Reply

ipv6 firewall on X8

Waahmbo
Star

ipv6 firewall on X8

I made a couple of feature requests via Netgear support:

1. support for 6in4 tunnels

2. an IPv6 firewall

 

The response I got was that they have no plans for 6in4 support (which is no biggie, I've been able to fake it rather well with he.net tunnels using 6rd).

 

The second response was puzzling - they told me there was an IPv6 firewall - I've been unable to find it.  On my old A* router, there was a section where you simply gave the IPv6 address and port number(s) that you wanted to allow through.

 

I tested this on the netgear router by making sure that a port was blocked to the IPv4 address of an internal machine (ie, no port forwarded, and turned off UPnP), and then trying to access the same service and port from a remote location using IPv6, and was able to without issue.

 

Once you give your machines public IPv6 addresses, they are on the public internet, there is no NAT involved.

 

So, is there an interface to the IPv6 firewall via the ssh interface?

Will there be a WRT or Kong mod for the X8?   Where do I find the open source if I want to give it a shot myself?

 

Thanks

Message 1 of 9
ElaineM
NETGEAR Employee Retired

Re: ipv6 firewall on X8

@Waahmbo Let me inquire this and will give you an update as soon as I have a response.

Though, can't give you answer regarding 3rd party software.

ElaineM
NETGEAR Community Team
Message 2 of 9
ElaineM
NETGEAR Employee Retired

Re: ipv6 firewall on X8

@Waahmbo Kindly check your inbox.

ElaineM
NETGEAR Community Team
Message 3 of 9
marekp
Aspirant

Re: ipv6 firewall on X8

I'm also interested in the response for the same reason.

Message 4 of 9
ElaineM
NETGEAR Employee Retired

Re: ipv6 firewall on X8

@marekp Kindly check your inbox.

 

ElaineM
NETGEAR Community Team
Message 5 of 9
Purduecoz
Aspirant

Re: ipv6 firewall on X8

I'm interested in the same response for the same reasons as well.  Thanks.

Message 6 of 9
Waahmbo
Star

Re: ipv6 firewall on X8

Most current release firmware available (V1.0.2.26_1.0.41) has ipv6 firewalled.

 

In fact it is firewalled so well, that all ports are stealth blocked TCP/UDP.

There is no way to open a port for IPv6, and currently even an ipv6 traceroute can only be done if you force ICMP packets.

So, it's ok if you're not running services, but if you want a service availble via IPv6, this is a no-go.

 

There is a Kong build now available for the R8500 on myopenrouter, but I haven't tried it out yet.

Message 7 of 9
fenix787
Initiate

Re: ipv6 firewall on X8

Honestly didn't expect a $400 router to have a firewall that wasn't user configurable. Now if I want to access any services on my network I have to delete the AAAA record because it defaults to ipv6 if supported. This is a HUGE problem and needs to be addressed ASAP. Its not like this is some cheap $5 router.

Message 8 of 9
Waahmbo
Star

Re: ipv6 firewall on X8

So I tried Kong DD-WRT build at http://myopenrouter.com/download/dd-wrt-kong-mod-netgear-r8500-3-6-2016 .  While does have more robust ipv6 support, it too has no ipv6 port opening; I didn't bother to check if ipv6 was firewalled.

 

The only thing I've found that does is the ASUS models.

Model: R8500|Nighthawk X8 Tri-Band AC5300 WiFi Router
Message 9 of 9
Top Contributors
Discussion stats
  • 8 replies
  • 3662 views
  • 2 kudos
  • 5 in conversation
Announcements

Orbi WiFi 6E