PF Rule ipv6 in pf for access external

elivale

elivale

Please can someone help me with this rule
I have a firewall pf and on my network there is a machine that needs external access via VNC. With IPv4, I access normally, but I want to access with IPv6 through the firewall
 
Do you actually have a global IPv6 address and/or range? A /48 or /64? What did the provider give you?
 
Alright, so your LAN hosts get a proper global IPv6 address too?

Then something as simple as this would do:
Code: 
pass in on $ext_if inet6 proto tcp from any to 2001:<IPv6 address of VNC host> port 5900

But I would advise against opening VNC to the Internet though, not on IPv4 or IPv6. It's not the world's most secure protocol. You're better off logging in via ssh and tunneling VNC over SSH; ssh -L5900:localhost:5900 me@myhost.example.com then connect your VNC viewer to localhost:5900.
 
I use VNC via VPN
SirDice said:
Alright, so your LAN hosts get a proper global IPv6 address too?

Then something as simple as this would do:
Code: 
pass in on $ext_if inet6 proto tcp from any to 2001:<IPv6 address of VNC host> port 5900

But I would advise against opening VNC to the Internet though, not on IPv4 or IPv6. It's not the world's most secure protocol. You're better off logging in via ssh and tunneling VNC over SSH; ssh -L5900:localhost:5900 me@myhost.example.com then connect your VNC viewer to localhost:5900.
Click to expand...
 
That's the mystery, it doesn't work with this rule
If I disable PF everything works fine.
pass in on $ext_if inet6 proto tcp from any to 2001:<IPv6 address of VNC host> port 5900
 
elivale said:
That's the mystery, it doesn't work with this rule
Click to expand...
What else is in /etc/pf.conf? And how is the traffic actually flowing? You mentioned you used a VPN then VNC. How's the VPN set up? Where does it terminate? How's your network set up?
 
monwarez said:
you have to let the traffic on the vpn to pass. Does the vpn subnet is also ipv6 ?
Click to expand...
Yes, it is IPv6, but I use VPN to be safer. I connect to the network via VPN, but the machine with VNC is on the remote client's local network.
 
You must log in or register to reply here.
Back
Top