Comcast IP6 just stopped working (mostly)
-
I'm sure this is something really dumb but for the life of me I can't figure out what. I had Comcast IP6 working great and then it stopped.
2.2.6-RELEASE (amd64)
Hardware has 6 interfaces, three in use.
EM0 - Xfinity WAN
EM5 - LAN 192.168.10.1/24
EM4 - XFINITYHOME 192.168.11.1/24 (I put the comcast AP for their secrity system in it's own isolated subnet, becasue comcast).WAN is set to dhcp4, dhcp6 prefix 64 no other options ticked.
IP6 is enabled, no other advanced options changed from defaults
LAN is set to track WAN
XFINITYHOME has no IP6 configuredThe good news:
I'm seeing an IP6 /128 assigned to the WAN interface and a /64 prefix assigned to the LAN.
Client on the LAN (OSX) are getting IP6 addresses
If I ping6 to 2001:4860:4860::8888 (google public DNS) from the firewall (command prompt or diag menu) it works.The bad news:
If I ping6 from the diag menu lan address or from any client on the LAN it doesn't work.I have a LAN firewall rule allowing IP6 traffic from LAN net to any and if I run pfctl -sr | egrep inet6 I see it
pass in quick on em5 inet6 from 2601:XXXX:YYYY:ZZZZ::/64 to any flags S/SA keep state label "USER_RULE: Default allow LAN to any rule 6"
If I packet capture on the WAN side I see echo requests going out, but nothing coming back.I don't see any logged packets being dropped and every drop rule in pfctl -sr has a log option.
I've rebooted everything and I'm stumped.
It's like comcast has given me an unrouted /64 so traffic from the interface /128 works but anything from the /64 doesn't.
Ideas?
-
I had Comcast reprovision the modem and now it's working.
-
Just curious, what hardware are you running comcast connected pfsense on?