Hello Kix,
glad you got this working.
Could you please share your config?
Google brought me here and I expect a few of us would benefit from your solution.
Thanks
1 Like
The solution was to keep the default settings in OpenWrt and ask the ISP to fix IPv6 
I have been trying for a few weeks to get my stock 21.02 OpenWRT onto a Dual Stack WAN
They had me plug in windows 10 and run a few tests, which worked and washed their hand of the issue.
So my OpenWRT gets an IP but never connects to the internet.
This is a cable provider with a bridged mode fritzbox so I get a WAN IP.
What would you suggest I do to highlight the issue with IPv6?
I already generated a tcpdump file from debian 11, is there an easy way to do this in openwrt?
You can install the tcpdump-mini or (larger, full-featured) tcpdump package using opkg inside OpenWrt.
Do I understand correctly that you are saying the router does receive a single publicly routed IPv6 address but doesn't receive a prefix to be delegated to the local network?
I do not know enough to say right now, consistently I see a WAN IP but have no access to the internet. I will do the tcpdump as above and share the sanitized results here if it helps.
I plan to power on the modem while tcpdump is running on the WAN interface of the openwrt so all the DHCP negotiations are captured.
Would this help?
Yes, that should help.
From you post I understand that even IPv4 isn't working for Internet access in your case, right? The WAN IP you mentioned, you mean IPv4 or IPv6?
I meant IPv4 but I also saw IPv6 addresses.
Is there a better way to share the pcap?
https://paste.debian.net/1221024/
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 21.02.1, r16325-88151b8303
-----------------------------------------------------
root@OpenWrt:~# tcpdump -i eth1 -w modem_start_dump
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
tcpdump: pcap_loop: The interface went down
15 packets captured
15 packets received by filter
0 packets dropped by kernel
root@OpenWrt:~# tcpdump -i eth1 -w modem_start_dump
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
tcpdump: pcap_loop: The interface went down
16 packets captured
16 packets received by filter
0 packets dropped by kernel
root@OpenWrt:~# tcpdump -i eth1 -w modem_on_dump
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
^C1585 packets captured
1589 packets received by filter
0 packets dropped by kernel
root@OpenWrt:~# ping6 google.com
ping6: bad address 'google.com'
root@OpenWrt:~# ping6 bbc.co.uk
ping6: bad address 'bbc.co.uk'
root@OpenWrt:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP group default qlen 1000
link/ether 00:1f:d0:a5:50:f8 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0e:c6:8e:15:89 brd ff:ff:ff:ff:ff:ff
inet6 2a10:4440:100:0:20e:c6ff:fe8e:1589/64 scope global dynamic noprefixroute
valid_lft 2591998sec preferred_lft 604798sec
inet6 2a10:4440:100::a4e/128 scope global dynamic noprefixroute
valid_lft 86213sec preferred_lft 64613sec
inet6 fe80::20e:c6ff:fe8e:1589/64 scope link
valid_lft forever preferred_lft forever
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:1f:d0:a5:50:f8 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 2a10:4440:fff:73c0::1/60 scope global dynamic noprefixroute
valid_lft 86213sec preferred_lft 64613sec
inet6 fd40:ea29:df3d::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::21f:d0ff:fea5:50f8/64 scope link
valid_lft forever preferred_lft forever
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd40:ea29:df3d::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth1'
option proto 'dhcpv6'
root@OpenWrt:~#
Typically wan is a dhcp client or pppoe and wan6 is the dhcp6 client. Reset the router back to defaults to get them both working.
Assume my WAN IP is: 212.135.1.254 (it is static) so I changed it everywhere.
