PfSense not responding to IPv6 Ping
-
Having trouble getting my pfSense install to respond to pings. It will respond on it's IPv4 address, but not IPv6. I can browse to IPv6 websites fine, and connect back to the routers web interface using IPv6 web proxies, but not ping. Anybody have any ideas? I'm not a pfSense or Firewalling newbie but I cannot figure it out. Thanks in advance.
-
Respond from where? Assuming you're showing your HE.net tunnel there, that rule will only allow pinging from the Internet.
-
If you do a traceroute6 from another host in, using icmp, how far does it get?
That first rule for ICMP should be allowing it, does it show as blocked in your firewall logs?
If so, click the 'x' and see what rule did the blocking, and show the log entry here.
-
Thanks guys. I completely disabled the firewall in pfSense, still could not ping the gateway from an outside IPv6 address.
I did a traceroute from an outside website: http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-traceroute.php
The results are as follows:
TraceRoute IPv6 Output:
traceroute to www.t********r.com (2001:470:c:132c::2), 30 hops max, 40 byte packets
1 2a02:348:82::1 (2a02:348:82::1) 0.199 ms 0.226 ms 0.251 ms
2 xl-internetservices.nl.ip6.jointtransit.nl (2a02:10:0:1::e:3) 0.961 ms 0.980 ms 2.253 ms
3 hurricane-electric.nikhef.nlsix.net (2001:7f8:13::a500:6939:1) 6.407 ms 6.205 ms 6.441 ms
4 10gigabitethernet1-4.core1.lon1.he.net (2001:470:0:3f::1) 14.631 ms 15.022 ms 14.868 ms
5 10gigabitethernet7-4.core1.nyc4.he.net (2001:470:0:128::1) 75.466 ms 74.583 ms 74.565 ms
6 10gigabitethernet5-3.core1.lax1.he.net (2001:470:0:10e::1) 136.581 ms 136.629 ms 135.161 ms
7 ordns.he.net (2001:470:20::2) 145.481 ms 139.272 ms 142.351 ms
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *Finished!
I cannot figure this out!
-
I found a partial solution to the problem: If I ping the IPv6 address directly, it works fine. If I ping the domain name, it doesn't work even though I have AAAA addresses setup for the domain going to the same IP as I am pinging.
-
To update this:
I think it ended up being the IPv6 Ping website I was using located in Denmark. I've since tried other ones and the ping seems to be working correctly.
Thank you for your responses.
