Hello everyone, my ISP sends me an ICMP ff02::1:f00:1, I have created a firewall rule in WAN to allow.
If i don't believe the rule my local network soon you do not have ipv6 internet access.
WAN --- allow --- ipv6-icmp ---- fe80::/10 ---->> ff02::1:ff00:0/104
As RFC 4291 section 2.7.1 states:
Solicited-node multicast address are computed as a function of a node's unicast and anycast addresses. A solicited-node multicast address is formed by taking the low-order 24 bits of an address (unicast or anycast) and appending those bits to the prefix FF02:0:0:0:0:1:FF00::/104.
Could also be related to https://github.com/opnsense/src/issues/242#issuecomment-2679069936
I have managed to make the connection more or less stable, explicitly adding FF02:0:0:0:0:1:FF00::/104. Now I don't lose IPv6 over time.
Thank you for your work.
I think the problem is the NICs. I226-V version V2.17-0. I had to configure sysctl to be stable and fast.
hw.igc.max_interrupt_rate: 20000
hw.igc.enable_aim: 0
Hi everyone, this packet the firewall is blocking is an ICMP type 130 packet. This packet is sent every 125 seconds. It's from my ISP's Cisco.
Opnsense doesn't allow Type 130 by default.
Cisco MLD
General Query (Type 130)
Sent to learn about listeners on the attached link
Sets the Multicast Address Field to zero
Sent every 125 seconds
https://www.cisco.com/c/dam/global/sk_sk/assets/expo2011/pdfs/IPv6_multicast_security_Stefan_Kollar.pdf
I'm not sure I follow. Neighbor discovery packets are already allowed (via the second "Automatically generated rule") - a separate rule allowing the solicited-node destination should not be necessary. (Or am I missing a bug that affects this?)
The multicast listener query is interesting. Does your provider offer multicast services of some sort (e.g. streams or some such)?
It seems strange to me too, I have to add the rule explicitly
They are allowed but type 130 is not.
From all to all 1,2,135,136
specific, from fe80::/10 to fe80::/10, ff02::/16 128,133,134,135,136
the second rule is out 128,129,,133,134,135,136