Capture: https://paste.debian.net/1221033/
root@OpenWrt:~# tcpdump -i eth1 -w dumpwan_IPv4_Modem
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
^C2956 packets captured
2960 packets received by filter
0 packets dropped by kernel
root@OpenWrt:~# ping google.com
ping: bad address 'google.com'
root@OpenWrt:~# ping -6 bbc.co.uk
ping: bad address 'bbc.co.uk'
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd40:ea29:df3d::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
root@OpenWrt:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP group default qlen 1000
link/ether 00:1f:d0:a5:50:f8 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0e:c6:8e:15:89 brd ff:ff:ff:ff:ff:ff
inet 212.135.1.254/25 brd 212.135.1.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20e:c6ff:fe8e:1589/64 scope link
valid_lft forever preferred_lft forever
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:1f:d0:a5:50:f8 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 fd40:ea29:df3d::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::21f:d0ff:fea5:50f8/64 scope link
valid_lft forever preferred_lft forever
root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 212.135.1.129 0.0.0.0 UG 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 br-lan
212.135.1.128 * 255.255.255.128 U 0 0 0 eth1
root@OpenWrt:~# ping bbc.co.uk
ping: bad address 'bbc.co.uk'
root@OpenWrt:~#
Run this:
uci set network.wan6=interface
uci set network.wan6.device='eth1'
uci set network.wan6.proto='dhcpv6'
uci set network.wan6.reqaddress='try'
uci set network.wan6.reqprefix='auto'
uci del firewall.wan.network
uci add_list firewall.wan.network='wan'
uci add_list firewall.wan.network='wan6'
uci commit network
uci commit firewall
ifup wan6
I got an error, should I reboot and run this again?
root@OpenWrt:~# uci set network.wan6=interface
root@OpenWrt:~# uci set network.wan6.device='eth1'
root@OpenWrt:~# uci set network.wan6.proto='dhcpv6'
root@OpenWrt:~# uci set network.wan6.reqaddress='try'
root@OpenWrt:~# uci set network.wan6.reqprefix='auto'
root@OpenWrt:~# uci del firewall.wan.network
uci: Entry not found
root@OpenWrt:~# uci add_list firewall.wan.network='wan'
uci: Invalid argument
root@OpenWrt:~# uci add_list firewall.wan.network='wan6'
uci: Invalid argument
root@OpenWrt:~# uci commit network
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# ifup wan6
root@OpenWrt:~#
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
root@OpenWrt:~#
Not sure why it is not working, you can add it from Luci if you prefer.
I rebooted and the message after the ping changed. The Firewall rule was not found for deletion.
BusyBox v1.33.1 (2021-10-24 09:01:35 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 21.02.1, r16325-88151b8303
-----------------------------------------------------
root@OpenWrt:~#
root@OpenWrt:~# uci del firewall.wan.network
uci: Entry not found
root@OpenWrt:~# ping google.com
PING google.com (2a00:1450:4001:82a::200e): 56 data bytes
^C
--- google.com ping statistics ---
60 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP group default qlen 1000
link/ether 00:1f:d0:a5:50:f8 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0e:c6:8e:15:89 brd ff:ff:ff:ff:ff:ff
inet 212.135.1.254/25 brd 212.135.1.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 2a10:4440:100:0:20e:c6ff:fe8e:1589/64 scope global dynamic noprefixroute
valid_lft 2591994sec preferred_lft 604794sec
inet6 2a10:4440:100::a5b/128 scope global dynamic noprefixroute
valid_lft 86300sec preferred_lft 64700sec
inet6 fe80::20e:c6ff:fe8e:1589/64 scope link
valid_lft forever preferred_lft forever
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:1f:d0:a5:50:f8 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 2a10:4440:fff:5430::1/60 scope global dynamic noprefixroute
valid_lft 86300sec preferred_lft 64700sec
inet6 fd40:ea29:df3d::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::21f:d0ff:fea5:50f8/64 scope link
valid_lft forever preferred_lft forever
root@OpenWrt:~# ping -6 google.com
PING google.com (2a00:1450:4001:82a::200e): 56 data bytes
^C
--- google.com ping statistics ---
24 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 212.135.1.129 0.0.0.0 UG 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 br-lan
212.135.1.128 * 255.255.255.128 U 0 0 0 eth1
root@OpenWrt:~#
Go to Luci and add wan and wan6 interfaces in wan zone in Firewall.
