Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [IPv6] link-local traffic blocked on LAN by default rule?!

    Scheduled Pinned Locked Moved
    2.1 Snapshot Feedback and Problems - RETIRED
    2
    4
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      doktornotor Banned
      last edited by

      I don't get this log noise?!

      (Filtered) firewall log:

      LAN Firewall Rules:

      fe80::21b:78ff:fe0e:f84b is a crappy HP multifunction printer
      fe80::18c6:f769:532b:2f8e is a LAN workstation with the crappy HP drivers installed for network scanning

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        Looks like you GET alot of that long noise, but I don't get it either.
        I know SNMP is supposed to be disabled by default from WAN but within the LAN?

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          @kejianshi:

          Looks like you GET alot of that long noise, but I don't get it either.
          I know SNMP is supposed to be disabled by default from WAN but within the LAN?

          Well, I'll probably just try to disable SNMP altogether on the printer and see if it breaks the scanning, since yeah - it's extremely noisy. I don't get the blocking. Someone also complained about link-local stuff being blocked by some crazy bogonsv6 entry covering half of IPv6 address space; however I no such thing enabled here, neither on WAN nor on LAN.

          I think the wiki would benefit from some complete list of the behind-the-scenes invisible rules. (Also, DHCPv6 broadcasts get blocked unless you enable DHCPv6 server/relay on the interface, etc.)

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by

            I did finally get around to setting up 2.1RC for this guy out in Denmark who is actually alot smarter than you might think from reading his thread.  Language barrier.  It works well.  When I get time, I''l take a look at his firewall and see if anything weird is happening since he does have a Many WANs running and a ton of computers on the network. I should probably be able to turn on IPV6 for him also and see whats up there.  Initially I made it all IPV4 to save myself a headache in the first day.  I'm sure the firewall logs are just getting hammered right now as I have yet to do anything to it.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post