I have just moved to a new service - the old setup was vDSL using PPPoE, now I have fibre but they use DHCP.
So I get the IPv6/DHCP-client prefix as usual, so far so good
I set up an IPv6 address for the bridge using a ::/64, also no problem, can ping this from the internal network
But cannot ping it from WAN anywhere.
Also cannot ping an external IPv6 address from either the router or the LAN
IPv4 works fine after I set up the correct gateway.
IPv6 should just work via its link local fe80::xx:xx:xx:xx address that appears in the dynamically created routing table entry.
BUT not working.
running ROS 7.12 on an RB4011Any suggestions appreciated
So I get the IPv6/DHCP-client prefix as usual, so far so good
I set up an IPv6 address for the bridge using a ::/64, also no problem, can ping this from the internal network
But cannot ping it from WAN anywhere.
Also cannot ping an external IPv6 address from either the router or the LAN
IPv4 works fine after I set up the correct gateway.
IPv6 should just work via its link local fe80::xx:xx:xx:xx address that appears in the dynamically created routing table entry.
BUT not working.
running ROS 7.12 on an RB4011
Code:
/ipv6 addressadd address=::1 from-pool=pool_snap interface=bridge/ipv6 dhcp-clientadd add-default-route=yes interface=SNAP-10 pool-name=pool_snap request=prefix use-peer-dns=no/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udpadd action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="drop DNS from WAN" connection-state=new dst-port=53 in-interface-list=WAN protocol=tcpadd action=drop chain=forward comment="drop DNS from WAN" connection-state=new dst-port=53 in-interface-list=WAN protocol=udpadd action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6add action=jump chain=forward dst-address=2406:xxxx:xxxx:xxxx::123/128 jump-target=http-sadd action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN log-prefix=fwdDropadd action=accept chain=http-s dst-port=22 protocol=tcpadd action=accept chain=http-s dst-port=80 protocol=tcpadd action=accept chain=http-s dst-port=443 protocol=tcp/ipv6 firewall mangleadd action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=SNAP-10 passthrough=yes protocol=tcp tcp-flags=syn/ipv6 ndset [ find default=yes ] disabled=yesadd hop-limit=64 interface=bridge other-configuration=yes ra-interval=3s-1m/ipv6 routeadd disabled=no distance=1 dst-address=::/0 gateway=SNAP-10 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 vrf-interface=SNAP-10add disabled=no distance=1 dst-address=2000::/3 gateway=SNAP-10 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 vrf-interface=SNAP-10/ipv6 settingsset accept-router-advertisements=yesStatistics: Posted by robkampen — Mon Mar 04, 2024 12:18 pm