D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-645 => Topic started by: go6henk on July 16, 2012, 10:49:24 AM
-
I have a DIR-645 but i cannot get the ipv6 firwall running, when defining a rule no ipv6 traphic goes pass the firewall not to or from the internet.
maybe someone has an example?? how to configure ipv6 ranges
-
Your firewall should look like the below pic.
This will block everthing comming in, but allow everthing going out. Very much acts like SPI.
Let me know if that works out for you.
(http://i1144.photobucket.com/albums/o485/pmsmith533/6-24-20129-21-26AM.jpg)
-
Unfortunately this does not work i am getting the following error
"the source and destination address cannot be the same"
eg; source lan range 2a01:: protocol all (also tried tcp)
dest wan range :: ports 1 to 65535
also no success
-
(http://www.hjbw-sterken.nl/images/schermafdruk1.png)
-
(http://agent.hjbw-sterken.nl/images/schermafdruk2.png)
-
Hmm,
This firewall looks different then mine, I have a different router but so far all of the IPV6 stuff is the same across the series.
Do you have the latest firmware?
Have you tried "::" in all 4 spots. On my firmware you specify the range in 1 box, in yours you use 2 boxes. Does it error when you try all 4?
-
Hi together,
I guess this firewall version wants to have IPv6 ranges in the form <start address> to <end address> instead of using prefixes of the form <address>/<length> or "::" as placeholder for all addresses.
In addition you must use protocol=any because besides TCP you also want allow UDP and ICMPv6 to go out.
So I propose the following settings:
Name: "out all"
Schedule: "Always"
Source:
Interface: "LAN"
IP Address Range: 0:0:0:0:0:0:0:0 (:: should work either)
-
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Protocol: "any"
Destination:
Interface: "WAN"
IP Address Range: 0:0:0:0:0:0:0:0 (:: should work either)
-
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Port Range doesn't matter and can't be changed, when Protocol=any
Hope it works.
PT
-
Hi together,
I guess this firewall version wants to have IPv6 ranges in the form <start address> to <end address> instead of using prefixes of the form <address>/<length> or "::" as placeholder for all addresses.
In addition you must use protocol=any because besides TCP you also want allow UDP and ICMPv6 to go out.
So I propose the following settings:
Name: "out all"
Schedule: "Always"
Source:
Interface: "LAN"
IP Address Range: 0:0:0:0:0:0:0:0 (:: should work either)
-
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Protocol: "any"
Destination:
Interface: "WAN"
IP Address Range: 0:0:0:0:0:0:0:0 (:: should work either)
-
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Port Range doesn't matter and can't be changed, when Protocol=any
Hope it works.
PT
Thank you Sir! Every time these questions come up I wish you were in my time zone, or continent.
Bis bald
Patrick
-
Unfortunately nothing works, i think i have to wait until the next firmware upgrade.
thaks anyway for being helpful
-
Maybe someone can review your router settings with you using Link> teamviewer (http://www.teamviewer.com) if your interested. Its safe and secure.