Topics

How is a LAN NET defined for an IPv6 network when the network is DHCPv6?

I am seeing blocks in my firewall for traffic originating on the LAN side to do things like DNS lookups or HTTPS traffic.

The rule that triggered this action is:

@5 block drop in log inet6 all label "Default deny rule IPv6"

OPNsense 15.7.15-amd64   
FreeBSD 10.1-RELEASE-p19   
LibreSSL 2.2.3

How do you filter the firewall logs so that I can look at my IPv6 blocks only?

I have added a user, ssh key, admin privileges, and shell access via the web gui. The user is not being allowed to login with the following error:

NO LOGINS: System going down at 10:32


pam_nologin: pam_sm_acct_mgmt: Administrator refusing you: /var/run/nologin

Connection closed by

I ssh into the firewall with root and I am able to see that my new user is not added to the group I created for SSH, nor wheel. I do see that the auth key is there along with the proper shell /bin/csh.

Is there something else needed?

--bcj

IPv6 addresses are assigned by my Internet provider and I would like to use my LAN's track address as the DNS server for my dual stack hosts.

Would you consider adding a checkbox on the services_dhcp.php page to add the LAN IPv6 address to the DNS list of the IPv4 DHCP requests? This should also stop the propagation of the routers IPv6 DNS servers to the inside hosts.

Right now I am putting the address into my global lists manually, but I would rather the inside clients not have the ability to query outside servers.

Thanks for any considerations!

I have been looking at the diag_ndp.php code to try and improve the page load time and the data which is returned. Instead of running multiple gethostbyaddr() calls which seem to take a while to timeout, set a variable instead. Also, while technically different, if you can't find a host entry for an IP then query the arp table for a name.

Code Select Expand

function _getHostName($mac,$ip)
{                       
        if(is_ipaddr($ip)) {
                $hostname = gethostbyaddr($ip);
                list($ip, $scope) = explode("%", $ip);
                if($hostname <> "" and $hostname <> $ip) {
                        return $hostname;
                } else {
                $hostname = exec("arp -a | grep $mac | cut -f 1 -d ' '");
                if ($hostname <> '?') {
                        return $hostname;
                        } else {
                        return "";
                    }
                }
                       
        }
}

Is there a way for the firewall to track IPv6 clients behind it and update dynamic DNS entries on a service like Cloudflare?

Greetings,

I have an IPv6 address on my WAN (/64) adapter, and managed to get one assigned to my LAN (/128) adapter. My PCs and Mac are NOT receiving an IPv6 address and when executing a ping6 from the LAN interface, I receive a "No route to host" error.

I didn't see anything in the forums on a simple IPv6 setup, is there one?

Provider is TWC in the US.

--bcj