You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My pppoe-wan has IPv4 (wan) and native IPv6 (wan_6) connections, I also have a 6to4-wan6 tunnel (native IPv6 from some ISPs can't reach 6to4 addresses, additionally 6to4 normally offers faster connections to other 6to4 addresses). I want to enable mtu_fix for IPv4 only, but the option applies to all interfaces in the wan firewall zone (see ip6tables output below). Please make mtu_fix more granular so that different network interfaces (including virtual interfaces like wan_6) can have independent mtu_fix settings.
On a separate note, IPv4 iptables contains rules for 6to4 interface, is this a mistake? I don't think IPv4 traffic could go through 6to4 interface.
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp any 6to4-wan6 anywhere anywhere tcp flags:SYN,RST/SYN /* !fw3: Zone wan MTU fixing */ TCPMSS clamp to PMTU
0 0 TCPMSS tcp any pppoe-wan anywhere anywhere tcp flags:SYN,RST/SYN /* !fw3: Zone wan MTU fixing */ TCPMSS clamp to PMTU
The text was updated successfully, but these errors were encountered:
fvc:
My pppoe-wan has IPv4 (wan) and native IPv6 (wan_6) connections, I also have a 6to4-wan6 tunnel (native IPv6 from some ISPs can't reach 6to4 addresses, additionally 6to4 normally offers faster connections to other 6to4 addresses). I want to enable mtu_fix for IPv4 only, but the option applies to all interfaces in the wan firewall zone (see ip6tables output below). Please make mtu_fix more granular so that different network interfaces (including virtual interfaces like wan_6) can have independent mtu_fix settings.
On a separate note, IPv4 iptables contains rules for 6to4 interface, is this a mistake? I don't think IPv4 traffic could go through 6to4 interface.
If possible it would be good to add proto-41 firewall rule automatically when 6to4 is used, the rule is documented in the last part of https://openwrt.org/docs/guide-user/network/ipv6/barrier.breaker.ipv6.6to4 , the rule should really limit the scope to ipv4 family.
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 TCPMSS tcp any 6to4-wan6 anywhere anywhere tcp flags:SYN,RST/SYN /* !fw3: Zone wan MTU fixing */ TCPMSS clamp to PMTU 0 0 TCPMSS tcp any pppoe-wan anywhere anywhere tcp flags:SYN,RST/SYN /* !fw3: Zone wan MTU fixing */ TCPMSS clamp to PMTU
The text was updated successfully, but these errors were encountered: