Firewalla Feature Guide: Network Manager

Follow

Comments

10 comments

  • Avatar
    KP

    With IPv6 enabled, is it possible to override the ISP-assigned IPv6 DNS servers and use your own preferred ones, such as Cloudflare (2606:4700:4700::1111 and 2606:4700:4700::1001)?

    Basically I would prefer to have the router push these out via DHCP rather than have to manually configure them on each device. 

    Also, does the DNS over HTTPS work with IPv6 DNS AAAA records?

    4
    Comment actions Permalink
  • Avatar
    Mark Arana

    +1 for this as well. Also, how can a custom Prefix Delegation be set? 

    2
    Comment actions Permalink
  • Avatar
    gera schlaefer

     

    I just ran into the same issue. 
    To fix this for android, windows 10, etc here is what I did. 
    You ssh into the firewalla gold and make a new file in /home/pi/.router/config/dhcp/conf/
    For example: 
    nano /home/pi/.router/config/dhcp/conf/gero.conf/custom_v6_dns.conf
    In the file you put 
    dhcp-range=tag:br0,::,constructor:br0,slaac,ra-stateless,86400
    dhcp-option=tag:br0,option6:dns-server,[fd68:a4d3:aaf6:20::53]
    but replace the ip with your own ipv6 dns server and br0 with what you use (run "ip add" to check).

    Then reboot the firewalla
    sudo reboot

    Then disabled/enabled network on windows 10 and it populated the ipv6 dns

    You can now see the dhcpv6 responses with the dns server by running
    sudo tcpdump -i br0 -n -vv '(udp port 546 or 547) or icmp6'
    for example

     

    2
    Comment actions Permalink
  • Avatar
    Rodolfo Gonzalez Ruiz

    I had a problem with SIP calls and enabling SIP under the NAT Passthrough option solved it. Can you please explain what exactly does this option do in a technical sense? Thanks.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    This article should explain the ALG part https://en.wikipedia.org/wiki/Application-level_gateway

     

    0
    Comment actions Permalink
  • Avatar
    Rodolfo Gonzalez Ruiz

    Ok, so enabling NAT Passthrough activates ALG for those services.... why isn't it on by default? Does it consume resources when turned on? Or is there a security aspect to it?

    0
    Comment actions Permalink
  • Avatar
    Dave Taylor

    What format is the MAC address supposed to be in?  No matter what I try, xx-xx-xx-xx-xx-xx, xxxxxxxxxxxx, it says "invalid MAC address" even though it's the one copied from the router.

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    @Dave try xx:xx:xx:xxmxx:xx

    0
    Comment actions Permalink
  • Avatar
    Dave Taylor

    Ah, thanks.  And a request for the Firewalla folks, could fields for entering MAC addresses be made a bit more flexible?  The xx-xx form is standard for MAC addresses with the hex-digits-one probably being the next most common, without @Michael's hint I'd never have guessed that colons are required.  So for validation, take the input, remove any punctuation, and then check that it's 12 hex digits, that allows xx-xx, xx:xx, and xxxx forms.

    0
    Comment actions Permalink
  • Avatar
    Manoel Domingues Junior

    Do you have any insights about how to use more than 5 WAN IPs?
    I’m looking to use firewalla in a SOHO environment but the 5 IPs per WAN is a big issue here…

    0
    Comment actions Permalink

Please sign in to leave a comment.