Orbi WiFi 7 RBE973
Reply

Re: Orbi RKB853 ipv6 firewall

Abeloosf
Aspirant

Orbi RKB853 ipv6 firewall

Hey all,

 

Our iSP recently enabled ipv6, and it's all working. I get ipv6 on WAN, and LAN, but I'm missing some info regarding Firewall and public reachability.

 

As there are no ipv6 filtering or Firewall options for ipv6, can I confirm that the Orbi system block all communication from outside the network be default, and this can not be change in the default firmware?

 

Firmware Version
V4.6.3.16_2.0.51

 

Hence meaning that none of the internal devices on the Orbi network are reachable from the outside via ipv6?

 

 

Thanks!

 

Frederick

Model: RBK53|Orbi AC3000 Tri-band WiFi System
Message 1 of 7
CrimpOn
Guru

Re: Orbi RKB853 ipv6 firewall

What a fascinating question!  Thanks for bringing this up.

 

First, I have no idea what the answer is.

Second, I just now did a test:

  • My Windows 10 computer Firewall is set to allow ICMP (ping) from both the Local LAN and Public networks.
  • Opened a command window (often called a DOS window) and typed ipconfig /all
  • Copied the IPv6 address (preferred)  Why are there so many IPv6 addresses???
  • I disconnected my Android phone from the Orbi to use LTE data.
  • Opened the HE.NET app.
  • Selected Ping from the drop down menu
  • Selected V6
  • Entered the IPv6 address of my Windows 10 computer
  • The app correctly deduced that I am on Spectrum.
  • Got 100% packet loss.

So, my conclusion is that the Orbi Firewall allows connections to be set up from the Orbi LAN, but not to the Orbi LAN from outside.

 

I notice that on the Orbi web interface, Advanced Tab, Advanced Settings Menu, IPv6 there is a radio button at the bottom of the screen that offers a choice of IPv6 Filtering "Secured" or "Open".  Mine is set at the default of Secured.  I changed the setting from Secured to Open and hit Apply.  Repeated the experiment several time and the result is always the same: 100% packet loss.  I notice that the Help information for this screen says nothing about this setting.  (Not much in the way of "Help")

 

There is a really nice article on IPv6 firewall here:

https://arstechnica.com/gadgets/2007/05/ipv6-firewall-mixed-blessing/ 

 

My sense is that Netgear blocks incomming IPv6 connections by default, just as it blocks IPv4 connections.  I do not see any method to forward ports in terms of IPv6.

 

Like I said.... I don't know.

 

 

 

 

Message 2 of 7
Abeloosf
Aspirant

Re: Orbi RKB853 ipv6 firewall

Hey! Thanks!

 

Hmm, I did see other peoplem in other places mentioning the filtering button, but I do not have.

 

What Firmware version are you on? I'm on: V4.6.3.16_2.0.51

 

and my ipv6 config for WAN is DHCP.

 

I've done similar test and conclude the Orbi system must have a hidden ipv6 Firewall enabled I guess.

 

To answer your question on how many ipv6 adresses...

 

2 Global, which are the public ones, one is based on your MAC adress, the other one is generated to have more privacy, and is the one being used on public routing.

Then you have link only for internal network neighbourg devices and one for loopback.

 

 

Message 3 of 7
CrimpOn
Guru

Re: Orbi RKB853 ipv6 firewall

(I fall into this trap all the time...)

 

I have the original (2016) Orbi ac.  Netgear appears to remove settings with each new product. There is never any explanation. Things just disappear.  Must be the case with this IPv6 Secured vs. Open setting.  One would think that eventually there will be a need to allow internet traffic into the LAN.  I searched for IPv6 DDNS and got..... no hits.  With ISP's free to change addresses on subscribers at will I have no idea how one would set up an IPv6 resource that can be followed the way we do with IPv4 DDNS.

 

Thanks for the information about IPv6.

Message 4 of 7
FarmerBob1
Luminary

Re: Orbi RKB853 ipv6 firewall

Prior to and during V3.2.17.12 IPv6 was solid and stable. After the next update i have had nothing but problems with obtaining a WAN connection and if and when I do, it doesn't last long.

 

I verified on my ISP router and it's there and strong. The only difference in the UI setups is that the CL Router has an option to select Stateful or Stateless. It needs to be set at Stateless. Suppoedly the Orbi FW defaults to "Stateless", great that's what's needed. But I notice issues started when the WAN IPv6 Address no long appeared at the top under the first WAN text line as the LAN appears under the LAN. I can't fathom why  change wass necessary.

Message 5 of 7
CrimpOn
Guru

Re: Orbi RKB853 ipv6 firewall

(again displaying ignorance....)

 

What are the symptoms of this IPv6 issue?

Do IPv6 DNS queries no longer resolve?

Can devices no longer connect to IPv6 hosts on the internet?

How would I detect if my Orbi exhibits the same behavior?

 

This post began with a question about whether devices on the LAN were secure from the internet over IPv6, so I'm pretty certain that access into the LAN is not the issue.

Message 6 of 7
Abeloosf
Aspirant

Re: Orbi RKB853 ipv6 firewall

Yeah, I have no issues at all. Even with enabling ipv6, all works great. I even run multiple test servers for work at home. An entire testlab with windows and linux servers. All ok.

 

But just becuase of that I wanted to look at possibilities to make some public over ipv6 instead of ipv4 port forwarding. But no ipv6 firewall at all.

Message 7 of 7
Top Contributors
Discussion stats
  • 6 replies
  • 1569 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi 770 Series