Router: CCR1009-7G-1C (tile)
ROS: 6.42.7
Networks:
192.168.1.0/24 LAN
192.168.2.0/24 Guests
Bridges:
privateBridge - all router ports and wireless users associated with non-guest SSIDs
guestBridge - wireless users associated wtih guest SSIDs
Goal:
All hosts to use the router DNS server. The router DNS server to be the only thing to access Internet DNS servers.
Status:
I have things functioning by doing the following:
The IPV4 DHCP server specifies the gateway address for the DNS server for each network.
The IPV6 network has an EUI64 address of fd00::1/64 for the DNS server for each bridge. This address is advertised using an IPV6 DHCP server, DHCP options, via Neighborhood Discovery. Routes for each bridge (fd00::/64) are dynamically created.
Things work as desired except lately I have started seeing log entries I do not understand. These will suddenly start appearing after a long period of no similar log entries, i.e. a day or two. The log entries are from a default ICMPV6 rule which accepts the packet but logs it. I sometimes see Type 1, code 3 and sometimes type 1, code 4. I know it is telling me that the destination is not reachable but why? An example log entry is below:
05:57:51 firewall,info IPV6 icmp other icmp: in:(unknown 1) out:(unknown 0), proto ICMP (type 1, code 3), fd00::1->fd00::1, len 161
Any explanation and/or what to do to get rid of the problem? Is it really a problem at all?