Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
opnsense routing IPv6 link local multicast?
« previous
next »
Print
Pages: [
1
]
Author
Topic: opnsense routing IPv6 link local multicast? (Read 443 times)
really_lost
Newbie
Posts: 10
Karma: 1
opnsense routing IPv6 link local multicast?
«
on:
July 05, 2024, 05:45:43 pm »
So, I've been playing with IPv6 after avoiding it for years, and after moving a linux server acting as a router to opnsense.
I've got a number of different networks including a separate IOT and DMZ. I had permitted IPv6 on WiFi, IOT and DMZ. I wanted to get a sense of what types of traffic I was seeing in the DMZ and turned on tcpdump to capture 1000 packets.
There are the expected things like router/neighbor advertisement/solicitation.
However, the bulk of the traffic is mdns addressed to the link local address of ff02::fb.
The disturbing thing is that most of these are from iOS devices on WiFi. ff02:: addresses are IPv6 link local multicast. They are not supposed to be routed, as I understand it.
I have checked and as far as I can find, there is nothing handling mdns proxying. I've played with it in the past to permit airprinting from WiFi to IOT using avahi on linux. The avahi daemon is not running on that system. Besides, this DMZ network is for moving various services currently hosted on that linux box. The linux box has no route to the DMZ.
I did install the mdns repeater on opnsense, but it is currently disabled--and DMZ (where the packet captures happened) is not selected even in the disabled interfaces.
Do I need to do something special in my firewall rules to make link local multicast stay link local and not act as site local? I've got explicit blocks from all LAN interfaces to DMZ except for my computer to manage them. That's what makes me think this ff02::fb traffic is somehow coming from the opnsense box.
It's also possible I'm fundamentally misunderstanding something about IPv6 because it's all relatively new to me.
Logged
really_lost
Newbie
Posts: 10
Karma: 1
Re: opnsense routing IPv6 link local multicast?
«
Reply #1 on:
July 06, 2024, 01:50:29 am »
Some more digging (with packet captures on lots of different interfaces), and I believe it is my switch not respecting defined vlans when it comes to multicast.
I’m playing with igmp snooping on the one interface I’d most like to isolate, but not having much luck thus far.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
opnsense routing IPv6 link local multicast?