Verizon FIOS IPV6 - Allow ports to internal machines

Comments

8 comments

  • Avatar
    Earl Texter

    Is there no way to allow a port to an internal machine? It's just a rule in pfSense/OPNSense so I am hoping I can't find the GUI item..

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    You can just use the "rule" button to allow a port for ipv6. Since there is no NAT, you should be able to just get through 

    0
    Comment actions Permalink
  • Avatar
    Earl Texter

    I did try that but doesn't seem to let the traffic in. I can see if I add a rule, it adds the group only so not sure how it translates that.

    I ran through to validate my IPV6:

    curl -6 https://ifconfig.co/ip

    Which gives me what I'd expect and matches what the list of IPV6 addresses for that device.

    I tried making a 443 TCP - From Internet inbound and tested via a few port scanners to see if it responded, it does not.

    I can see some traffic in a tcpdump but still not quite sure where the issue lies.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Make sure when you are testing ipv6, you are using the right ipv6 address. 

    Also, please paste here your port open rule, i can get someone to take a look 

    0
    Comment actions Permalink
  • Avatar
    Earl Texter

    Right - that's why I shared my curl command to validate I'm seeing my right IPV6 address as that returns and all matches up.

    My rule is pretty basic:

    Action - Allow

    Matching - Local Port 443, Traffic from Internet on Device

    I am thinking I have a IPV4 443 forward on the same device so I see both so not sure how it knows it is the IPV6 one.

     

    0
    Comment actions Permalink
  • Avatar
    networker5

    I spent several weeks of torture with intermittent problems that all went away when i disabled IPV6 on FWG.  Seen lot's of recent issues and while I'd like to have IPV6 I'd like to understand the issue better. 

    Where did you see info about the delegation 53?  thanks!

    0
    Comment actions Permalink
  • Avatar
    Earl Texter

    Not 53, but 56 as there were a bunch of posts in various spots on pfSense forums, dslreports, etc.

    I eventually gave up on Firewalla as I had too many open issues and things that didn't work well for me and my use case so I went back to OPNSense and all things work with zero issues now.

    I can make my unbound changes for Plex, IPV6 firewall rules work and I can connect to things,  IPV6 connectivity with no issues and stable.

    Neat idea for the normal home user but for the advanced, it doesn't quite work out. 

    0
    Comment actions Permalink
  • Avatar
    Support Team

    @Earl

    I just did a test on allow rule again on IPv6, it works with the same configuration as you pasted in previous comments. it's odd that it didn't work for you. If you are going to use Firewalla in the future, we are very glad to help debug the issue.

    Regarding to Plex/Unbound issue, we'll add a customize function, like we did on dnsmasq, to unbound so that pro users like you can add extra persistent configurations to it.

    Thanks for the feedback!

    0
    Comment actions Permalink

Please sign in to leave a comment.