IPv6 ACLs not working

IPv6 ACLs not working

IPv6 ACLs not working
IPv6 ACLs not working
2024-11-04 10:02:34 - last edited 2024-11-06 00:42:54
Model: ER707-M2  
Hardware Version: V1
Firmware Version: 1.2.3

Hi,

 

I want to be able to reach a service on a server through IPv6.

The server is connected to a TL-SG3428MP v4.0 which is connected to an ER707-M2.

 

With no ACL configured I can reach it (and all other services).

I want to limit to exaclty one port and one IPv6.

 

On Gateway ACL Level neither IPv6 Group nor IPv6-Port Group are working. Both are just ignored.

 

On Switch ACL Level I can block the communication / accessibility in general through IPv6, but the Permit IPv6-Port Group Rule (which is before the Deny rule) is not hit. It is going straight to Deny.

It does not matter if I set an IPv6 within the IPv6-Port Group or just a port. It is being ignored.

 

 

  0      
  0      
#1
Options
8 Reply
Re:IPv6 ACLs not working
2024-11-06 00:42:32

Hi @bsz 

Thanks for posting in our business forum.

If you could post screenshots of your config, that'd be helpful.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:IPv6 ACLs not working
2024-11-07 19:00:43 - last edited 2024-11-07 19:02:58

  @Clive_A 

 

Gateway ACL.

I tried to deny Ports and IPs, but traffice goes through, even Permit Rules are disabled.

 

 

Switch ACL.

Deny works, but Permit not

 

 

Permit Rule Port (same for Gateway and Switch)

 

truenas IP = Plex IP 

 

 

  0  
  0  
#3
Options
Re:IPv6 ACLs not working
2024-11-08 03:32:12

Hi @bsz 

bsz wrote

  @Clive_A 

 

Gateway ACL.

I tried to deny Ports and IPs, but traffice goes through, even Permit Rules are disabled.

 

 

 

Switch ACL.

Deny works, but Permit not

 

 

 

Permit Rule Port (same for Gateway and Switch)

 

 

truenas IP = Plex IP 

 

 

Require the following information:

WAN and LAN IPv6 details, screenshots. You can mosaic the last part of your v6 address.

Is it under the Passthrough mode?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options
Re:IPv6 ACLs not working
2024-11-10 07:46:13 - last edited 2024-11-11 16:20:34

  @Clive_A sure!

 

 

LAN 

 

  0  
  0  
#5
Options
Re:IPv6 ACLs not working
3 weeks ago

  Any ideas?

  0  
  0  
#6
Options
Re:IPv6 ACLs not working
3 weeks ago

Hi @bsz 

Thanks for posting in our business forum.

bsz wrote

  Any ideas?

About the TCP allowing rules, #1 and 2, it might not be enough for it. Can you test it with the TCP UDP and ICMP enabled?

I think you should try to ping it to verify if it can work or not from a specific IPv6 device. Be sure this device pings in v6 mode.

 

You are trying to access its web? Or did you use nmap to scan its v6 and TCP ports? If they are open, TCP and v6, it means the ACL is working.

Or what did you test it and concluded it did not work?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#7
Options
Re:IPv6 ACLs not working
3 weeks ago - last edited 3 weeks ago

I did - I use nmap to check a specific port.

Even will all protocols allowed, it is not working.

 

It is just ignoring the allow rules.

The deny rules work.

 

Can you please confirm - just to be very sure - that it really needs to be the Switch ACL and not the Gateway ACL in general.

Sounds somehow odd to me.

 

But even if it should be on Gateway ACL, it is not working either.

  0  
  0  
#8
Options
Re:IPv6 ACLs not working
2 weeks ago

 I will answer myself.

 

I connected an AVM Fritz!Box Fiber and it just working with the port rule on the AVM so it should be definitly on the gateway!

 

@Clive_A can I somewhere fill a bug report? 

  0  
  0  
#9
Options