Menu
What's new
By:
Filters Better Search

ASUS WRT - Merlin - IPv6

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

S

SteveM

Occasional Visitor
Hi.

I've been playing with IPv6.

My Mac OS has an IPv6 assigned with the correct prefix.

However, from the public internet I can ping6 that address and get a reply.

Is this normal behaviour - In that the router is replying for everything that has an IPv6 address prefixed correctly?

Or is traffic being routed from the public internet directly to the Mac OS device? If this is so, how do I protect devices internal to the network from the public network?
 
Last edited:
You can start with disabling IPv6 if you don’t need IPv6.
 
What router and firmware are you using, specifically?

How are you testing 'from the public internet'?

Is the reply from your Mac, or from the router?

How did you set up your router? Did you import an old backup config file? Or, did you minimally and manually configure the router to secure it and connect to your ISP?

What options, features, and scripts are you using past the defaults?
 
SteveM said:
Or is traffic being routed from the public internet directly to the Mac OS device? If this is so, how do I protect devices internal to the network from the public network?
Click to expand...
IPv6 traffic is routed (not NATed) therefore it will be your Mac that is responding to the ping. ICMPv6 Echo Requests are a requirement of the IPv6 protocol and should not be blocked by the router. That does not mean however that other unsolicited traffic will reach your clients as that will be blocked by the router's firewall (in addition to your clients' own firewall rules).
 
Last edited:
Ping must not be blocked by the firewall with IPv6, this is stated in an RFC about which ICMP should be allowed by an IPv6 firewall.
 
sfx2000 said:
That is not really an answer is it?
Click to expand...
Well, that member is pretty anti-v6 when it comes to SOHO users and the routers discussed within these fora. They and I have crossed virtual swords on this for a while now.

They're possibly correct, but I resent and reject the gatekeeper-ishness.
 
sfx2000 said:
That is not really an answer is it?
Click to expand...

This is exact answer when you play with settings on an RGB marketing device which had exposed to Internet IPv6 connected clients not long ago. It was discovered by accident by a forum member, confirmed by a developer and perhaps relayed upstream and I was the only one to post a warning in corresponding Asuswrt release thread. How many users playing with settings worldwide were exposed is unknown. And because we are on an Asus fans forum it was swept under the carpet quickly as not a big deal. Just saying... your style. At least 3 of the people who liked your comment had no clue.

So playing with settings on this device - only if you can check what the result is. Otherwise - default Disabled.

heysoundude said:
that member is pretty anti-v6 when it comes to SOHO users
Click to expand...

See why above. Your HE won't help. I would trust more GL.iNet device than Asus. At least I know @sfx2000 has some involvement there.
 
To clarify a few points:

Router is RT-AX58U
Firmware: 388.2_2 (Merlin)

Tested ping from public internet - Receives a Ping response from an Amazon AWS EC2 instance.

I'm unsure where the ping response come from - But further information on this thread suggests it's from the Mac.

Router is comprehensively and securely set up from an IPv4 perspective and effectively have been that way for many years.. IPv6 settings are:

Connection Type : Native
Interface : PPP
DHCP - PD : Yes
Accept Default Route : Yes
Release Prefix on Exit : Yes
IPv6 LAN : Stateless
Connect to IPv6 DNS Automatically : Yes
Enable Router Advertisement : Yes

I will continue on the basis that there is a good reason Ping Requests are being answered and I will investigate further regarding being able to connect to specific ports.
 
Last edited:
Investigations complete - Ports are not routed to the Mac from the public internet.

The Mac is answering the pings (Setting Firewall Stealth Mode on the Mac prevents the ping being answered)
 
Last edited:
You must log in or register to reply here.

Similar threads

V
IPv6 Passthrough failure on USB WAN
Replies
4
Views
1K
Analog-1
A
K
Have global ipv6 address but unable to access internet over ipv6
2 3
Replies
45
Views
3K
Fishwithadeagle
F
onthego41
FYI: Merlin update 3004.388.8_2 wiped my MAC
Replies
3
Views
768
Ryansr
Ryansr
B
IPv6 and NextDNS Configuration Assistance Request
Replies
19
Views
838
easyriider
easyriider
M
IPv6 and Router Advertisement adding route to delegated /56 via WAN interface
Replies
2
Views
835
ZebMcKayhan
Z
Similar threads
Thread starter Title Forum Replies Date
T ASUS WRT-Merlin for 3.0.0.6.xxx on Asus GT-AX6000? Asuswrt-Merlin 3
D Asus XT8 HW1 & HW2 Asus-wrt Merlin GNUton Asuswrt-Merlin 8
L Can an original 2022 Asus Wrt be safe? Asuswrt-Merlin 25
M 802.1q VLAN tagging menu missing for WAN interface (Asus RT-AX86U Pro) Asuswrt-Merlin 4
N WiFi issues with latest version 388.8_2 on ASUS RT-AX88U Asuswrt-Merlin 7
B Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14 Asuswrt-Merlin 1
E Wireguard can't access devices behind asus router Asuswrt-Merlin 5
H Asus RT-AX58U v2 Merlin: Route all traffic to Pi-hole (running directly on router itself) Asuswrt-Merlin 12
J ASUS GT-AXE16000 CPU usage with VPN on lan machine Asuswrt-Merlin 25
K How to block LAN access for a wired device on ASUS Merlin (Firmware 3004.388.8_2)? Asuswrt-Merlin 12

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 712 (members: 25, guests: 687)
Top