javitu / rt-n56u

Automatically exported from code.google.com/p/rt-n56u
0 stars 2 forks source link

Firewall drops IPv6 traffic #1275

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Enable IPv6
2. Enable Firewall
3. Host a website
4. Test website using http://ipv6-test.com/validate.php

What is the expected output? What do you see instead?
EXPECTED: Test succeeds.
ACTUAL: Test fails.

If firewall is disabled, then the test succeeds. 

What version of the product are you using? On what operating system?
3.0.3.8-081

Original issue reported on code.google.com by chu...@gmail.com on 29 Jun 2014 at 12:16

GoogleCodeExporter commented 9 years ago
> 3. Host a website
Where do you host it? (on the device?.. on some machine in your network?.. 
external hosting sources?..)

Original comment by d...@soulblader.com on 29 Jun 2014 at 7:41

GoogleCodeExporter commented 9 years ago
The website is hosted on a machine that is connected to the Asus RT-N56U by one 
of its ports.

ip6tables is stopping the site from being reached externally. Once ip6tables is 
disabled using ip6tables -F, the site is able to be reached.

Original comment by chu...@gmail.com on 30 Jun 2014 at 1:38

GoogleCodeExporter commented 9 years ago
So, is it a problem to add the rule to ip6tables to allow tcp traffic on some 
port?..

Original comment by d...@soulblader.com on 30 Jun 2014 at 9:13

GoogleCodeExporter commented 9 years ago
Not a problem, but the rules keep getting reset when the router is turned off 
even though I ran ip6tables-save.

Can you advise where I should change to get the rules I added to be persistent 
across reboots of the router? 

Original comment by chu...@gmail.com on 30 Jun 2014 at 11:47

GoogleCodeExporter commented 9 years ago
http://my.router/Advanced_Tweaks_Content.asp
There should be a link at the bottom of the page - "Run after Firewall Rules 
restarted"
First, please check that rule syntax is correct. Then put your rule to text 
area, and click save. That's it.

Original comment by d...@soulblader.com on 1 Jul 2014 at 9:11

GoogleCodeExporter commented 9 years ago
I wrote a configurable script 
https://gist.github.com/johnnyslee/ca00096d53129c4b9106 to forward all, or just 
as per IPv4 rules. Not sure if it works on interfaces other than 'sitX' (6in4). 
Another flaw is that when setting IP6FORWARD_MODE=2, it cannot detect UPnP 
rules on real time without using some inotify tools to listen on 
/tmp/miniupnpd.leases

Original comment by johnny.s...@gmail.com on 24 Feb 2015 at 9:46