Community discussions

MikroTik App
 
Pirlet
just joined
Topic Author
Posts: 19
Joined: Mon Nov 25, 2013 4:13 pm

IPv6 via non-prefix (address only)

Tue Jan 25, 2022 10:28 pm

So, my provider does not hand out a prefix via DHCP, the only thing I get is a DHCPv6 address from my ISP.

I have a /56 network assigned to me and I get an IPv6 address from that range with default route:
Image
Image

I can also ping to public IPv6 addresses (ie cloudflare) from my Mikrotik so that works.

So now I have created my own IPv6 pool with prefix /64 and prefix length /64 (I don't know what the difference is, I'm being honest here).
That pool is on a different range than the one I get through my DHCPv6 Client.
I set a static IP on my Mikrotik and my client PC is able to ping the Mikrotik and vice versa.

However, the client can not ping to anything on the internet.
I have firewall rules (the basic set as posted before here)

/ipv6 address
add address=::1 from-pool=myPool interface=HomeBridge
/ipv6 dhcp-client
add interface=ether1-WAN request=address
/ipv6 firewall filter
add action=accept chain=input comment="Router - Allow IPv6 ICMP Traffic" protocol=icmpv6
add action=accept chain=forward
add action=accept chain=input comment="Router - Accept established connections" connection-state=established
add action=accept chain=input comment="Router - Accept related connections" connection-state=related
add action=drop chain=input comment="Router - Drop invalid connections" connection-state=invalid
add action=accept chain=input comment="Router- UDP" protocol=udp
add action=accept chain=input comment="Router - From our LAN" in-interface=HomeBridge
add action=log chain=input comment="Router - Log everything else" log-prefix="DROP IP6 INPUT"
add action=drop chain=input comment="Router - Drop everything else"
add action=drop chain=forward comment="Lan - Drop invalid Connections" connection-state=invalid
add action=accept chain=forward comment="LAN - Accept FTP" disabled=yes dst-port=21 in-interface=EDPnet-PPPoE protocol=tcp
add action=accept chain=forward comment="Lan - Accept UDP" protocol=udp
add action=accept chain=forward comment="LAN - Accept ICMPv6 " protocol=icmpv6
add action=accept chain=forward comment="Lan - Accept established Connections" connection-state=established
add action=accept chain=forward comment="Lan - Accept related connections" connection-state=related
add action=accept chain=forward comment="Lan - From our Lan" in-interface=HomeBridge
add action=log chain=forward comment="Lan - Log everything else" disabled=yes log-prefix="Log IPv6"
add action=reject chain=forward comment="LAN - Drop everything else" connection-state=new in-interface=ether1-WAN reject-with=icmp-no-route
/ipv6 nd
set [ find default=yes ] interface=all
But I can not find where the issue lies in where on IPv6 I would look at a mangle rule, but in ipv6 I have no clue where to look further. If anyone can point me into the right direction that would be appreciated.
 
Sob
Forum Guru
Forum Guru
Posts: 8200
Joined: Mon Apr 20, 2009 9:11 pm

Re: IPv6 via non-prefix (address only)

Wed Jan 26, 2022 12:10 am

Can you share what exact info you got from ISP? Mask addresses if you want, but don't overdo it, e.g. if there are some different subnets, it must be possible to tell if they are completely different or if one is part of another, etc.
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
Pirlet
just joined
Topic Author
Posts: 19
Joined: Mon Nov 25, 2013 4:13 pm

Re: IPv6 via non-prefix (address only)

Wed Jan 26, 2022 12:17 am

Can you share what exact info you got from ISP? Mask addresses if you want, but don't overdo it, e.g. if there are some different subnets, it must be possible to tell if they are completely different or if one is part of another, etc.
So my ISP gives me this:
2a02:1811:xxxx:8400::/56

This is what I get on DHCPv6 from the ISP on eth1-WAN: 2a02:1811:xxx:8400::612b/64

This is what I've manually set on my router as IPv6 pool: 2a02:1811:xxx:8480::/64 (prefix length 64)
This is the address I've added on my Bridge 2a02:1811:xxx:8480::1/64
 
Sob
Forum Guru
Forum Guru
Posts: 8200
Joined: Mon Apr 20, 2009 9:11 pm

Re: IPv6 via non-prefix (address only)

Wed Jan 26, 2022 1:30 am

Is router connected directly to ISP, or is there some modem/another router in between?

