La Fibre
Datacenter et équipements réseaux => Routeurs => Remplacer la box SFR par un routeur => Discussion démarrée par: nonosch le 31 mai 2018 à 14:34:30
-
Salut,
j'ai remplacé ma box sfr red (NB6vac) par un Lynksys wrt3200ac sous openwrt
pour l'instant je ne suis intéressé qu'à la partie internet (pas de tel ou de tv)
pour l'ipv4 pas de souci et pour l'ipv6 j'ai suivi ce topic : https://bitsofnetworks.org/utiliser-ipv6-chez-sfr-sans-la-neufbox-fr.html
et celui-ci : https://wiki.openwrt.org/doc/howto/ipv6.softwire
ils ne sont pas récent mais aussi bien en ipv4 qu'en ipv6 j'arrive à env 850 mb/s en down et 190 en upload
en test http://ipv6-test.com/ résultat de 20/20
je suis bloqué par la gestion du firewall, mes compétences ne me permettent pas d'aller plus loin (j'ai cherché quelques heures ou plus mais là je coince)
Mon problème est qu'en ipv6, quand je fais un nmap -6, j’accède directement à mes appareils en ipv6 sans que le trafic ne semble passé par le firewall du routeur
si quelqu'un a une idée ?
/etc/config/network :
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd30:aaxx:xxxx::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ifname 'eth0.1 tap0'
option ip6assign '64'
config interface 'wan'
option ifname 'eth1.2'
option proto 'dhcp'
option hostname 'toto.wrt'
option peerdns '0'
option dns '1.1.1.1 1.0.0.1 9.9.9.9'
option vendorid 'neufbox_xxxxxxxxx-yyyyyyyyy'
config interface '6pe'
option proto 'l2tp'
option server '109.x.xxx.xxx'
option username 'dhcp/yy.yy.yyy.yyy@XXXXXXX'
option password 'XXXXXXXXXXXXXX'
option keepalive '6'
option ipv6 '1'
config interface 'wan6'
option ifname '@6pe'
option proto 'dhcpv6'
option dns '2606:4700:4700::1111 2606:4700:4700::1001 2620:fe::10'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
config interface 'vpn0' #openvpn bridge
option ifname 'tap0'
option proto 'none'
option auto '1'
config route6
option interface 'wan6'
option target '::/0'
option gateway 'fe80::6XX8:eYYf:XXXX:XXXX' # Wrt3200 scope link
option type 'multicast'
/etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option drop_invalid '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 6pe vpn0'
option input 'DROP'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option target 'DROP'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config rule
option name 'Allow-OpenVPN-Inbound'
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '6449'
merci pour votre aide
-
Je ne vois pas l’intérêt d'activer ce type d'IPv6 non natif. Niveau perf ca va être la cata.
-
"iptables -L" pour dump la config bas niveau (openwrt n'est qu'une surcouche de fichiers de configuration).
-
Je ne vois pas l’intérêt d'activer ce type d'IPv6 non natif. Niveau perf ca va être la cata.
