I changed my configuration and now the CHR navigates perfectly. the problem remains that the clients acquire public IPv6 but do not reach the various sites in IPv6. The various client packets arrive in the firewall connection table.
If I do a traceroute from the clients I reach the gateway IP of the same assigned pool/64.
I attach some screenshots and the current configuration.
If I do a traceroute from the clients I reach the gateway IP of the same assigned pool/64.
I attach some screenshots and the current configuration.
Code:
/ipv6 dhcp-server optionadd code=23 name=DNS value="'2606:4700:4700::1111''2606:4700:4700::1001'"/ipv6 pooladd name=pool1 prefix=2a0d:b287:ec00:1::/64 prefix-length=66add name=pool2 prefix=2a0d:b287:ec00:2::/64 prefix-length=66/ipv6 addressadd address=::1 from-pool=pool1 interface=bridge-IPv6-Via_Verdiadd address=::4000:0:0:1 from-pool=pool1 interface=bridge-LANadd address=2a0d:b287:ec00:52b4::2/126 advertise=no interface=ether1add address=2a0d:b287:ec00:2:0:f015:fab1:0/126 advertise=no disabled=yes interface=ether1/ipv6 dhcp-serveradd address-pool=pool1 dhcp-option=DNS interface=bridge-LAN lease-time=12h name=server1 rapid-commit=noadd address-pool=pool1 allow-dual-stack-queue=no dhcp-option=DNS interface=bridge-IPv6-Via_Verdi lease-time=12h name=server2 rapid-commit=no/ipv6 firewall address-listadd address=foisfabio.it list=ip/ipv6 firewall filteradd action=accept chain=input connection-state=established,relatedadd action=drop chain=input connection-state=invalidadd action=accept chain=forward in-interface=ether1 out-interface=bridge-LANadd action=accept chain=forward in-interface=bridge-LAN out-interface=ether1add action=accept chain=forward in-interface=ether1 out-interface=bridge-IPv6-Via_Verdiadd action=accept chain=forward in-interface=bridge-IPv6-Via_Verdi out-interface=ether1add action=drop chain=input disabled=yes protocol=tcpadd action=drop chain=input disabled=yes protocol=udpadd action=drop chain=forward disabled=yes protocol=tcpadd action=drop chain=forward disabled=yes protocol=udp/ipv6 firewall natadd action=add-src-to-address-list address-list=visitatore-sito address-list-timeout=5m chain=dstnat dst-address-list=ip dst-port=443 protocol=tcp/ipv6 ndset [ find default=yes ] advertise-dns=no disabled=yesadd dns=2001:4860:4860::8888,2001:4860:4860::8844 interface=bridge-LAN other-configuration=yes ra-interval=10s-20sadd dns=2001:4860:4860::8888,2001:4860:4860::8844 interface=bridge-IPv6-Via_Verdi other-configuration=yes ra-interval=10s-20s/ipv6 nd prefix defaultset preferred-lifetime=30s valid-lifetime=1m/ipv6 routeadd disabled=no distance=1 dst-address=::/0 gateway=2a0d:b287:ec00:52b4::1 routing-table=main scope=30 target-scope=10Statistics: Posted by abbio90 — Fri Jan 12, 2024 9:32 pm