IPv6 Broadcasts since Bridge



  • Hi there,

    I use a ALIX APU to provide some OpenVPN Connection to a provider like hidemyass. It's working really well!
    Now I want to use re2 as "Switch-Port" for re1.

    So I created a new Interface for re2 (OPT1) and brigded it with LAN (Bridge = LAN, OPT1).
    Set Firewall-Rule to allow OPT1 traffic.

    Works well!

    But now I always get blocked IPv6 traffic although I disabled IPv6 on all Interfaces and OpenVPN connections

    
    block/1000000105	Mar 7 20:10:39	LAN	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:10:39	bridge0	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:10:39	LAN	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:20	LAN	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:20	bridge0	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:20	LAN	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:25	LAN	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:25	bridge0	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:25	LAN	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:30	LAN	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:30	bridge0	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:30	LAN	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:35	LAN	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:35	bridge0	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:35	LAN	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:40	LAN	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:40	bridge0	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
     block/1000000105	Mar 7 20:11:40	LAN	[fe80::c225:6ff:fec1:cd43]:42654	[ff02::c]:1900	UDP
    

  • LAYER 8 Global Moderator

    "Now I want to use re2 as "Switch-Port" for re1."

    Bad idea to be honest.

    But yeah you got some device with link local fe80::c225:6ff:fec1:cd43 spewing SSDP or UPnP which what port 1900 is..  I would sniff and find the mac of what is sending it, track it down and make it stop..



  • @johnpoz:

    "Now I want to use re2 as "Switch-Port" for re1."

    Bad idea to be honest.

    Why is that a bad idea? So should I created another subnet instead?

    I just want to use the re2 port for my other devices.

    re0 -> WAN
    re1 -> Switch -> 5 Devices
    re2 -> Switch -> 3 Devices

    I'm kinda lazy to put the other 3 devices on my first switch because I dont want to change my cables.


  • LAYER 8 Netgate

    pfSense is not a switch.


  • LAYER 8 Global Moderator

    "I dont want to change my cables."

    So you would rather setup a bridge… <rolleyes>  WTF....

    As derelict stated pfsense is not a switch.. If you want switch ports get switch.. Bridging ports does not a switch port make that is for damn sure!!</rolleyes>



  • Oh, okay. Thats true. pfSense is, like the name already says, a "packet firewall".

    I'm sorry and I suggest every pfSense user NOT to bridge ports for "like a switch". Just don't do that.


Log in to reply