en fait je je panser aussi donc je voulais juste le faire pour le fun (débit de 50 en up et down avec la box sfr) mais les test (à ma grande surprise)avec nperf avec les serveurs ipv6 et le wrt3200ac me donne des débits de l'ordre de 800mbit en down et 180 en up ( ce qui est proche de l'ipv4 sur ma ligne)
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* !fw3 */
input_rule all -- anywhere anywhere /* !fw3: Custom input rule chain */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
DROP all -- anywhere anywhere ctstate INVALID /* !fw3 */
syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
zone_lan_input all -- anywhere anywhere /* !fw3 */
zone_wan_input all -- anywhere anywhere /* !fw3 */
zone_wan_input all -- anywhere anywhere /* !fw3 */
zone_wan_input all -- anywhere anywhere /* !fw3 */
Chain FORWARD (policy DROP)
target prot opt source destination
forwarding_rule all -- anywhere anywhere /* !fw3: Custom forwarding rule chain */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
DROP all -- anywhere anywhere ctstate INVALID /* !fw3 */
zone_lan_forward all -- anywhere anywhere /* !fw3 */
zone_wan_forward all -- anywhere anywhere /* !fw3 */
zone_wan_forward all -- anywhere anywhere /* !fw3 */
zone_wan_forward all -- anywhere anywhere /* !fw3 */
reject all -- anywhere anywhere /* !fw3 */
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* !fw3 */
output_rule all -- anywhere anywhere /* !fw3: Custom output rule chain */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
DROP all -- anywhere anywhere ctstate INVALID /* !fw3 */
zone_lan_output all -- anywhere anywhere /* !fw3 */
zone_wan_output all -- anywhere anywhere /* !fw3 */
zone_wan_output all -- anywhere anywhere /* !fw3 */
zone_wan_output all -- anywhere anywhere /* !fw3 */
Chain MINIUPNPD (2 references)
target prot opt source destination
Chain forwarding_lan_rule (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
Chain forwarding_wan_rule (1 references)
target prot opt source destination
Chain input_lan_rule (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan_rule (1 references)
target prot opt source destination
Chain output_lan_rule (1 references)
target prot opt source destination
Chain output_rule (1 references)
target prot opt source destination
Chain output_wan_rule (1 references)
target prot opt source destination
Chain reject (4 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere /* !fw3 */ reject-with tcp-reset
REJECT all -- anywhere anywhere /* !fw3 */ reject-with icmp-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
DROP all -- anywhere anywhere /* !fw3 */
Chain zone_lan_dest_ACCEPT (5 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* !fw3 */
Chain zone_lan_forward (1 references)
target prot opt source destination
forwarding_lan_rule all -- anywhere anywhere /* !fw3: Custom lan forwarding rule chain */
zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: Zone lan to wan forwarding policy */
ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
Chain zone_lan_input (1 references)
target prot opt source destination
input_lan_rule all -- anywhere anywhere /* !fw3: Custom lan input rule chain */
ACCEPT igmp -- anywhere anywhere /* !fw3: ubus:igmpproxy[instance1] rule 2 */
ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
zone_lan_src_ACCEPT all -- anywhere anywhere /* !fw3 */
Chain zone_lan_output (1 references)
target prot opt source destination
output_lan_rule all -- anywhere anywhere /* !fw3: Custom lan output rule chain */
zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
Chain zone_lan_src_ACCEPT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* !fw3 */
Chain zone_wan_dest_ACCEPT (2 references)
target prot opt source destination
DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT all -- anywhere anywhere /* !fw3 */
DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT all -- anywhere anywhere /* !fw3 */
DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT all -- anywhere anywhere /* !fw3 */
Chain zone_wan_dest_REJECT (1 references)
target prot opt source destination
reject all -- anywhere anywhere /* !fw3 */
reject all -- anywhere anywhere /* !fw3 */
reject all -- anywhere anywhere /* !fw3 */
Chain zone_wan_forward (3 references)
target prot opt source destination
forwarding_wan_rule all -- anywhere anywhere /* !fw3: Custom wan forwarding rule chain */
zone_lan_dest_ACCEPT udp -- anywhere base-address.mcast.net/4 /* !fw3: ubus:igmpproxy[instance1] rule 1 */
