[Firehol-support] router_ra pppoe and firehol ?!

Tamer Higazi th982a at googlemail.com
Mon Jul 20 02:30:27 BST 2015


My latest results, I can ping out with ipv6 but in the logs are:

Jul 20 03:26:28 livetool kernel: OUT-inet:IN= OUT=enp6s1
SRC=fe80:0000:0000:0000:02e0:53ff:fe0c:9d18
DST=fe80:0000:0000:0000:021d:aaff:fe87:cd28 LEN=72 TC=0 HOPLIMIT=255
FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Jul 20 03:26:29 livetool kernel: OUT-inet:IN= OUT=enp6s1
SRC=fe80:0000:0000:0000:02e0:53ff:fe0c:9d18
DST=fe80:0000:0000:0000:021d:aaff:fe87:cd28 LEN=72 TC=0 HOPLIMIT=255
FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Jul 20 03:26:30 livetool kernel: OUT-inet:IN= OUT=enp6s1
SRC=fe80:0000:0000:0000:02e0:53ff:fe0c:9d18
DST=fe80:0000:0000:0000:021d:aaff:fe87:cd28 LEN=72 TC=0 HOPLIMIT=255
FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Jul 20 03:26:32 livetool kernel: OUT-inet:IN= OUT=enp6s1
SRC=2003:0051:4958:e501:02e0:53ff:fe0c:9d18
DST=ff02:0000:0000:0000:0000:0001:ff87:cd28 LEN=72 TC=0 HOPLIMIT=255
FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Jul 20 03:26:33 livetool kernel: OUT-inet:IN= OUT=enp6s1
SRC=2003:0051:4958:e501:02e0:53ff:fe0c:9d18
DST=ff02:0000:0000:0000:0000:0001:ff87:cd28 LEN=72 TC=0 HOPLIMIT=255
FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Jul 20 03:26:34 livetool kernel: OUT-inet:IN= OUT=enp6s1
SRC=2003:0051:4958:e501:02e0:53ff:fe0c:9d18
DST=ff02:0000:0000:0000:0000:0001:ff87:cd28 LEN=72 TC=0 HOPLIMIT=255
FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0


and as I suggest, later ip6 won't work anymore.... (sniff.... i guess).



Hope you have any ideas....



best, Tamer

Am 15.07.2015 um 08:37 schrieb Phil Whineray:
> Hi Tamer
> 
> On Wed, Jul 15, 2015 at 06:29:16AM +0200, Tamer Higazi wrote:
>> Hi Phil, still doesn't work.
>>
>> I deactivated the router advertisement on my VDSL2 router. Can't be so
>> difficult at all..... to make a static route to the server to come out
>> with ipv6.
>> Then this problem is for all time solved.
>>
>> Need to figure out how todo that, then the problem is all time solved.
> 
> I'm a bit confused - if this works without the firewall activated
> then something is doing the configuration and most likely it is
> RA packets. If not RA, it could be DHCPv6 that is being used:
> I am not aware of anything else that would allow things to just work.
> It would be the remote endpoint of the PPP connection that is responsible
> for sending RA packets, not necessarily the router.
> 
> You should check the logs for the first minute after connecting and you
> should see something being blocked. If you have not done this before
> there is an outline here:
>   http://firehol.org/guides/firehol-troubleshooting/
> 
> Unless you tried putting in the rules for ipv6router, my guess is you
> will see ICMPv6 type 133 and 134 (RS+RA) packets being blocked.
> 
> I would personally worry that if my ISP expects to autoconfigure
> that they may be willing to change the endpoint address, send new
> RA packets and expect things to keep working but they won't if you
> have statically configured this.
> 
> Cheers
> Phil
> 
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
> 




More information about the Firehol-support mailing list