If it's direct connection, and you have /56, you should get it either from DHCPv6 as whole prefix (not just address), or it can be static config. But if it's the latter, I wouldn't expect DHCPv6 server on WAN providing addresses from this subnet. It's still possible, but then you should get instructions to not use 2a01:1811:xxx:8400::/64 in LAN (you don't so that's ok). And 2a01:1811:xxx:8460::/64 in LAN should work.

If there's another device, then it will be a problem, because it would get this /56, and if it can't delegate it further to you, it won't be possible to use it behind your router. One way to fix it would be if the device can add static routes for IPv6, then you could add one saying that 2a01:1811:xxx:8480::/64 is behind 2a01:1811:xxx:8400::612b. The prefix would also have to be static, because it would break if it changed.
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
Pirlet
just joined
Topic Author
Posts: 19
Joined: Mon Nov 25, 2013 4:13 pm

Re: IPv6 via non-prefix (address only)

Wed Jan 26, 2022 10:19 am

Is router connected directly to ISP, or is there some modem/another router in between?

If it's direct connection, and you have /56, you should get it either from DHCPv6 as whole prefix (not just address), or it can be static config. But if it's the latter, I wouldn't expect DHCPv6 server on WAN providing addresses from this subnet. It's still possible, but then you should get instructions to not use 2a01:1811:xxx:8400::/64 in LAN (you don't so that's ok). And 2a01:1811:xxx:8460::/64 in LAN should work.

If there's another device, then it will be a problem, because it would get this /56, and if it can't delegate it further to you, it won't be possible to use it behind your router. One way to fix it would be if the device can add static routes for IPv6, then you could add one saying that 2a01:1811:xxx:8480::/64 is behind 2a01:1811:xxx:8400::612b. The prefix would also have to be static, because it would break if it changed.
There's a router/modem in between (a CV8650E Telenet modem), which has MAC bridging for IPv6.
I don't think the device is able to add static routes.
 
Sob
Forum Guru
Forum Guru
Posts: 8200
Joined: Mon Apr 20, 2009 9:11 pm

Re: IPv6 via non-prefix (address only)

Thu Jan 27, 2022 2:06 am

Did you see this?

https://www.netweters.be/t5/Instellinge ... td-p/79981

It's a rather long thread, with additional links to others, and there's a lot of talk about IPv6. I didn't read it all, just skimmed through quickly, because I have to rely on machine translation, and it's not very enjoyable. But as I understand it, there should be prefix delegation, so if you configure DHCPv6 client to ask for it, it should get some.
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
Pirlet
just joined
Topic Author
Posts: 19
Joined: Mon Nov 25, 2013 4:13 pm

Re: IPv6 via non-prefix (address only)

Thu Jan 27, 2022 9:55 am

Did you see this?

https://www.netweters.be/t5/Instellinge ... td-p/79981

It's a rather long thread, with additional links to others, and there's a lot of talk about IPv6. I didn't read it all, just skimmed through quickly, because I have to rely on machine translation, and it's not very enjoyable. But as I understand it, there should be prefix delegation, so if you configure DHCPv6 client to ask for it, it should get some.
Hey,

Yeah that's my Go-to thread and I've also posted my question there. Unfortunately I'm unable to use IPv6 as they suggest.
 
Sob
Forum Guru
Forum Guru
Posts: 8200
Joined: Mon Apr 20, 2009 9:11 pm

Re: IPv6 via non-prefix (address only)

Thu Jan 27, 2022 2:59 pm

And can you sum up what's the officially suggested config? It's a long thread...
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.

Who is online

Users browsing this forum: AllexRo, Dmytro911, eenpahlefi, grimelog and 51 guests