zone_lan_dest_ACCEPT esp -- anywhere anywhere /* !fw3: Allow-IPSec-ESP */
zone_lan_dest_ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* !fw3: Allow-ISAKMP */
ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
MINIUPNPD all -- anywhere anywhere
MINIUPNPD all -- anywhere anywhere
zone_wan_dest_REJECT all -- anywhere anywhere /* !fw3 */
Chain zone_wan_input (3 references)
target prot opt source destination
input_wan_rule all -- anywhere anywhere /* !fw3: Custom wan input rule chain */
ACCEPT igmp -- anywhere anywhere /* !fw3: ubus:igmpproxy[instance1] rule 0 */
ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
DROP icmp -- anywhere anywhere icmp echo-request /* !fw3: Allow-Ping */
ACCEPT igmp -- anywhere anywhere /* !fw3: Allow-IGMP */
ACCEPT udp -- anywhere anywhere udp dpt:64449 /* !fw3: Allow-OpenVPN-Inbound */
ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
zone_wan_src_DROP all -- anywhere anywhere /* !fw3 */
Chain zone_wan_output (3 references)
target prot opt source destination
output_wan_rule all -- anywhere anywhere /* !fw3: Custom wan output rule chain */
zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
Chain zone_wan_src_DROP (1 references)
target prot opt source destination
DROP all -- anywhere anywhere /* !fw3 */
DROP all -- anywhere anywhere /* !fw3 */
DROP all -- anywhere anywhere /* !fw3 */
-
et
ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere /* !fw3 */
input_rule all anywhere anywhere /* !fw3: Custom input rule chain */
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
DROP all anywhere anywhere ctstate INVALID /* !fw3 */
syn_flood tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
zone_lan_input all anywhere anywhere /* !fw3 */
zone_wan_input all anywhere anywhere /* !fw3 */
zone_wan_input all anywhere anywhere /* !fw3 */
zone_wan_input all anywhere anywhere /* !fw3 */
Chain FORWARD (policy DROP)
target prot opt source destination
forwarding_rule all anywhere anywhere /* !fw3: Custom forwarding rule chain */
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
DROP all anywhere anywhere ctstate INVALID /* !fw3 */
zone_lan_forward all anywhere anywhere /* !fw3 */
zone_wan_forward all anywhere anywhere /* !fw3 */
zone_wan_forward all anywhere anywhere /* !fw3 */
zone_wan_forward all anywhere anywhere /* !fw3 */
reject all anywhere anywhere /* !fw3 */
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere /* !fw3 */
output_rule all anywhere anywhere /* !fw3: Custom output rule chain */
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
DROP all anywhere anywhere ctstate INVALID /* !fw3 */
zone_lan_output all anywhere anywhere /* !fw3 */
zone_wan_output all anywhere anywhere /* !fw3 */
zone_wan_output all anywhere anywhere /* !fw3 */
zone_wan_output all anywhere anywhere /* !fw3 */
Chain MINIUPNPD (2 references)
target prot opt source destination
Chain forwarding_lan_rule (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
Chain forwarding_wan_rule (1 references)
target prot opt source destination
Chain input_lan_rule (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan_rule (1 references)
target prot opt source destination
Chain output_lan_rule (1 references)
target prot opt source destination
Chain output_rule (1 references)
target prot opt source destination
Chain output_wan_rule (1 references)
target prot opt source destination
Chain reject (4 references)
target prot opt source destination
REJECT tcp anywhere anywhere /* !fw3 */ reject-with tcp-reset
REJECT all anywhere anywhere /* !fw3 */ reject-with icmp6-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
DROP all anywhere anywhere /* !fw3 */
Chain zone_lan_dest_ACCEPT (4 references)
target prot opt source destination
ACCEPT all anywhere anywhere /* !fw3 */
Chain zone_lan_forward (1 references)
target prot opt source destination
forwarding_lan_rule all anywhere anywhere /* !fw3: Custom lan forwarding rule chain */
zone_wan_dest_ACCEPT all anywhere anywhere /* !fw3: Zone lan to wan forwarding policy */
zone_lan_dest_ACCEPT all anywhere anywhere /* !fw3 */
Chain zone_lan_input (1 references)
target prot opt source destination
input_lan_rule all anywhere anywhere /* !fw3: Custom lan input rule chain */
zone_lan_src_ACCEPT all anywhere anywhere /* !fw3 */
Chain zone_lan_output (1 references)
target prot opt source destination
output_lan_rule all anywhere anywhere /* !fw3: Custom lan output rule chain */
