[Firehol-support] router_ra pppoe and firehol ?!
Tamer Higazi
th982a at googlemail.com
Mon Jul 20 00:39:30 CEST 2015
Hi Phil,
As you suggested.... I had to open port 4944 (the hell I know why) and I
got only this message now:
Jul 20 00:36:50 livetool kernel: IN-inet:IN=enp6s1 OUT=
MAC=33:33:00:00:00:01:00:1d:aa:87:cd:28:86:dd
SRC=fe80:0000:0000:0000:021d:aaff:fe87:cd28
DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=144 TC=0 HOPLIMIT=255
FLOWLBL=0 PROTO=ICMPv6 TYPE=134 CODE=0
any ideas ?!
I still don't know what port 4944 has it in.....
best, Tamer
Am 15.07.2015 um 08:37 schrieb Phil Whineray:
> Hi Tamer
>
> On Wed, Jul 15, 2015 at 06:29:16AM +0200, Tamer Higazi wrote:
>> Hi Phil, still doesn't work.
>>
>> I deactivated the router advertisement on my VDSL2 router. Can't be so
>> difficult at all..... to make a static route to the server to come out
>> with ipv6.
>> Then this problem is for all time solved.
>>
>> Need to figure out how todo that, then the problem is all time solved.
>
> I'm a bit confused - if this works without the firewall activated
> then something is doing the configuration and most likely it is
> RA packets. If not RA, it could be DHCPv6 that is being used:
> I am not aware of anything else that would allow things to just work.
> It would be the remote endpoint of the PPP connection that is responsible
> for sending RA packets, not necessarily the router.
>
> You should check the logs for the first minute after connecting and you
> should see something being blocked. If you have not done this before
> there is an outline here:
> http://firehol.org/guides/firehol-troubleshooting/
>
> Unless you tried putting in the rules for ipv6router, my guess is you
> will see ICMPv6 type 133 and 134 (RS+RA) packets being blocked.
>
> I would personally worry that if my ISP expects to autoconfigure
> that they may be willing to change the endpoint address, send new
> RA packets and expect things to keep working but they won't if you
> have statically configured this.
>
> Cheers
> Phil
>
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
>
More information about the Firehol-support
mailing list