[Firehol-support] router_ra pppoe and firehol ?!
th982a at googlemail.com
Sun Jul 19 23:39:30 BST 2015
As you suggested.... I had to open port 4944 (the hell I know why) and I
got only this message now:
Jul 20 00:36:50 livetool kernel: IN-inet:IN=enp6s1 OUT=
DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=144 TC=0 HOPLIMIT=255
FLOWLBL=0 PROTO=ICMPv6 TYPE=134 CODE=0
any ideas ?!
I still don't know what port 4944 has it in.....
Am 15.07.2015 um 08:37 schrieb Phil Whineray:
> Hi Tamer
> On Wed, Jul 15, 2015 at 06:29:16AM +0200, Tamer Higazi wrote:
>> Hi Phil, still doesn't work.
>> I deactivated the router advertisement on my VDSL2 router. Can't be so
>> difficult at all..... to make a static route to the server to come out
>> with ipv6.
>> Then this problem is for all time solved.
>> Need to figure out how todo that, then the problem is all time solved.
> I'm a bit confused - if this works without the firewall activated
> then something is doing the configuration and most likely it is
> RA packets. If not RA, it could be DHCPv6 that is being used:
> I am not aware of anything else that would allow things to just work.
> It would be the remote endpoint of the PPP connection that is responsible
> for sending RA packets, not necessarily the router.
> You should check the logs for the first minute after connecting and you
> should see something being blocked. If you have not done this before
> there is an outline here:
> Unless you tried putting in the rules for ipv6router, my guess is you
> will see ICMPv6 type 133 and 134 (RS+RA) packets being blocked.
> I would personally worry that if my ISP expects to autoconfigure
> that they may be willing to change the endpoint address, send new
> RA packets and expect things to keep working but they won't if you
> have statically configured this.
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
More information about the Firehol-support