Topics

1

General Discussion / Ipv6 not staying blocked

« on: June 21, 2021, 07:32:24 pm »

I have a few IPs I want to limit to my LAN only.  First I set up an alias called NoWAN to hold the IPs.  I've attached a pic of my rules.  These are the first rules in the list.  They block inbound and outbuound ipv4 and ipv6 traffic from anywhere except a LAN address.  Now here's the weird part.  They work fine for both ipv4 and ipv6 when I'm first connected but, after 10 minutes or so ipv6 starts leaking.  Here's what I see on reboot or when I cycle the network connections:

Code: [Select]

ping www.google.com
ping: www.google.com: Temporary failure in name resolution
After 10 minutes or so I get:

Code: [Select]

ping www.google.com
PING www.google.com(yx-in-x68.1e100.net (2607:f8b0:4002:c08::68)) 56 data bytes
64 bytes from yx-in-x68.1e100.net (2607:f8b0:4002:c08::68): icmp_seq=1 ttl=106 time=16.2 ms
64 bytes from yx-in-x68.1e100.net (2607:f8b0:4002:c08::68): icmp_seq=2 ttl=106 time=16.5 ms
Note that those are ipv6 adresses.

I've tried making separate rules for ipv4 and ipv6 with the same result.  I'm not a networking expert and I don't know much about ipv6.  So, any help would be appreciated.

2

General Discussion / Total Noob Comments and Questions

« on: November 18, 2018, 12:54:34 am »

New here and I just got opnsense set up with PIA and kill switch.  I used the pfsense guide here https://www.reddit.com/r/PFSENSE/comments/6edsav/how_to_proper_partial_network_vpn_with_kill_switch/ as a go by.  I'm a soon to be retired DBA so, while I don't know the details of networking, I can get around a little.  I'm pretty experienced with Linux.  I don't know much about BSD.

I actually did it with pfsense first but, those guys' attitude really makes me uninterested in using their software if I have an alternative.  However, doing it in pfsense did give me the confidence to try it in opnsense.

I know it's overkill for a home router but, it's on an i5 with 32GB and a 30GB msata drive.

Comments

• I couldn't get the USB version to boot or even be recognized by the BIOS.  I had to burn a DVD. Not sure why.
   The install took a while.
• Others have commented on this but, guides for opnsense other than the documentation are pretty hard to come by.  That's why I did it with pfsense first.
• [ don't want it but, I'm a bit surprised that opnsense has no provision for UPnP.  The only reason I know that pfsense has it is because I went looking for it to make damn sure it was turned off.
• I've only had it running a few hours but, very pleased so far!

Questions

• Telling me to RTFM isn't unreasonable here but, this sysstem also has a 200GB hard drive.  Opnsense isn't using it.  Any pointers on getting it running?  Any reason I should?
• Is there a reason to set up ARP on a network with less than 20 nodes?  From what I've read it reduces broadcast messages for mac addresses but, how many of those are there going to be on that small a network?
• Anything else I should try to set up for a home router?  Obviously, I have some spare cycles.

My other observation is that both pfsense and opnsense perform about the same.  However, they both beat the tar out of my ASUS AC-RT87U performance wise.  That's not much of a surprise.  I also get higher throughput over PIA than I do on a clear connection with both opnsense and pfsense.  I'm pretty sure that's due to compression between my router and PIA.

Thanks for any answers, comments, insults, whatever.