LAN get ipv6, but cannot access any website:
cirn09@nas:~$ ip a show dev enp1s0
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 7c:83:34:be:20:6b brd ff:ff:ff:ff:ff:ff
inet 192.168.9.9/24 metric 100 brd 192.168.9.255 scope global dynamic enp1s0
valid_lft 43198sec preferred_lft 43198sec
inet6 fd00::7e83:34ff:febe:206b/64 scope global tentative mngtmpaddr noprefixroute
valid_lft forever preferred_lft forever
inet6 2408:xxxx:xxxx:xxxx:7e83:34ff:febe:206b/64 scope global tentative dynamic mngtmpaddr noprefixroute
valid_lft 259142sec preferred_lft 172742sec
inet6 fe80::7e83:34ff:febe:206b/64 scope link
valid_lft forever preferred_lft forever
cirn09@nas:~$ curl ip6only.me -vv
* Trying 2001:4810:0:3::78:80...
* connect to 2001:4810:0:3::78 port 80 failed: Connection timed out
* Failed to connect to ip6only.me port 80 after 129543 ms: Connection timed out
* Closing connection 0
curl: (28) Failed to connect to ip6only.me port 80 after 129543 ms: Connection timed out
cirn09@nas:~$ ip r get 2001:4810:0:3::78
2001:4810:0:3::78 from :: via fe80::be24:11ff:fef5:6341 dev enp1s0 proto ra src 2408:xxxx:xxxx:xxxx:7e83:34ff:febe:206b metric 100 mtu 1500 pref medium
but wan work well:
root@router:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether bc:24:11:08:cd:74 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.43/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2408:xxxx:xxxx:xxxx:be24:11ff:fe08:cd74/64 scope global dynamic noprefixroute
valid_lft 259016sec preferred_lft 172616sec
inet6 2408:xxxx:xxxx:xxxx::1/128 scope global dynamic noprefixroute
valid_lft 259016sec preferred_lft 172616sec
inet6 fe80::be24:11ff:fe08:cd74/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP group default qlen 1000
link/ether bc:24:11:f5:63:41 brd ff:ff:ff:ff:ff:ff
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether bc:24:11:f5:63:41 brd ff:ff:ff:ff:ff:ff
inet 192.168.9.1/24 brd 192.168.9.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 2408:xxxx:xxxx:xxxx::1/64 scope global dynamic noprefixroute
valid_lft 259016sec preferred_lft 172616sec
inet6 fd00::1/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::be24:11ff:fef5:6341/64 scope link
valid_lft forever preferred_lft forever
root@router:~# curl ip6only.me -vv
> GET / HTTP/1.1
> Host: ip6only.me
> User-Agent: curl/8.6.0
> Accept: */*
>
< HTTP/1.1 200 OK
...
root@router:~# ip r get 2001:4810:0:3::78
RTNETLINK answers: Network unreachable
root@router:~# ip -6 r
default from 2408:xxxx:xxxx:xxxx::1 via fe80::1 dev eth0 proto static metric 512 pref medium
default from 2408:xxxx:xxxx:xxxx::/64 via fe80::1 dev eth0 proto static metric 512 pref medium
2408:xxxx:xxxx:xxxx::/64 dev eth0 proto static metric 256 pref medium
2408:xxxx:xxxx:xxxx::/64 dev br-lan proto static metric 1024 pref medium
unreachable 2408:xxxx:xxxx:xxxx::/64 dev lo proto static metric 2147483647 pref medium
fd00::/64 dev br-lan proto static metric 1024 pref medium
unreachable fd00::/64 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
here is my configs:
root@router:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd00::/64'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.9.1'
option netmask '255.255.255.0'
option ip6assign '64'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
root@router:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '0'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option localuse '1'
option logfacility '/tmp/dhcp.log'
option noresolv '1'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option cachesize '0'
list server '127.0.0.1#51453'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'hybrid'
option ra 'hybrid'
list dhcp_option '6,192.168.9.1'
option force '1'
list ra_flags 'other-config'
option ndp 'hybrid'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'nas'
option ip '192.168.9.9'
list mac '7C:83:34:BE:20:6B'
config cname
option cname 'qb.nas'
option target 'nas'
config cname
option cname 'qd.nas'
option target 'nas'
config cname
option cname 'lrr.nas'
option target 'nas'
config cname
option cname 'fsrr.nas'
option target 'nas'
config cname
option cname 'flex.nas'
option target 'nas'
config cname
option cname 'pbh.nas'
option target 'nas'
config dhcp 'wan6'
option interface 'wan6'
option ignore '1'
option master '1'
option ra 'hybrid'
option dhcpv6 'hybrid'
option ndp 'hybrid'
root@router:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
option masq '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
Try fix ipv6 all day and no play makes Jack a dull boy