You can find the location of the check box in this screenshot: settings to be changed in the rule settings, e.g. I checked the box for HTTP and SSH on my WAN interface. Indeed, “disabling reply-to” worked in my case. Although, he mentions that he cannot explain why that is the case. The author states that checking the disable reply-to checkbox in the corresponding firewall rules of the WAN interface made his IPv6 connections work. I was almost about to give up when I found the following (german) blog article: The firewall rules seemed to be okay.īut what about the route back to my client? Was the default gateway okay? Did IPv6 work from my firewall to the internet?
I could even see SSH connections “pass” through the WAN interface via the firewall log viewer. There are 3 rules: the anti-lockout rule which cannot be removed (it keeps you from locking yourself out of the web administration pages), an allow all IPv4 rule, and an allow all IPv6 rule. But the rules were correctly: They applied to the correct interfaces wich the correct ports and were active. “Hah! Easy fix!” I thought while logging into my firewall’s web interface and trying to find the WAN interface rules. Verbose output of the ssh command showed that the client was trying to access the correct IPv6 address of my firewall, but obviously it did not receive any response. While ssh worked perfectly, ssh -6 failed with a timeout. I’m not sure how long this issue has existed, or if it has always existed, but since I’ve had IPv6 connectivity after a long time of IPv4-only internet, I could definitely feel the consequences.
A few days ago I noticed that I could not use my OPNsense firewall as a SSH jump host to my other servers.
0 kommentar(er)