Not sure how to do that.
You want me to click add at the bottom left?
Or edit the wan I have merged both below.
Edit wan zone, in Covered Networks add wan6 interface.
Thanks I found it.
I am now able to ping IP addresses but issues with DNS exist, please see below.
BusyBox v1.33.1 (2021-10-24 09:01:35 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 21.02.1, r16325-88151b8303
-----------------------------------------------------
root@OpenWrt:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: seq=0 ttl=54 time=16.621 ms
64 bytes from 1.1.1.1: seq=1 ttl=54 time=14.430 ms
64 bytes from 1.1.1.1: seq=2 ttl=54 time=14.404 ms
64 bytes from 1.1.1.1: seq=3 ttl=54 time=14.463 ms
^C
--- 1.1.1.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 14.404/14.979/16.621 ms
root@OpenWrt:~# ping bbc.co.uk
PING bbc.co.uk (2a04:4e42::81): 56 data bytes
^C
--- bbc.co.uk ping statistics ---
13 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# ping -6 bbc.co.uk
PING bbc.co.uk (2a04:4e42:600::81): 56 data bytes
^C
--- bbc.co.uk ping statistics ---
11 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=118 time=16.053 ms
64 bytes from 8.8.8.8: seq=1 ttl=118 time=13.473 ms
64 bytes from 8.8.8.8: seq=2 ttl=118 time=13.650 ms
64 bytes from 8.8.8.8: seq=3 ttl=118 time=13.062 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 13.062/14.059/16.053 ms
root@OpenWrt:~# ping -6 google.co.uk
PING google.co.uk (2a00:1450:4001:810::2003): 56 data bytes
^C
--- google.co.uk ping statistics ---
9 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 212.135.1.129 0.0.0.0 UG 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 br-lan
212.135.1.128 * 255.255.255.128 U 0 0 0 eth1
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
root@OpenWrt:~#
The zone you are showing is not wan. In wan zone it is still not added.
Thank for spotting that.
Still DNS I think, see below.
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 21.02.1, r16325-88151b8303
-----------------------------------------------------
root@OpenWrt:~#
root@OpenWrt:~# ping bbc.co.uk
PING bbc.co.uk (2a04:4e42::81): 56 data bytes
^C
--- bbc.co.uk ping statistics ---
8 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~#
root@OpenWrt:~#
root@OpenWrt:~# ping google.com
PING google.com (2a00:1450:4001:82a::200e): 56 data bytes
^C
--- google.com ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: seq=0 ttl=54 time=16.714 ms
64 bytes from 1.1.1.1: seq=1 ttl=54 time=15.223 ms
64 bytes from 1.1.1.1: seq=2 ttl=54 time=15.020 ms
^C
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 15.020/15.652/16.714 ms
root@OpenWrt:~# ping 9.9.9.9
PING 9.9.9.9 (9.9.9.9): 56 data bytes
64 bytes from 9.9.9.9: seq=0 ttl=58 time=17.837 ms
64 bytes from 9.9.9.9: seq=1 ttl=58 time=12.851 ms
64 bytes from 9.9.9.9: seq=2 ttl=58 time=12.900 ms
64 bytes from 9.9.9.9: seq=3 ttl=58 time=12.824 ms
^C
--- 9.9.9.9 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 12.824/14.103/17.837 ms
root@OpenWrt:~# ping -6 bbc.com
PING bbc.com (2a04:4e42::81): 56 data bytes
^C
--- bbc.com ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# ping -6 cnn.com
PING cnn.com (2a04:4e42:600::323): 56 data bytes
^C
--- cnn.com ping statistics ---
8 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
root@OpenWrt:~#
