons this can happen and it's not likely yours is the same as the OP's. HE.net has been flaky for me of late, you may be seeing the same, or there may be some kind of issue. Post a new thread with traceroute6 output from a LAN host when it's not working.


Log in to reply