Hi,
i played around with the ICMP settings (+ ping and traceroute) on the Firewall Tab when i suddenly found out that i can ping my computer behind(!) my UTM via IPv6 even when ICMP is disabled and only Gateway forwards traceroute is enabled (not even any ping is enabled).
i played around a bit and both traceroute6 and ping6 from an external server through my UTM to my OSX device behind the UTM can be tracerouted/pinged if one of the three options "Allow ICMP through gateway" (not the "from external"!!!), "Allow Ping through gateway" or "Allow traceroute through gateway" is enabled. one(!) of those 3 is enough to successfully ping AND traceroute an IPv6 device behind the UTM which SHOULD not work in my opinion.
Does someone have an explanation for that?
My IPv6 is from german KabelDeutschland. I have a DS-Lite access with a Carrier-grade NAT IPv4 and my UTM got a IPv6 and a delegated prefix. the delegated prefix in turn is given to the clients internally via normal prefix delegation with stateless autoconfig.
This thread was automatically locked due to age.
