IPV6 does PING but not web browsing

RouterOS General
1

HI:

I have spent more than a week now and ran out of ideas/try outs.

I have setup ipv6 through tunnel broker. They gave me a /64 address to setup a tunnel (named sit1). I also got /48 to setup local net ip6 addresses. although with the tunnel address with other "range" I got the same behaviour.

I set up everything as suggested. Just with the tunnel I am able to ping6.

When advertising a /64 address the Macs in the local net get their own IP6.

Then, I can ping6, for example ipv6.google.com

However, when I try to access one of my webs that are set up with ipv6, the request arrive to the server, but the browser never get the answear.

Just in case, when I set up the computer (with ipv6 disabled on the router) Chrome allways got ipv6 first and all my webs respond as expected. So, there is no server problem (to discard options).

I should say, also, that I have a zyxel bridge and that the ppoe registration is done from the Mikrotik (951G... just in case this matters). This is done on interface ether1. Local net i on ether2. Tunnel is sit1.

Os version is latest: 3.18.

And the print-outs:

[admin@MikroTik] > /ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local

ADDRESS FROM-POOL INTERFACE ADVERTISE

0 G 2001:470:1f12:87c::2/64 sit1 no
1 G 2001:470:c9fe:1::1/64 ether2 yes
2 DL fe80::d6ca:6dff:feba:20e4/64 ether1 no
3 DL fe80::501d:1d3b/64 sit1 no
4 DL fe80::d6ca:6dff:feba:20e5/64 bridge2 no

[admin@MikroTik] > /ipv6 route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp,
U - unreachable

DST-ADDRESS GATEWAY DISTANCE

0 A S ::/0 2001:470:1f12:87c::1 1
1 ADC 2001:470:1f12:87c::/64 sit1 0
2 ADC 2001:470:c9fe:1::/64 bridge2 0

/ipv6 firewall export

jan/02/1970 22:35:38 by RouterOS 6.13

software id = HUPZ-7XTL

/ipv6 firewall filter
add chain=input comment="Allow established connections" connection-state=established
add chain=input comment="Allow related connections" connection-state=related
add chain=input comment="Router Allow IPv6 ICMP" protocol=icmpv6
add chain=forward comment="Router Allow IPv6 ICMP" protocol=icmpv6
add chain=input comment="Allow UDP" protocol=udp
add action=drop chain=input
add chain=forward comment="Allow any to internet" out-interface=sit1
add chain=forward comment="Allow established connections" connection-state=established
add chain=forward comment="Allow related connections" connection-state=related
add action=drop chain=forward


ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:470:c9fe:1:b18a:3896:4d23:9466 --> 2a00:1450:4003:802::1002
16 bytes from 2a00:1450:4003:802::1002, icmp_seq=0 hlim=52 time=115.285 ms

Any ideas?

Regards