dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6
share rss forum feed


whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast
reply to JoelC707

Re: [IPv6] Seeing two different LAN side ranges

said by JoelC707:

Also, I split the ICMP rules into separate v4/v6 rules. Give the ping a try again.

Not sure if you saw above but ICMP is all set now. I'll probably file a bug report for that w/pfsense if there isn't one already.

ND table looks good. The reason you have the other addresses is because some machines on your LAN probably haven't dropped the prefix yet.

tcpdump is good but doesn't show any traffic from the LAN. You'll want to run it when do something like the v6 test page.

I am suggesting the tcpdump route as I don't see anything wrong with your config at this point.

JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5

1 recommendation

It scrolls past at a pretty good rate so I'm not sure if I could catch anything in a screen shot. I think what I'll do then is reboot pfSense as soon as I can and see if that solves it now that we have everything else squared away.


JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5
reply to whfsdude

Rebooted pfSense. No change

Here's something. What snapshot are you or anyone else running? I'm on the latest (Dec 19th) snap, but you or someone mentioned in another thread I read that a regression is always possible. Maybe I need to downgrade. It'll mean recreating a bunch of firewall rules but I could just blow away and recreate it from scratch (might have to do that anyway if I downgrade as I don't know what importing config settings would do).

I'm really at a loss here. I don't know if it's pfSense or my network. I've used IPv6 before via a HE tunnel so nothing funky in the switches or anything should be messing with it. They are web managed switches (one D-Link, one Dell) but I haven't seen anything IPv6 related in them.



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

There are more recent snapshots here:

»snapshots.pfsense.org/FreeBSD_RE···?C=M;O=D


JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5

Aha it was set to check against the release server not the snapshots server. I just assumed they took a break from updates for Christmas or something. Before I contemplate blowing this away and starting fresh, I'm gonna try an update and see what I can make it do with a newer snapshot (at least with an update I don't have to recreate a bunch of rules and such lol).



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

You can save your current configuration file at any time and restore it later into your next install. No need to recreate anything from scratch.


JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5

Yeah but I'm worried there might be something hidden that is messing this up and restoring the config would restore the fault too. I guess I don't really see what that might be since everything else says it should be working but I'm stumped at this point.



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

Maybe you should consider a simpler product just to see if it will configure IPv6 correctly for you. If it won't, then the problem lies on Comcast's side and you are spinning your wheels.

I run m0n0wall here, the product that was forked to form pfsense.

It might take you ten minutes to try it. I can paste screenshots of the configuration for you if you want them.

Tell me more about what type of pfsense install you are running and I'll point you to the right m0n0wall image.


JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5

Good point. This could all be some bug in pfSense that has come up. The IPv6 forum at pfSense.com is filled with Comcast IPv6 questions I haven't even connected it direct to my desktop to test it direct (though considering I can ping from the firewall I suspect it will work connected direct to my desktop).

I've considered Untangle as well and have seen m0n0wall though I've never used either. I have two WAN circuits, one being PPPoE DSL, the other Comcast. It's being used for just a basic internet router/firewall. I have used HAVP (inline virus scanner) and played around with snort but do not use either currently. Nothing special really



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

m0n0wall doesn't handle multi-WAN. But it still would be worth trying on your Comcast circuit.

I suggest the Live-CD with a floppy or USB stick to store the configuration. Nothing to install, just try it and see what happens.



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
reply to JoelC707

said by JoelC707:

I haven't even connected it direct to my desktop to test it direct (though considering I can ping from the firewall I suspect it will work connected direct to my desktop).

I would highly suggest doing that. It should only take a few minutes to pull your pfsense box out of the mix, and plug a device (desktop or laptop) directly into your modem and verify that IPv6 is fully working in your area.

That will help rule out any issues on Comcast's side.

For me, that was the first thing I did. Once I knew I was getting a real IPv6 IP from Comcast, and could doing pings, trace routes, and the IPv6 test sites came back with a 10/10 score, I knew it was time to configure pfsense.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail

JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5
reply to graysonf

It's certainly worth a try, just with the Comcast circuit but yeah if no support for multi-wan then that's a no-go for me as a permanent solution. That may be why I went with pfSense instead of m0n0 at first because I've been using pfSense since the 1.2.1 days lol.


JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5
reply to plencnerb

I confirmed with NetDog See Profile that my CMTS was IPv6 enabled before beginning this adventure but alas what should work what that actually happens are sometimes two entirely different things LOL. Regardless, I should try that and see what happens.

Though I did note in the thread you pointed me to, your IPv6 IP shown was a 2001: address. If the PD provided 2601: address is the source of the issue, I may very well be able to connect the modem direct to my computer and get IPv6 connectivity and then turn around and still not get it to work with pfSense.