IPv6 traffic blocked on WAN interface

Started by shadowspire, March 04, 2025, 05:54:42 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 04, 2025, 05:54:42 PM
Running 25.1.2, I have IPv6 working outbound.  I am able to ping and browse to multiple IPv6 only sites on the Internet.

My trouble is with IPv6 traffic being allowed IN to my LAN.

Even with a NPTv6 entry, I keep seeing the traffic being blocked by the WAN interface Default Deny rule.

What am I missing here?
March 04, 2025, 05:57:10 PM #1
A proper allow rule on WAN?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 04, 2025, 09:18:45 PM #2
I have a wide open "any/any" IPv6 rule on the WAN interface.

If I can get this to work, I will then look at tightening the rule.
March 04, 2025, 09:24:13 PM #3
Quote from: shadowspire on March 04, 2025, 09:18:45 PMI have a wide open "any/any" IPv6 rule on the WAN interface.
[...]

Heh. Is it an inbound rule?

More seriously, I think you'll have to post your ruleset. Too many possibilities.
March 04, 2025, 11:14:17 PM #4
Well....now it is working.  Not sure what it was though.

NPTv6 is set like this:

Interface: WAN
Internal IPv6 Prefix: <internal ipv6 addr>
External IPv6 Prefix: <external ipv6 addr>
Track interface:  None

Firewall rule is literally allowing any and all IPv6 traffic in.
March 04, 2025, 11:28:27 PM #5
Quote from: shadowspire on March 04, 2025, 11:14:17 PMFirewall rule is literally allowing any and all IPv6 traffic in.

Then why are you using NPT6? Internal networks are using GUA? Provider is routing these prefixes to your OPNsense? There is no NAT in IPv6 (in the common scenarios).
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions