Messages

1

Tutorials and FAQs / Static IPv6 on Comcast network.

« on: September 25, 2024, 08:59:47 pm »

I am having trouble stetting up a static IPb6 on Comcast.  I have a business account and they told me I was assigned 2603:XXX:YYY:ZZZ::/56.  Everything I have read online says that I should set the WAN interface to DHCPv6 and the prefix delegation size to "56".   When I do that I see the following on the Comcast modem:

Internet: Active
WAN IP Address (IPv6): 2001:558:6031:70:a59d:4c3:f6fc:ce79
WAN Default Gateway Address (IPv6): fe80::201:5cff:fea9:5246
Delegated prefix (IPv6): 2601:980:c300:4f0::/64
WAN Link Local Address (IPv6): fe80::fad2:acff:fe94:16a
DHCP Client (IPv6): Enabled


And the WAN interface shows:

# ifconfig em0
em0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: WAN (wan)
options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
ether 52:54:00:23:cf:af
inet 50.76.207.253 netmask 0xfffffff8 broadcast 50.76.207.255
inet6 fe80::5054:ff:fe23:cfaf%em0 prefixlen 64 scopeid 0x1
inet6 2601:980:c300:4f0:5054:ff:fe23:cfaf prefixlen 64 autoconf pltime 300 vltime 300
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>


I have also set a VLAN interface's "IPV6 configuration Type" to "tracking". 

The VLAN only shows a link-local IPv6 address.

Is there a HOW-TO for configuring an static IPv6 that doesn't use DHCP to get the address?

2

General Discussion / Re: Confused about firewall rules.

« on: August 27, 2024, 11:46:04 pm »

Here is my routing table from ipfire:

[root@ipfire ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         50.76.207.254   0.0.0.0         UG    0      0        0 red0
50.76.207.248   0.0.0.0         255.255.255.248 U     0      0        0 red0
50.76.207.254   0.0.0.0         255.255.255.255 UH    0      0        0 red0
172.16.1.0      0.0.0.0         255.255.255.0   U     0      0        0 blue0
172.16.3.0      0.0.0.0         255.255.255.0   U     0      0        0 green0


The main difference I see is that every interface show the default gateway as the gateway. 

Is there a way to do somethin similar in opnsense?

3

General Discussion / Re: Confused about firewall rules.

« on: August 27, 2024, 11:36:03 pm »

I can see how that would work.  However, it doesn't clear up my confusion.  The first rule:

Protocol        Source          Port    Destination     Port    Gateway     Schedule                Description
    IPv4 *          WIFI net        *         WAN net            *        *               *

should send all non-WIFI net traffic to the WAN interface which has x.x.x.254 as the default route.

root@opnsense:~ # netstat -4rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            50.76.207.254      UGS         em0
50.76.207.248/29   link#1             U           em0
172.16.1.0/24      link#3             U           em2
172.16.1.1         link#5             UHS         lo0
172.16.3.0/24      link#2             U           em1
172.16.3.1         link#5             UHS         lo0

What am I missing?

4

General Discussion / Re: Confused about firewall rules.

« on: August 27, 2024, 09:52:48 pm »

The question relates to WIFI<==> WAN.  I want hosts on the WIFI to be able to access the internet without being able to access the LAN.  That is what I thought the first rule was supposed to do.  So far, I am only able to have the WIFI hosts access the internet if I enable the thrid rule which allows the WIFI hosts to also access the LAN.

5

General Discussion / Re: Confused about firewall rules.

« on: August 27, 2024, 08:56:56 pm »

x.x.x.254 is defined as the default gateway.  Shouldn't any traffic that is not on any of my local nets automatically go to x.x.x.254?  That is what Ipfire does?

6

General Discussion / Confused about firewall rules.

« on: August 27, 2024, 07:57:44 pm »

I am trying to replace an Ipfire router/firewall with OpnSense and I am having  problems with the firewall rules.

At the moment, everything has a static IP and have 4 interfaces: WAN, LAN, DMZ, and WIFI.  My WAN configuration is:

opnsense x.x.x.253 ------ x.x.x.254 comcast

The LAN works as expected.  I am having problems with the WIFI network.  I put 3 rules in the WIFI firewall rules:

 Protocol        Source          Port    Destination     Port    Gateway     Schedule                Description
    IPv4 *          WIFI net        *         WAN net            *        *               *
    IPv4 *          WIFI net        *         WIFI net            *         *               *
    IPv4 *          WIFI net        *                 *                *         *               *

With all 3 rules enabled, a host on the WIFI network can access the internet.  If I disable the last rule, a host on the WIFI network can no longer get to the internet.  But, it can ping the WIFI interface, the x.x.x.253 interface, and the x.x.x.254 interface.  It just can't reach anthing beyond the 254 interface.

Any idea what I may have misconfigured?