Community discussions

MikroTik App
 
jantypas
newbie
Topic Author
Posts: 35
Joined: Sun May 02, 2010 11:57 pm

Why do I get esetablished IPv6 packets dropped in 7.8

Thu Mar 23, 2023 2:38 pm

Here are the firewall rules:
/ipv6 address
add from-pool=ComcastV6 interface=ether1-COMCAST
add address=2603:3024:11bd:c1a1::1 interface=ether2-LAN
/ipv6 dhcp-client
add add-default-route=yes interface=ether1-COMCAST pool-name=ComcastV6 \
pool-prefix-length=56 rapid-commit=no request=prefix use-peer-dns=no
/ipv6 firewall filter
add action=accept chain=forward protocol=icmpv6
add action=accept chain=input protocol=icmpv6
add action=accept chain=input in-interface=ether2-LAN
add action=accept chain=forward in-interface=ether2-LAN out-interface=\
ether1-COMCAST
add action=accept chain=forward connection-state=\
established,related,untracked headers=:exact in-interface=ether1-COMCAST \
out-interface=ether2-LAN
add action=drop chain=forward log=yes

I would expect to see established trafffic being forwarded, but when I look in the logs, established packets are being picked up by the drop rule at the end.
This is the new Cocmast Business modem that finally appears to correctly support prefix delegation.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: Why do I get esetablished IPv6 packets dropped in 7.8

Thu Mar 23, 2023 3:18 pm

You tinkered with the firewall rules... try the default rules.
Also, there are always some packets that are not matched, e.g. ACK,FIN or RST packets at the end of each TCP session.

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot] and 90 guests