Initially, I thought that these issues were user issues, however after testing to understand what the problem is, I think it is related to ROS6b2 as they are reliably reproducable.
All configuration has been done through WinBox.
I am running a RB751-2HnD and have implimented a he.net tunnelbroker IPv6 tunnel. The tunnel is configured and working well.
I then set up input firewall and forward firewall rules:
- Forward Allow ICMPv6
- Input Allow ICMPv6
- Forward Allow Related Connections
- Input Allow Established Connections
- Forward Drop other incoming IPv6 Packets on the 6to4 interface
- Input Drop other incoming IPv6 Packets on the 6to4 interface
Using http://test-ipv6.com/ as the benchmark for the follwing tests:
Test 1: General IPv6 connectivity
If I disable all of these 8 rules, then IPV6 from inside the LAN works perfectly (As expected!)
If I then enable only the two drop rules, then IPV6 from inside the lan stops working (Again, as expected).
(this is where it gets more confusing):
Test 2: Starting with the two block rules enabled:
If I enable the remaining 6 rules (i.e. the allow rules), the IPV6 does not work.
If I disable the 2 block rules, the IPv6 works perfectly again!
Test 3: Starting with all rules disabled:
If I enable ALL 8 rules at the same time, IPv6 does not work (it seems that the block rules go from red to black before some of the allow rules).
If I enable the 6 Allow Rules, wait for them to change from red to black, then enable the 2 block rules, IPv6 Works Perfectly.
I hope that we can find a solution for this.
Thanks very much
Ian