• January 14, 2025, 02:54:32 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 ... 4 5 [6]

Author Topic: IPv6 Firewall?  (Read 79787 times)

os_expert

  • Level 1 Member
  • *
  • Posts: 5
Re: IPv6 Firewall?
« Reply #75 on: February 19, 2013, 02:33:08 PM »

I have DIR-652 rev. B1 and it has IPv6 firewall (and all ports are gigabit, incl. wan)

Here is gui:

IPv6 SIMPLE SECURITY
Enable IPv6 Simple Security:    [checkbox]

IPv6 FIREWALL
Configure IPv6 Firewall below: [dropdown]
Turn IPv6 Firewall OFF
Turn IPv6 Firewall ON and ALLOW rules listed
Turn IPv6 Firewall ON and DENY rules listed

Remaining number of firewall rules that can be configured:
(max 20 rules)

No idea what "IPv6 Simple Security" means thou, and no idea what it means if I enable simple security AND select "Turn IPv6 Firewall ON and ALLOW rules listed". Will turning on the firewall will invalidate simple security, OR will they work together and be more secure than if just enabling "Turn IPv6 Firewall ON and ALLOW rules listed"? The manual says nothing about the details, so who knows...
« Last Edit: February 19, 2013, 02:34:56 PM by os_expert »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: IPv6 Firewall?
« Reply #76 on: February 19, 2013, 02:35:48 PM »

Link>Welcome!
Where did you get his router from?

Link>What Firmware version is currently loaded? Found on routers web page under status.
What region are you located?

Can you post a screen capture of this by chance?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

os_expert

  • Level 1 Member
  • *
  • Posts: 5
Re: IPv6 Firewall?
« Reply #77 on: February 19, 2013, 03:02:39 PM »

Link>Welcome!
Where did you get his router from?

Link>What Firmware version is currently loaded? Found on routers web page under status.
What region are you located?

Can you post a screen capture of this by chance?

I got it from D-Link United Kingdom (RMA of my DIR-652 rev. A1, got B1 back).
It has firmware 2.00.
My region is EU.
Firewall screen looks exactly like here (DIR-857):
http://www.foxnetwork.ru/index.php/en/component/content/article/124-d-link-dir-857.html
and here (DHP-1565):
http://www.dlink.com/us/en/home-solutions/connect/routers/-/media/Consumer_Products/DHP/DHP%201565/Manual/DHP1565manrevA1euv100.pdf

DIR-652 A1 did not have ipv6 firewall at all, so it was a nice upgrade:-)
The only annoying is they removed WISH from B1 (it existed in A1). Not that I ever used it, but don't like stuff being removed.
Logged

os_expert

  • Level 1 Member
  • *
  • Posts: 5
Re: IPv6 Firewall?
« Reply #78 on: February 19, 2013, 03:14:15 PM »

Haha, WISH is actually present, it's just not visible\selectable in GUI, but if I enter http://192.168.0.1/adv_wish.asp I get there. A GUI bug?

Also weird things in the manual DIR-652_B1_Manual_v2.01(EU).pdf:
-WISH is visible in screenshots but is not mentioned anywhere.
-IPv6 firewall is visible in screenshots, but screenshot is wrong: it only show IPV6 FIREWALL RULES, not IPv6 SIMPLE SECURITY, so this screenshot must be from an unreleased version.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: IPv6 Firewall?
« Reply #79 on: February 19, 2013, 03:23:54 PM »

Hmm, must be some special build they did over there as other 825 U.S. and some EU Rev B units do not have IPv6 Firewall included and there was a limited run on Rev C I believe that came out with IPv6 Firewall. Rev Bs had a certain limited memory so I presume the reason they removed WISH was to make room for the IPv6 Firewall programming.

The UI might be hidden or they wanted to hid it since they probably have removed the WISH code from the FW so even if you attempt to enable it from the hidden menu, WISH might not work at all.  ::)

I recommend contact DLink support and ask them if there is going to be any other FW for this unit has the most current FW version on the UK web site is:
2.05EUB09   Firmware    06/01/2012

Your FW seems special and the version is not matching to what is listed on the web site. Make sure there is future support for it if needed. The could present problems in the future should one attempt to load FW code thats on the current web site. That could blow away what you have since I presume those versions do not included the IPv6 firewall programming.

Most older gen Xtreme Rev A class routers did not support IPv6, at least here in the U.S.

The screen shots and that PDF are probably for what is currently released on the market for EU Rev B routers. Again, IPv6 Firewall was not an option on Rev B models up to this point. I presume that you have a special build of FW they did for some reason.

Well, good for you. Hope it works out well for you.

Enjoy.
« Last Edit: February 19, 2013, 03:26:32 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

os_expert

  • Level 1 Member
  • *
  • Posts: 5
Re: IPv6 Firewall?
« Reply #80 on: February 19, 2013, 03:48:38 PM »

I think you are confused, I have DIR-652 rev. B1, not DIR-825:-)
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: IPv6 Firewall?
« Reply #81 on: February 19, 2013, 03:51:16 PM »

Ah I read it as you sent in a DIR-652 and got back a 825 since you posted here in the 825 forum. LOL. OK, my bad.  ::)

Still don't see any Rev B 2.xx FW on the UK web site. I presume they would post it sooner or later. I do see v2.00b40 listed on the TSD web site so thats probably what this has loaded. Dated 2012/10/18

I presume that the hidden WISH still stands though, had to make room for IPv6 Firewall.  :-\

Well hope it works well for you.
« Last Edit: February 19, 2013, 03:55:08 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

os_expert

  • Level 1 Member
  • *
  • Posts: 5
Re: IPv6 Firewall?
« Reply #82 on: February 19, 2013, 03:56:52 PM »

In a post someone was asking for any d-link gigabit router with ipv6 firewall and thought I could help, but I see the confusion now:-P
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: IPv6 Firewall?
« Reply #83 on: February 19, 2013, 03:58:28 PM »

Sorry about that. I get stuck in a one track mind sometimes.

You might also post this over on the DIR-655 forum as well. Would be helpful and thank you for sharing.
All info is appreciated.

 ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441
Re: IPv6 Firewall?
« Reply #84 on: February 20, 2013, 02:21:30 PM »

Quote
Here is gui:

IPv6 SIMPLE SECURITY
Enable IPv6 Simple Security:    [checkbox]

IPv6 FIREWALL
Configure IPv6 Firewall below: [dropdown]
Turn IPv6 Firewall OFF
Turn IPv6 Firewall ON and ALLOW rules listed
Turn IPv6 Firewall ON and DENY rules listed

Remaining number of firewall rules that can be configured:
(max 20 rules)

No idea what "IPv6 Simple Security" means thou, and no idea what it means if I enable simple security AND select "Turn IPv6 Firewall ON and ALLOW rules listed". Will turning on the firewall will invalidate simple security, OR will they work together and be more secure than if just enabling "Turn IPv6 Firewall ON and ALLOW rules listed"? The manual says nothing about the details, so who knows...

I am not sure about this but I guess that IPv6 SIMPLE SECURITY is D-Link's implementation of RFC6092 ("Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service").

So if you enable IPv6 simple security and leave the IPv6 firewall off, you should have a stateful filtering behaviour as described in RFC6092 which tries to establish the same degree of a default security as users are used to with IPv4 behind a NAT-Box where NAT isn't available with IPv6.

RFC6092, chapter 2:

Quote
   Prior to the widespread availability of IPv6 Internet service, homes
   and small offices often used private IPv4 network address realms
   [RFC1918] with Network Address Translation (NAT) functions deployed
   to present all the hosts on the interior network as a single host to
   the Internet service provider.  The stateful packet filtering
   behavior of NAT set user expectations that persist today with
   residential IPv6 service.  "Local Network Protection for IPv6"
   [RFC4864] recommends applying stateful packet filtering at
   residential IPv6 gateways that conforms to the user expectations
   already in place.

RFC6092, chapter 2.3:

Quote
   The general operating principle is that transport layer traffic is
   not forwarded into the interior network of a residential IPv6 gateway
   unless it has been solicited explicitly by interior transport
   endpoints, e.g., by matching the reverse path for previously
   forwarded outbound traffic, or by matching configured exceptions set
   by the network administrator.  All other traffic is expected to be
   discarded or rejected with an ICMPv6 error message to indicate the
   traffic is administratively prohibited.

In contrast if you disable simple IPv6 security and turn IPv6 firewall on, there are no default rules as predefined with simple security according to RFC6092. Instead you have to define the rules of your own.
 
For example if you activate "Turn IPv6 Firewall ON and ALLOW rules listed" all inbound and outbound traffic is completely blocked. In this situation you have to define at least one rule that allows outgoing traffic of any kind (which implicitely allows inbound response traffic due to the firewall's stateful inspection feature).

In this respect "Enable IPv6 Simple Security" and "Turn IPv6 Firewall ON ..." should exclude each other.

PacketTracer
« Last Edit: February 20, 2013, 02:45:20 PM by PacketTracer »
Logged
Pages: 1 ... 4 5 [6]