OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: leifnel on December 31, 2021, 05:20:17 pm

Title: "remove redundant NPTv6 binat rule (Maurice Walker)" breaks my setup
Post by: leifnel on December 31, 2021, 05:20:17 pm

I have a vmware server at OVH.
On this I have an opnSense firewall.
Due to the somewhat strange handling of IPv6 at OVH, I have assigned the public addresses
2001:0DB8::201/128
2001:0DB8::202/128
2001:0DB8::203/128
2001:0DB8::204/128 to the public interface.
Then NPTv6 Nats
2001:0DB8::/65 to fd30::/65.
The internal hosts have the adresses
fd30::201
fd30::202
fd30::203
fd30::204
This works in Opnsense 21.7.5, is broken in 21.7.6.

I believe the "remove redundant NPTv6 binat rule (Maurice Walker)" breaks my setup.

Title: Re: "remove redundant NPTv6 binat rule (Maurice Walker)" breaks my setup
Post by: franco on January 01, 2022, 10:53:53 am

Can we decide on https://forum.opnsense.org/index.php?topic=21681.0 or this topic for future posts?

Does all communication fail or just some of it? If the latter is true I suspect that problem arises due to state failures.


Cheers,
Franco

Title: Re: "remove redundant NPTv6 binat rule (Maurice Walker)" breaks my setup
Post by: leifnel on January 03, 2022, 01:10:34 am

The old thread is for 21.1, this is 21.7

Strangely it broke on both 21.1.5-6 og 21.7.5-6

I have ipv6 working on 21.7.5, install 21.7.6 and reboots, ipv6 not working. (i.e. not reachable from outside)

I rollback to the 21.7.5 vmware snapshot, and it works again.

As this is a production site, I'm only testing in the middle of the night.

Title: Re: "remove redundant NPTv6 binat rule (Maurice Walker)" breaks my setup
Post by: franco on January 03, 2022, 02:24:40 pm

It doesn't make sense suspecting "remove redundant NPTv6 binat rule (Maurice Walker)" when talking about 21.7 at all... What is your last known good version? If it's 21.7.5 the suspicions change is either in 21.7.6 or 21.7.7, no?


Cheers,
Franco