[OpenWrt-Devel] Firewall settings must be manually changed for 6to4

Jo-Philipp Wich jo at mein.io
Sun Dec 30 06:40:01 EST 2018


> I recently set up an OpenWrt 18.06.1 router at a place where the ISP
> does not provide native IPv6, but does provide their own 6to4
> tunnelling server. I installed 6to4 and ip-full on the router and
> configured WAN6, but was puzzled as to why IPv6 wasn't working until I
> discovered that the default firewall settings block forwarded traffic.
> Changing "Forward" from "reject" to "accept" under "General Settings"
> resolved the problem.

This is a huge security issue, you should not do that, ever.
You likely need both an ingress rule allowing protocol 41 traffic and
join the wan6 interface to the existing wan zone.

~ Jo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20181230/a97dbb50/attachment.sig>
-------------- next part --------------
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list