[pfSense] IPv6 Router Advertisement DNS
Hi, I'm running IPv6 on my LAN interface and I'm experiencing some weird IPv6 Router advertisement issues. When I look at at Router Advertisement Daemon configuration, only the prefix and the DNS domain should be sent: # Automatically Generated, do not edit # Generated config for dhcp6 delegation from wan on lan interface em0 { AdvSendAdvert on; MinRtrAdvInterval 3; MaxRtrAdvInterval 10; AdvLinkMTU 1500; AdvOtherConfigFlag on; prefix 2a02:168:9800::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr on; }; DNSSL lan.dogan.ch { } Unfortunately, a Windows 7 client configures the pfsense address as the DNS server (sorry, it's in German): Ethernet-Adapter LAN-Verbindung: Verbindungsspezifisches DNS-Suffix: home Beschreibung. . . . . . . . . . . : vmxnet3 Ethernet Adapter Physikalische Adresse . . . . . . : 00-0C-29-F9-24-1F DHCP aktiviert. . . . . . . . . . : Nein Autokonfiguration aktiviert . . . : Ja IPv6-Adresse. . . . . . . . . . . : :xxx::0:7dec:f195:8510:8892(Bevorzugt) Temporäre IPv6-Adresse. . . . . . : :xxx::0:3045:c28a:e709:8662(Bevorzugt) Verbindungslokale IPv6-Adresse . : fe80::7dec:f195:8510:8892%11(Bevorzugt) IPv4-Adresse . . . . . . . . . . : 192.168.42.180(Bevorzugt) Subnetzmaske . . . . . . . . . . : 255.255.255.0 Standardgateway . . . . . . . . . : fe80::1:1%11 192.168.42.1 DHCPv6-IAID . . . . . . . . . . . : 234884137 DHCPv6-Client-DUID. . . . . . . . : xx-xx-xx-xx-xx-xx-CC-69-00-0C-29-F9-24-1F DNS-Server . . . . . . . . . . . : :xxx::0:20c:29ff:fe87:1d76 192.168.42.178 192.168.42.158 NetBIOS über TCP/IP . . . . . . . : Aktiviert Suchliste für verbindungsspezifische DNS-Suffixe: home And the router advirtesement package looks fine so far: 10:47:55.267792 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 88) fe80::1:1 ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 88 hop limit 64, Flags [other stateful], pref medium, router lifetime 30s, reachable time 0s, retrans time 0s prefix info option (3), length 32 (4): :xxx:::/64, Flags [onlink, auto, router], valid time 86400s, pref. time 14400s 0x: 40e0 0001 5180 3840 0x0010: dnssl option (31), length 24 (3): lifetime 10s, domain(s): lan.dogan.ch. 0x: 000a 036c 616e 0564 6f67 616e 0x0010: 0263 6800 mtu option (5), length 8 (1): 1500 0x: 05dc source link-address option (1), length 8 (1): 00:0c:29:87:1d:76 0x: 000c 2987 1d76 I'm wondering now, why the pfsense router address is set as a DNS server, while there is no DNS forwarder or DNS resolver running there. I've also noticed, that if I specify IPv6 DNS server addresses for pfsense, they are set in the radv.conf, but the client (Windows 7 and Android 5.1.1) are trying to use the default gateway as a DNS server. Well, I think this behaviour isn't right and probably there is something wrong here. Ihsan -- ih...@dogan.ch http://blog.dogan.ch/ ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Documentation about Firewall Lookup Process, State Table, Firewall Rules Table
On 06/03/2015 09:47 AM, Espen Johansen wrote: Don't double post please. Looks like his other post was stuck in the moderation queue and approved, I'd have killed it but I didn't notice he'd already managed to get it through to the list. Hello everybody, Is there any documentation about: * the process how pfSense firewall handles packets (lookup in firewall rules, lookup in state table, add new state, ...) e.g. a flow chart * how the firewall rules are beeing (data structure) * how the connection states are beeing (data structure) Any hints are greatly appreciated! While not that low level (which as others have stated could be found in PF docs from FreeBSD and/or OpenBSD, plus the source), this should also be of interest: https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order Jim ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Documentation about Firewall Lookup Process, State Table, Firewall Rules Table
Hello everybody, Is there any documentation about: * the process how pfSense firewall handles packets (lookup in firewall rules, lookup in state table, add new state, ...) e.g. a flow chart * how the firewall rules are beeing (data structure) * how the connection states are beeing (data structure) Any hints are greatly appreciated! KR, Lukas ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Documentation about Firewall Lookup Process, State Table, Firewall Rules Table
Don't double post please. Brgds, Espen 3. juni 2015 15:00 skrev Lukas Hubschmid lukas.hubsch...@pop.agri.ch: Hello everybody, Is there any documentation about: * the process how pfSense firewall handles packets (lookup in firewall rules, lookup in state table, add new state, ...) e.g. a flow chart * how the firewall rules are beeing (data structure) * how the connection states are beeing (data structure) Any hints are greatly appreciated! KR, Lukas ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Documentation about Firewall Lookup Process, State Table, Firewall Rules Table
Pfsense is based on openbsds PF (PacketFilter) and runs freebsd as base OS. That should give you enough to google how it works. Also remeber that this is opensource and everything is freely available. The source code tells you everything there is to know ;-) Good luck :-) ons. 3. juni 2015, 14:33 skrev Lukas Hubschmid (s) lukas.hubsch...@students.fhnw.ch: Hello everybody, Is there any documentation about: * the process how pfSense firewall handles packets (lookup in firewall rules, lookup in state table, add new state, ...) e.g. a flow chart * how the firewall rules are beeing (data structure) * how the connection states are beeing (data structure) Any hints are greatly appreciated! KR, Lukas ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Documentation about Firewall Lookup Process, State Table, Firewall Rules Table
Thank you both very much for the given hints, I will look into them! Sorry for the double post (I first used the wrong mail address). KR, Lukas Am 03.06.2015 um 15:51 schrieb Jim Pingle: On 06/03/2015 09:47 AM, Espen Johansen wrote: Don't double post please. Looks like his other post was stuck in the moderation queue and approved, I'd have killed it but I didn't notice he'd already managed to get it through to the list. Hello everybody, Is there any documentation about: * the process how pfSense firewall handles packets (lookup in firewall rules, lookup in state table, add new state, ...) e.g. a flow chart * how the firewall rules are beeing (data structure) * how the connection states are beeing (data structure) Any hints are greatly appreciated! While not that low level (which as others have stated could be found in PF docs from FreeBSD and/or OpenBSD, plus the source), this should also be of interest: https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order Jim ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold