IP6 was working, but now my network clients are no longer receiving IP6 addresses / DNS server info from DHCP. I've compared my config to others posted, but can't see anything wrong.
Any help would be greatly appreciated!!!
v1.8.5 on POE5
eth0 = WAN (comcast)
eth1 = LAN
dave@router:~$ show configuration
firewall {
all-ping enable
broadcast-ping disable
group {
}
ipv6-name WANv6_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "icmpv6 destination-unreachable"
icmpv6 {
type destination-unreachable
}
protocol ipv6-icmp
}
rule 40 {
action accept
description "icmpv6 packet-too-big"
icmpv6 {
type packet-too-big
}
protocol ipv6-icmp
}
rule 50 {
action accept
description "icmpv6 time-exceeded"
icmpv6 {
type time-exceeded
}
protocol ipv6-icmp
}
rule 60 {
action accept
description "icmpv6 parameter-problem"
icmpv6 {
type parameter-problem
}
protocol ipv6-icmp
}
rule 70 {
action accept
description "icmpv6 echo-request"
icmpv6 {
type echo-request
}
protocol ipv6-icmp
}
}
ipv6-name WANv6_LOCAL {
default-action drop
description "WAN to local"
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "Allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to local"
rule 10 {
action accept
description "Allow established/related"
log disable
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
log disable
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow L2TP"
destination {
port 500,1701,4500
}
log disable
protocol udp
}
rule 40 {
action accept
description "Allow ESP"
log disable
protocol esp
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
aging 300
bridged-conntrack disable
description Bridge
disable
hello-time 2
max-age 20
priority 32768
promiscuous enable
stp true
}
ethernet eth0 {
address dhcp
description "WAN Internet"
dhcpv6-pd {
pd 0 {
interface eth1 {
host-address ::1
prefix-id :1
service slaac
}
prefix-length 60
}
rapid-commit enable
}
duplex auto
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
}
poe {
output off
}
speed auto
}
ethernet eth1 {
address 10.0.1.1/24
description LAN
duplex auto
poe {
output off
}
speed auto
}
ethernet eth2 {
duplex auto
poe {
output off
}
speed auto
}
ethernet eth3 {
duplex auto
poe {
output off
}
speed auto
}
ethernet eth4 {
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth1
rule 1 {
description Websites
forward-to {
address 10.0.1.3
port 80
}
original-port 80
protocol tcp_udp
}
rule 2 {
description "Web Share"
forward-to {
address 10.0.1.3
port 8000
}
original-port 8000
protocol tcp_udp
}
rule 3 {
description "Profile Mgr"
forward-to {
address 10.0.1.3
port 443
}
original-port 443
protocol tcp_udp
}
rule 4 {
description Base
forward-to {
address 10.0.1.3
port 1640
}
original-port 1640
protocol tcp_udp
}
wan-interface eth0
}
protocols {
igmp-proxy {
disable
}
static {
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative disable
subnet 10.0.1.0/24 {
default-router 10.0.1.1
dns-server 10.0.1.3
dns-server 10.0.1.4
domain-name ficken.private
lease 86400
start 10.0.1.38 {
stop 10.0.1.243
}
static-mapping HP8500A {
ip-address 10.0.1.8
mac-address 2c:27:d7:9d:04:93
}
static-mapping HPC300 {
ip-address 10.0.1.9
mac-address 68:b5:99:53:b8:14
}
static-mapping LAN-Switch {
ip-address 10.0.1.2
mac-address 80:2a:a8:1e:95:9f
}
static-mapping Pioneer_Elite_VSX-31 {
ip-address 10.0.1.18
mac-address 00:E0:36:D1:84:25
}
static-mapping Yamaha_BluRay_BD-S673 {
ip-address 10.0.1.16
mac-address 00:A0:DE:6E:8B:C6
}
static-mapping Yamaha_Receiver_RX-A320 {
ip-address 10.0.1.15
mac-address 00:A0:DE:91:DB:9D
}
static-mapping ap-bar {
ip-address 10.0.1.10
mac-address 44:d9:e7:f2:08:75
}
static-mapping ap-family {
ip-address 10.0.1.11
mac-address 44:d9:e7:f2:08:79
}
static-mapping ap-guest {
ip-address 10.0.1.12
mac-address 44:d9:e7:f2:08:50
}
static-mapping ap-lauren {
ip-address 10.0.1.14
mac-address 80:2a:a8:50:e5:7a
}
static-mapping ap-master {
ip-address 10.0.1.13
mac-address 80:2a:a8:50:e2:0f
}
unifi-controller 10.0.1.4
}
}
}
dns {
dynamic {
interface eth0 {
service afraid {
host-name my.domain.org
login myuserid
password ****************
server freedns.afraid.org
}
web dyndns
}
}
forwarding {
cache-size 300
listen-on eth1
}
}
gui {
http-port 80
https-port 443
listen-address 10.0.1.1
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
log disable
outbound-interface eth0
protocol all
source {
group {
}
}
type masquerade
}
}
snmp {
community public {
authorization ro
}
contact "My Name"
location "My Address"
}
ssh {
listen-address 10.0.1.1
port 22
protocol-version v2
}
upnp2 {
listen-on eth1
nat-pmp enable
secure-mode enable
wan eth0
}
}
system {
conntrack {
expect-table-size 2048
hash-size 32768
table-size 262144
timeout {
icmp 30
other 600
tcp {
close 10
close-wait 60
established 432000
fin-wait 120
last-ack 30
syn-recv 60
syn-sent 120
time-wait 120
}
}
}
domain-name network.private
host-name routername
login {
user dave {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name Dave
level admin
}
}
name-server 10.0.1.3
name-server 10.0.1.4
name-server 75.75.75.75
name-server 75.75.76.76
name-server 2001:558:feed::1
name-server 2001:558:feed::2
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/Chicago
traffic-analysis {
dpi enable
export enable
}
}
vpn {
}dave@router:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
br0 - A/D Bridge
eth0 24.14.240.237/20 u/u WAN Internet
2001:558:6033:c5:65ba:2768:fd42:11ef/128
eth1 10.0.1.1/24 u/u LAN
2601:243:d02:7e61::1/64
eth2 - u/D
eth3 - u/D
eth4 - u/D
lo 127.0.0.1/8 u/u
::1/128
switch0 - u/u dave@router:~$ show ipv6 route
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, B - BGP
Timers: Uptime
IP Route Table for VRF "default"
K ::/0 [0/1024] via fe80::201:5cff:fe75:c46, eth0, 00:24:19
C ::1/128 via ::, lo, 29w3d22h
C 2001:558:6033:c5:65ba:2768:fd42:11ef/128 via ::, eth0, 00:24:20
C 2601:243:d02:7e61::/64 via ::, eth1, 00:24:20
C fe80::/64 via ::, eth4, 29w3d22hdave@router:~$ show ipv6 neighbors fe80::201:5cff:fe75:c46 dev eth0 lladdr 00:01:5c:75:0c:46 router REACHABLE fe80::618:d6ff:fec3:b3e5 dev eth1 lladdr 04:18:d6:c3:b3:e5 router STALE
dave@router:~$ show firewall -------------------------------------------------------------------------------- IPv4 Firewall "WAN_IN": Active on (eth0,IN) rule action proto packets bytes ---- ------ ----- ------- ----- 10 accept all 5831 1375901 condition - state RELATED,ESTABLISHED 20 drop all 0 0 condition - state INVALID 10000 drop all 0 0 -------------------------------------------------------------------------------- IPv4 Firewall "WAN_LOCAL": Active on (eth0,LOCAL) rule action proto packets bytes ---- ------ ----- ------- ----- 10 accept all 197 22936 condition - state RELATED,ESTABLISHED 20 drop all 65 7002 condition - state INVALID 30 accept udp 0 0 condition - dports isakmp,l2f,4500 40 accept esp 0 0 10000 drop all 381 42123 -------------------------------------------------------------------------------- IPv6 Firewall "WANv6_IN": Active on (eth0,IN) rule action proto packets bytes ---- ------ ----- ------- ----- 10 accept all 0 0 condition - state RELATED,ESTABLISHED 20 drop all 0 0 condition - state INVALID 30 accept ipv6-icmp 0 0 condition - ipv6-icmp destination-unreachable 40 accept ipv6-icmp 0 0 condition - ipv6-icmp packet-too-big 50 accept ipv6-icmp 0 0 condition - ipv6-icmp time-exceeded 60 accept ipv6-icmp 0 0 condition - ipv6-icmp parameter-problem 70 accept ipv6-icmp 0 0 condition - ipv6-icmp echo-request 10000 drop all 0 0 -------------------------------------------------------------------------------- IPv6 Firewall "WANv6_LOCAL": Active on (eth0,LOCAL) rule action proto packets bytes ---- ------ ----- ------- ----- 10 accept all 14 2347 condition - state RELATED,ESTABLISHED 20 drop all 0 0 condition - state INVALID 30 accept ipv6-icmp 481 88056 40 accept udp 3 649 condition - udp spt:dhcpv6-server dpt:dhcpv6-client 10000 drop all 0 0
I'm also getting the following pending event log messages when I reboot the router
dave@router:~$ show log tail Jul 25 17:28:48 router dhcpd: Jul 25 17:28:52 router wlb: intf-proto Config is locked (60 pending events in queue) Jul 25 17:28:57 router wlb: intf-proto Config is locked (60 pending events in queue) Jul 25 17:28:58 router miniupnpd[2156]: could not open lease file: /var/log/upnp.leases Jul 25 17:28:58 router miniupnpd[2156]: HTTP listening on port 37067 Jul 25 17:28:58 router miniupnpd[2156]: Listening for NAT-PMP/PCP traffic on port 5351 Jul 25 17:29:02 router wlb: intf-proto Config is locked (60 pending events in queue) Jul 25 17:29:07 router wlb: intf-proto Config is locked (60 pending events in queue)