Although I do not have the IPV6 package installed (or to better put it I have it disabled) my cell phone when connected to the WiFi gets an IPV6 address from the ISP. Is there a way to block the phone from receiving one ? My ISP also offers me an IPV4 address and would like to use that one only . On the modem side the area where I can choose between IPV4 or IPV4/IPV6 is grayed out and both are displayed .
Are you “talking” to yourself?
Only you know the details and you talk to yourself, who wins among you?
You don’t provide any useful information, such as device used, routeros version, etc.
Nope, on Android for example only a rooted phone can be change only to use IPv4 I’ve read somewhere.
Otherwise, if an IPv6 is available it will gladly receive on.
Don’t know for iOS but I guess the same.
On APN’s you can control it better and and use IPv4 only. I used that also on my Android.
Cell phone is a Xiaomi 9T pro , router OS is 6.48.2 on a RB751G-2HnD. What else do you need ?
On APN’s you can control it better and and use IPv4 only. I used that also on my Android.
Thank you jvanhambelgium . I run a VPN between 2 locations and use location’s (A) IPV4 from/for location (B) as well, but like you said as the provider in location (B) offers IPV6 and Android devices prefer the IPV6 over IPV4 .
Where the following information are written on the first post?
You thought it and you said it to yourself?
If it is not the smartphone that instaurates the VPN connection, but
if it is the RouterBOARD that instaurates the VPN connection,
enable the IPv6 packet on the RouterBOARD, reboot, and on the /ipv6 firewall filter add a rule to drop all on forward chain
You thought it and you said it to yourself?
I am sure that are better ways to phrase the above…
As I don’t understand the grammar of this : "If is not the smartphone than instaurate the VPN connection, but is the RouterBOARD, "
Do you mean : "if it’s not the smartphone (I assume, the problem?), then instaurate the VPN connection (disable and then enable?), and then enable on RouterBoard IPv6 packet, reboot, and on /ipv6 firewall filter add a rule to drop all on forward chain " ?
No.
Ah, is something missing? I probably just thought and told myself …
What I mean is clear, “it” & “the” or not.
If it is not the smartphone that instaurates the VPN connection, but
if it is the RouterBOARD that instaurates the VPN connection,
enable the IPv6 packet on the RouterBOARD, reboot, and on the /ipv6 firewall filter add a rule to drop all on forward chain
chain=forward action=drop connection-state=established,related log=no log-prefix=“”
is this above correct ?
I do not see any “connection-state” (or “log-prefix”) on what I wrote, did you imagine it with yourself?
/ipv6 firewall filter
add chain=forward action=drop
tried this first :
/ipv6 firewall filter
add chain=forward action=drop
and didn’t see any counters (they are at 0) . From my android phone an IPV6 check still comes positive .
if this other rules do not drop all IPv6 traffic on the smartphone,
the IPv6 traffic directed to the phone can’t be blocked from routerboard.
Paste this on terminal
/ipv6 firewall raw
add chain=prerouting action=drop
add chain=output action=drop
/ipv6 firewall filter
remove [find]
add chain=input action=drop
add chain=forward action=drop
add chain=output action=drop
Your phone is connected to the Wifi of the ISP modem, so its received indeed (also) a IPv6 and will go out to Internet via the ISP-device right ?
This IPv6 traffic is not passing through your Routerboard I guess, it would not be possible anyway since the IPv6 package is disabled. So you will not see anything in the “connection” table on the Mikrotik.
Please make a simple schematic WHAT IS CONNECTED WHERE because your post is very confusing to say the least, especially with the “VPN” on top of this all.
On what basis do you write such a thing?
Disabling the IPv6 packet does not disable IPv6 traffic passing through the RouterBOARD.
Has just set and used a rule, and the package is disabled?
This rule :
/ipv6 firewall raw
add chain=prerouting action=drop
Did return counters but none of the others, so probably IPV6 like you said cannot be blocked towards the phone . I appreciate the input ! ! !
Ah did not know that. I was under the impression that if you disable your IPv6 package there would not be any IPv6 communications possible through the router.
I have a RB3011 here with the IPv6 package installed but disabled and also under IPv6/Settings unchecked “IPv6 forwarding”. I think its safe to say no IPv6 should/would be allowed to “passthrough” ? Because that would be a serious security issue ?!
Apart from all the postings, all is still very confusing, especially when the phone receives an IP directly from the ISP apparently in my understanding.
A simple schematic would help.
For disable IPv6 traffic, also you can paste last set of firewall rule I posted.
But if you disable IPv6 packet, how can you access to “IPv6 forwarding” settings?
At this point, if IPv6 are not dropped, disable IPv6 package and reboot.
In my case I might have explained it incorrect. My RB3011 has the IPV6 package installed & enabled.
IPv6/Settings => IPv6 “forwarding” is not ticked , so I assume no IPv6 packets could get through my RB3011 (not from the outside>in, not from the inside>out)
How about we start with a config from that device?
And a network diagram.
The IPv6 forward simply enable or disable the automatic forwarding of packet between internal lan/ vlan, etc.
Can be used to separate internal networks without the use of firewall rules.
BUT it still permit the IPv6 traffic from WAN to the LANs