Bonjour,
Je viens vers vous car je suis bloqué sur la partie Ipv6 ce qui tombe bien c'est l'objet de ce post
J'ai un Edgerouter3 en version (Currently running EdgeOSv2.0.8-hotfix.1), un switch Cisco SG350 devant qui applique la QOS pour V4 et V6, pour la partie IPV4 tout est fonctionnel.
Pour info je suis parti d'un hard reset de l'edgerouter.
Pour la partie V4 comme V6 je suis en firewalling par zone et dans un premier temps et afin d'écarter cette partie, j'aimerai que vous me confirmiez que je n'ai pas fait d'erreur.
Mon interface Wan est sur Eth1 (1.832) et dans le Lan sur l'Eth0 vlan 10.
Je vous remercie pour vos retours.
Voici un extrait de ma conf:
set firewall ipv6-name local-to-lan-6 default-action drop
set firewall ipv6-name local-to-lan-6 rule 10 action accept
set firewall ipv6-name local-to-lan-6 rule 10 description 'Accept established'
set firewall ipv6-name local-to-lan-6 rule 10 log disable
set firewall ipv6-name local-to-lan-6 rule 10 state established enable
set firewall ipv6-name local-to-lan-6 rule 10 state related enable
set firewall ipv6-name local-to-lan-6 rule 20 action drop
set firewall ipv6-name local-to-lan-6 rule 20 description 'Drop invalid'
set firewall ipv6-name local-to-lan-6 rule 20 log enable
set firewall ipv6-name local-to-lan-6 rule 20 state invalid enable
set firewall ipv6-name local-to-lan-6 rule 30 action accept
set firewall ipv6-name local-to-lan-6 rule 30 description 'Accept all'
set firewall ipv6-name local-to-lan-6 rule 30 log disable
set firewall ipv6-name local-to-lan-6 rule 30 protocol all
set firewall ipv6-name local-to-wan-6 default-action drop
set firewall ipv6-name local-to-wan-6 rule 10 action accept
set firewall ipv6-name local-to-wan-6 rule 10 description 'Accept established'
set firewall ipv6-name local-to-wan-6 rule 10 log disable
set firewall ipv6-name local-to-wan-6 rule 10 state established enable
set firewall ipv6-name local-to-wan-6 rule 10 state related enable
set firewall ipv6-name local-to-wan-6 rule 20 action drop
set firewall ipv6-name local-to-wan-6 rule 20 description 'Drop invalid'
set firewall ipv6-name local-to-wan-6 rule 20 log enable
set firewall ipv6-name local-to-wan-6 rule 20 state invalid enable
set firewall ipv6-name local-to-wan-6 rule 30 action accept
set firewall ipv6-name local-to-wan-6 rule 30 description 'Accept all'
set firewall ipv6-name local-to-wan-6 rule 30 log disable
set firewall ipv6-name local-to-wan-6 rule 30 protocol all
set firewall ipv6-name wan-to-lan-6 default-action drop
set firewall ipv6-name wan-to-lan-6 rule 10 action accept
set firewall ipv6-name wan-to-lan-6 rule 10 description 'Accept established'
set firewall ipv6-name wan-to-lan-6 rule 10 log disable
set firewall ipv6-name wan-to-lan-6 rule 10 state established enable
set firewall ipv6-name wan-to-lan-6 rule 10 state related enable
set firewall ipv6-name wan-to-lan-6 rule 20 action accept
set firewall ipv6-name wan-to-lan-6 rule 20 description 'allow ICMPv6'
set firewall ipv6-name wan-to-lan-6 rule 20 protocol ipv6-icmp
set firewall ipv6-name wan-to-lan-6 rule 30 action drop
set firewall ipv6-name wan-to-lan-6 rule 30 description 'Drop invalid'
set firewall ipv6-name wan-to-lan-6 rule 30 log enable
set firewall ipv6-name wan-to-lan-6 rule 30 state
set firewall ipv6-name wan-to-local-6 default-action drop
set firewall ipv6-name wan-to-local-6 rule 10 action accept
set firewall ipv6-name wan-to-local-6 rule 10 description 'Accept established'
set firewall ipv6-name wan-to-local-6 rule 10 log disable
set firewall ipv6-name wan-to-local-6 rule 10 state established enable
set firewall ipv6-name wan-to-local-6 rule 10 state related enable
set firewall ipv6-name wan-to-local-6 rule 20 action drop
set firewall ipv6-name wan-to-local-6 rule 20 description 'Drop invalid'
set firewall ipv6-name wan-to-local-6 rule 20 log enable
set firewall ipv6-name wan-to-local-6 rule 20 state invalid enable
set firewall ipv6-name wan-to-local-6 rule 30 action accept
set firewall ipv6-name wan-to-local-6 rule 30 description 'allow ICMPv6'
set firewall ipv6-name wan-to-local-6 rule 30 log enable
set firewall ipv6-name wan-to-local-6 rule 30 protocol ipv6-icmp
set firewall ipv6-name wan-to-local-6 rule 40 action accept
set firewall ipv6-name wan-to-local-6 rule 40 description 'allow DHCPv6 client/server'
set firewall ipv6-name wan-to-local-6 rule 40 destination port 547
set firewall ipv6-name wan-to-local-6 rule 40 log enable
set firewall ipv6-name wan-to-local-6 rule 40 protocol udp
set firewall ipv6-name wan-to-local-6 rule 40 source port 546
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set zone-policy zone lan default-action drop
set zone-policy zone lan from local firewall ipv6-name local-to-lan-6
set zone-policy zone lan from local firewall name local-to-lan
set zone-policy zone lan from wan firewall ipv6-name wan-to-lan-6
set zone-policy zone lan from wan firewall name wan-to-lan
set zone-policy zone lan interface eth0
set zone-policy zone lan interface eth0.10
set zone-policy zone lan interface l2tp+
set zone-policy zone local default-action drop
set zone-policy zone local from lan firewall ipv6-name lan-to-local-6
set zone-policy zone local from lan firewall name lan-to-local
set zone-policy zone local from wan firewall ipv6-name wan-to-local-6
set zone-policy zone local from wan firewall name wan-to-local
set zone-policy zone local local-zone
set zone-policy zone wan default-action drop
set zone-policy zone wan from lan firewall ipv6-name lan-to-wan-6
set zone-policy zone wan from lan firewall name lan-to-wan
set zone-policy zone wan from local firewall ipv6-name local-to-wan-6
set zone-policy zone wan from local firewall name local-to-wan
set zone-policy zone wan interface eth1
set zone-policy zone wan interface eth1.832