cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
910
Views
0
Helpful
2
Replies

RV180 IPv6 Access Rules

charvolant
Level 1
Level 1

I've just installed an RV180 (firmware 1.0.3.10) and have been trying to set up IPv6. I'd like to be able to set the access rules so that I can restrict incoming IPv6 connections to a specific range of servers and hosts (the usual, HTTP, SSH, SMTP, IMAPS and the like) and block access to other hosts. However, I can't see how to add a new rule. The access rules panel greys out the destination address for the incoming packet. And, in any case, the fields will not accept IPv6 addresses.

How can I set up rules for IPv6?

2 Replies 2

lariasqu
Level 1
Level 1

Hi Doug, thank you for using our forum, my name is Luis I am part of the Small business Support community. Below I will share an article with some steps to configure a Firewall ACL, if you have any question please let me know, also if you are having troubles to configure it.

http://www6.nohold.net/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=2286

I hope you find this answer useful

Greetings,

Luis Arias.

Cisco Network Support Engineer.

Hi Luis,

Thanks for the reply, but this doesn't address my question.

If I have an IPv6 network, I'm not going to be doing any port forwarding from the router to a server, which is what that page describes. Instead, every IPv6 address is theoretically visiible to the outside world and I need to be able to filter incoming connections on the basis of port number and destination address.

I have two problems here:

1. Try putting an IPv6 address into the the source/destination IP address fields. It can't be done. The field is limited to 15 characters (what you would expect for a XXX.XXX.XXX.XXX IPv4 address)

2. The obvious way to set up a filter is to basically allow certain connections to certain destination address/port combinations (eg. 2001:44b8:110e:5901:2001::1 port 80) and then block everything else. The incoming access rules only allow source addresses to be specified, not desination addresses. So something like

Direction          Source     Port     Destination                              Port     Rule

WAN->LAN     Any          Any     2001:44b8:110e:5901:2001::1     80       Allow 

WAN->LAN     Any          Any     Any                                          Any    Block 

I can't see how to set up what would be a perfectly normal firewall rule.