New Contributor
•
5 Messages
ipv6 firewall configuration
Now that dhcpv6-pd seems to work correctly now, I'm on to requesting functionality needed to get things working well!
Static IPs is of course on that list, but it's been beaten to death already.
A more immediate concern, since the dynamic addresses are static enough to get me going for now:
It looks like the ipv6 firewall in the netgear modem prevents incoming TCP connections. That's probably a somewhat sensible default. But I want to allow SSH into my machines and I can configure my own firewall on my router attached to the modem.
However, if I disable the ipv6 firewall, then it's possible to log into the modem remotely. Since the username/password is fixed, that basically means the modem can be controlled with mere knowledge of its IP.
Fortunately, the IPv6 space is pretty sparse so that's actually kind of hard to find. But I'd like to be able to have a bit better control than on/off. I'd be perfectly fine with "firewall logins to the modem's web interface, but leave everything else off". I can protect everything else through my router.
VBSSP-RICH
Advocate
•
1.4K Messages
10 years ago
Hello sailorfrag and welcome,
Comcast is projecting to deliver a dual stack IPV4 and IPV6 on Netgear 3000 in the 12/17/2014 timeframe. This will be to allow customer endpoints, networks, and applications a gradual migration and flexible coexistence strategy. As you know, this is a paramount initiative within the technological industry and Comcast is trying to make it as easy as possible for all of its customers to migrate into the IPV6 spectrum.
Hope this helps you out.
0
Geoff_Adams
Occasional Visitor
•
5 Messages
10 years ago
> Now that dhcpv6-pd seems to work correctly now,
Really? I'd love to hear how it's working for you. (Or the other people who have recently mentioned that it's working now.)
My Netgear cable modem gets a 2601:...:xx00/56 prefix. It will route the first /64 out of that (2601:...:xx00/64) to the LAN interface. So far so good. But even with firmware 1.34.04, I can still only get a single /64 via PD, and it's always 2601:...:xx80/64. That would be a start, but the Netgear doesn't seem to route any packets for the delegated /64 to my router--the very router to which it delegated that prefix. That makes PD pretty useless.
I'm using the Roy Marples dhcpcd, version 6.5.0. I'll be happy to talk about the config with folks, but it seems like something basic is still amiss in the Comcast router.
Am I missing something?
- Geoff
0
0
MaZePallas
Contributor
•
15 Messages
10 years ago
I think what you and I are missing is the right modem firmware version. I think it should be V3.01.04
0
0
Geoff_Adams
Occasional Visitor
•
5 Messages
10 years ago
Correct you are!
My modem just got v 3.01.04 a couple days ago, and now I'm finally able to do prefix delegation. It routed the packets back to my router, and everything!
I suppose the only odd thing remaining is that the cable modem/router only allocates /64 nets out of 2602:xxxx:xxxx:xxf0::/60. I expected it to start at the beginning of 2602:xxxx:xxxx:xx00::/56. (Well, ...xx01::/56, anyway.) But that still leaves me 16 internal networks to work with, which is fine for now.
0
0
NetDog_Tuska
Problem solver
•
90 Messages
10 years ago
I am glad this is working for you.. Please post issues or features that need to be added, and yes a /58 would be better then a /60 I do agree..
0
0