NL R2 - Configuring server for IPv6

Discussions for BiPAC 8800 series: 8800NL, 8800NLR2, 8800AXL, 8800AXLR2
andruec
Posts: 25
Joined: Wed Jan 01, 2014 1:10 pm

NL R2 - Configuring server for IPv6

Post by andruec »

I'd like to make my mail server accessible over IPv6. However I can't work out how to allow incoming packets to reach it. Obviously with IPv4 it's a matter of setting up a virtual server and I did that when I first got the router. But I can't work out how to do the equivalent for IPv6. I can't even ping my server at the moment - only the router itself.
andruec
Posts: 25
Joined: Wed Jan 01, 2014 1:10 pm

Re: NL R2 - Configuring server for IPv6

Post by andruec »

Never mind - I worked it out. I have to add an incoming IP filtering rule. For anyone else that searches for this:

Source address - leave blank.
Target address - the IP address of your server (I used the static public IP address that mine has)
Ports - Um. I set mine to 80 for both source and destination but the router seems to have changed them to blank.

Edit:Yes, somehow 'any' got set as the protocol and that allows everything through as I can now ping my server over ipv6 as well. So don't do that :) Pick a protocol.
andruec
Posts: 25
Joined: Wed Jan 01, 2014 1:10 pm

Re: NL R2 - Configuring server for IPv6

Post by andruec »

I still can't get it working. The only way I have found to get my mail server visible on IPv6 seems to be to have a single incoming rule that means 'send anything straight through'. It's basically a DMZ for my mail server and I don't want that.

https://goo.gl/photos/3yQJFnPyjgPp3qUVA
andruec
Posts: 25
Joined: Wed Jan 01, 2014 1:10 pm

Re: NL R2 - Configuring server for IPv6

Post by andruec »

Oh. I don't know how I missed it but that setup I posted isn't actually working for anything. I thought it allowed ICMP through to my server but it doesn't.

So the original question remains. How do I configure the 8800NL R2 to make my server publicly available on IPv6?
billion_fan
Posts: 5374
Joined: Tue Jul 19, 2011 4:30 pm

Re: NL R2 - Configuring server for IPv6

Post by billion_fan »

andruec wrote:Oh. I don't know how I missed it but that setup I posted isn't actually working for anything. I thought it allowed ICMP through to my server but it doesn't.

So the original question remains. How do I configure the 8800NL R2 to make my server publicly available on IPv6?
I tested it with a FTP server and it works fine, ping and port 21 open over Ipv6 see screen shots of my tests, (my setup was stateful, but I also tested with stateless and it worked)
You do not have the required permissions to view the files attached to this post.
andruec
Posts: 25
Joined: Wed Jan 01, 2014 1:10 pm

Re: NL R2 - Configuring server for IPv6

Post by andruec »

Hmmm. I can connect to my server from the LAN using the address I specified so it must be the router that's blocking it for some reason. Also it did work when I selected protocol 'any' as shown by this monitoring tool:

https://www.thinkbroadband.com/broadban ... 6-2017.png

It's gone red now because I didn't want to expose every port on the WAN.

I'll have another look tonight but so far I'm foxed. Have there been any recent(ish) firmware fixes in this area? I keep forgetting to post my firmware version but I know I'm not on the 2.52.x branch.
billion_fan
Posts: 5374
Joined: Tue Jul 19, 2011 4:30 pm

Re: NL R2 - Configuring server for IPv6

Post by billion_fan »

andruec wrote:Hmmm. I can connect to my server from the LAN using the address I specified so it must be the router that's blocking it for some reason. Also it did work when I selected protocol 'any' as shown by this monitoring tool:

https://www.thinkbroadband.com/broadban ... 6-2017.png

It's gone red now because I didn't want to expose every port on the WAN.

I'll have another look tonight but so far I'm foxed. Have there been any recent(ish) firmware fixes in this area? I keep forgetting to post my firmware version but I know I'm not on the 2.52.x branch.
I was using 2.52, all working here, without a "any" rule added, as you can see from my screen shots. It might be worth checking to see if IPv6 is working correctly on your mail server like I did (IPv6 address.png) and see what IPv6 address it is using before adding the rules. Also try following the screen shot for incoming rules I added, source IP/port left blank (looking at the screen shot you added, you specified a source port, this should be left blank) Also make sure Block WAN Ping is not enabled for IPv6 (I just tested pinging my WAN IPv6 address and when disabled I can ping my WAN IPv6 address, but when enabled I can't ping my WAN IPv6 address so working as it should) A ICMP rule should be only be added for the mail server, then ping the IPv6 address from another IPv6 line like I did
andruec
Posts: 25
Joined: Wed Jan 01, 2014 1:10 pm

Re: NL R2 - Configuring server for IPv6

Post by andruec »

Ah. I think the difference is the source port should be empty. That seems a bit odd though if it means 'any'. I'm going to need multiple rules and I don't want 'any' incoming traffic sending to port 80, only stuff coming in on port 80. Stuff coming in port 25 should go to port 25.
billion_fan
Posts: 5374
Joined: Tue Jul 19, 2011 4:30 pm

Re: NL R2 - Configuring server for IPv6

Post by billion_fan »

andruec wrote:Ah. I think the difference is the source port should be empty. That seems a bit odd though if it means 'any'. I'm going to need multiple rules and I don't want 'any' incoming traffic sending to port 80, only stuff coming in on port 80. Stuff coming in port 25 should go to port 25.
Its only the 'Source IP address/Source Port' that should be set to any, the 'Destination IP address/ Destination Port' should be defined like I did on the screen shot I attached (when a client connects, eg to port 80, the client will not use port 80 as a outgoing port, this is will be random port, hence 'any' as a source port should be set, you should only set the source port to 80 if you are 100% sure the client is using this port as a source port for the outgoing connection to your server (a wireshark capture can confirm this, its more client dependent)
andruec
Posts: 25
Joined: Wed Jan 01, 2014 1:10 pm

Re: NL R2 - Configuring server for IPv6

Post by andruec »

Yeah I was misunderstanding what source/destination meant. I thought they were working like the Virtual Server does. So I thought my rules as posted in that screen shot meant map <any source>:80 to <my server>:80.

Whereas (if I understand you correctly) for incoming filters <source port> is the port that the <source> will use to receive packets, which as you say will be random. I think this is an area where the manual could be a bit more clear as it only says:

"Source Port [port or port:port]: The port or port range defines traffic from the port (specific application) or port in the set port range blocked to go through the router. Default is set port from range 1 – 65535. "

and

"Destination Port [port or port : port]: Traffic with the particular set destination port or port in the set port range is to be blocked from going through the router. Default is set port from port range: 1 – 65535 "

At the very least I think they need to be updated to say "..allow through the router.." instead of "..blocked to go through the router..". It looks like they have just been copied verbatim from the Outgoing chapter.

Anyway thank you very much for help again. Hopefully that should allow me to get everything set up when I get home tonight.
Post Reply