Verizon FIOS IPV6 - Allow ports to internal machines

Earl Texter

September 19, 2022 13:17

I saw a number of posts with Verizon and enabling IPV6 on FIOS and generally, I see things working very well. I changed the Prefix Delegation Size to 56 as that's what most posts said was the magic number there.

I'm very well versed on IPV4 but not so much on IPV6 as I've got NATs setup for 443 on my IPV4, but not sure how to do the same 443 allow for IPV6 as I can see the server with a IPV6 Address in my device list, but not sure how I make an "allow" for 443 for that port.

Comments

9 comments

Earl Texter

September 20, 2022 13:49
Is there no way to allow a port to an internal machine? It's just a rule in pfSense/OPNSense so I am hoping I can't find the GUI item..
0

Comment actions Permalink
Firewalla

September 20, 2022 18:22
You can just use the "rule" button to allow a port for ipv6. Since there is no NAT, you should be able to just get through
0

Comment actions Permalink
Earl Texter

September 20, 2022 20:07
I did try that but doesn't seem to let the traffic in. I can see if I add a rule, it adds the group only so not sure how it translates that.

I ran through to validate my IPV6:

curl -6 https://ifconfig.co/ip

Which gives me what I'd expect and matches what the list of IPV6 addresses for that device.

I tried making a 443 TCP - From Internet inbound and tested via a few port scanners to see if it responded, it does not.

I can see some traffic in a tcpdump but still not quite sure where the issue lies.
0

Comment actions Permalink
Firewalla

September 20, 2022 20:36
Make sure when you are testing ipv6, you are using the right ipv6 address.

Also, please paste here your port open rule, i can get someone to take a look
0

Comment actions Permalink
Earl Texter

September 20, 2022 20:45
Right - that's why I shared my curl command to validate I'm seeing my right IPV6 address as that returns and all matches up.

My rule is pretty basic:

Action - Allow

Matching - Local Port 443, Traffic from Internet on Device

I am thinking I have a IPV4 443 forward on the same device so I see both so not sure how it knows it is the IPV6 one.
0

Comment actions Permalink
networker5

October 12, 2022 23:21
I spent several weeks of torture with intermittent problems that all went away when i disabled IPV6 on FWG. Seen lot's of recent issues and while I'd like to have IPV6 I'd like to understand the issue better.

Where did you see info about the delegation 53? thanks!
0

Comment actions Permalink
Earl Texter

October 13, 2022 11:50
Not 53, but 56 as there were a bunch of posts in various spots on pfSense forums, dslreports, etc.

I eventually gave up on Firewalla as I had too many open issues and things that didn't work well for me and my use case so I went back to OPNSense and all things work with zero issues now.

I can make my unbound changes for Plex, IPV6 firewall rules work and I can connect to things, IPV6 connectivity with no issues and stable.

Neat idea for the normal home user but for the advanced, it doesn't quite work out.
0

Comment actions Permalink
Support Team

October 13, 2022 16:53
@Earl

I just did a test on allow rule again on IPv6, it works with the same configuration as you pasted in previous comments. it's odd that it didn't work for you. If you are going to use Firewalla in the future, we are very glad to help debug the issue.

Regarding to Plex/Unbound issue, we'll add a customize function, like we did on dnsmasq, to unbound so that pro users like you can add extra persistent configurations to it.

Thanks for the feedback!
0

Comment actions Permalink
Andrew Pearson

December 15, 2022 16:44
This took a minute to figure out.

This is how I got IPv6 rules working

Create Rule:
Action: Allow
Matching:
Local Port
Traffic from Internet
On:
Device: MyDevice
Schedule: Always
0

Comment actions Permalink

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?