Messages

Hi Franco,

no, I have just one IPv6 gateway. But users on that network should only be able to access external IPv6 addresses.

It works perfect with IPv4: If I choose a default gateway, only external addresses can be reached.
But not so with IPv6.

A solution would be to negate my local IPv6 network as destination address and set gateway to default.
But if this is the only solution, then I think there is a bug in OPNsense.

Hello,
I have a problem with IPv6 firewall rules. I use OPNsense 17.1.10-amd64.

If I add an IPv6 TCP rule from a LAN net to * with gateway default/* everything works fine. But if I change the gateway in the rule to my IPv6 Gateway (I use a Hurricane Electric 6 to 4 tunnel) no IPv6 connection to the internet from that network can be established.

In the log I can see that the TCP SYN/ACK segments are blocked by the firewall. See screenshot attached.

Can anybody give me a hint how I can solve that problem?


Thanks in advance,
fuerni