zone_lan_dest_ACCEPT all anywhere anywhere /* !fw3 */
Chain zone_lan_src_ACCEPT (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere /* !fw3 */
Chain zone_wan_dest_ACCEPT (2 references)
target prot opt source destination
DROP all anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT all anywhere anywhere /* !fw3 */
DROP all anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT all anywhere anywhere /* !fw3 */
DROP all anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT all anywhere anywhere /* !fw3 */
Chain zone_wan_dest_REJECT (1 references)
target prot opt source destination
reject all anywhere anywhere /* !fw3 */
reject all anywhere anywhere /* !fw3 */
reject all anywhere anywhere /* !fw3 */
Chain zone_wan_forward (3 references)
target prot opt source destination
forwarding_wan_rule all anywhere anywhere /* !fw3: Custom wan forwarding rule chain */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Forward */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-reply limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Forward */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Forward */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Forward */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Forward */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp bad-header limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Forward */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp unknown-header-type limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Forward */
zone_lan_dest_ACCEPT esp anywhere anywhere /* !fw3: Allow-IPSec-ESP */
zone_lan_dest_ACCEPT udp anywhere anywhere udp dpt:isakmp /* !fw3: Allow-ISAKMP */
MINIUPNPD all anywhere anywhere
MINIUPNPD all anywhere anywhere
zone_wan_dest_REJECT all anywhere anywhere /* !fw3 */
Chain zone_wan_input (3 references)
target prot opt source destination
input_wan_rule all anywhere anywhere /* !fw3: Custom wan input rule chain */
DROP ipv6-icmp anywhere anywhere ipv6-icmp echo-request /* !fw3: Allow-Ping */
ACCEPT udp fc00::/6 fc00::/6 udp dpt:dhcpv6-client /* !fw3: Allow-DHCPv6 */
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 130 code 0 /* !fw3: Allow-MLD */
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 131 code 0 /* !fw3: Allow-MLD */
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 132 code 0 /* !fw3: Allow-MLD */
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 143 code 0 /* !fw3: Allow-MLD */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-reply limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp bad-header limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp unknown-header-type limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-advertisement limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-advertisement limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
ACCEPT udp anywhere anywhere udp dpt:64449 /* !fw3: Allow-OpenVPN-Inbound */
zone_wan_src_DROP all anywhere anywhere /* !fw3 */
Chain zone_wan_output (3 references)
target prot opt source destination
output_wan_rule all anywhere anywhere /* !fw3: Custom wan output rule chain */
zone_wan_dest_ACCEPT all anywhere anywhere /* !fw3 */
Chain zone_wan_src_DROP (1 references)
target prot opt source destination
DROP all anywhere anywhere /* !fw3 */
DROP all anywhere anywhere /* !fw3 */
DROP all anywhere anywhere /* !fw3 */
-
t'es certain qu'IPv6 est full open avec cette config?
tu peux tester avec un PC ici: https://ipv6.chappell-family.com/ipv6tcptest/
-
Bien entendu(http://)
j'ai testé 2 autres sites pour être tout à fait sûr
avec un pc sous debian 9
-
on parle bien de ca:
Mon problème est qu'en ipv6, quand je fais un nmap -6, j’accède directement à mes appareils en ipv6 sans que le trafic ne semble passé par le firewall du routeur
donc de la conf firewall.
la tu link 3 screens qu'on rien a voir avec cela.
-
Il est vrai que j'ai fait une belle digression suite au fait de savoir si le tunnel est bien en full ipv6
-
Ok, j'ai changé de méthode et me suisd ocummenté un peu plus sur nmpap, le firewall etc etc
j'ai fait un scan depuis 1 pc chez mopi vers la box nvidia et affectivement le résultat n'est pas le même...
le firewall a l'air bien en place et le ping depuis l'extérieur et le peu de port ouvert que j'ai trouvé dpuis l'extérieur viennent des régles type Allow-ISAKMP
bref tout roule.......
problème entre la chaise et le clavier en fait...