• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

NIS 20.4.0.40 blocking IPv6 traceroute

I recently enabled IPv6 on my Window XP SP3 machine and if I try to do a traceroute to an IPv6 address with the Smart Firewall enabled, all the traces along the route time out.   If I disable Smart Firewall they succeed.  Traces to IPv4 addresses work either way.

Obviously there's a rule allowing traceroute responses for IPv4 that's missing for IPv6.  I can ping my PC's IPv6 address from the Internet so that's not being blocked, but traceroute responses are.

Anyone know how to set this up?

Edit:

It looks like the incoming packet for the traceroute is an ICMPv6 packet of type 3.  For some reason Norton seems to be blocking that.  There is a rule set up to allow it, called "Default Allow Inbound ICMPV6 Error Reports", but the check box next to it is unchecked and it's disabled so I can't check it. 

Is there some way to enabled this rule?

I found a similar question at http://www.dslreports.com/forum/remark,27216883 and the person simply created their own rule, but that just seems to work around the issue rather than fix the problem.

Edit 2:

I created my own version of the "Default Allow Inbound ICMPV6 Error Reports" and enabled it and now I can do IPv6 traceroutes.  I shouldn't have to do that though since there's alreaedy a rule for it, it's just permanently disabled, so I consider this a bug in NIS 20.4.0.40

Replies

Kudos0

Re: NIS 20.4.0.40 blocking IPv6 traceroute

I recently enabled IPv6 on my Window XP SP3 machine and if I try to do a traceroute to an IPv6 address with the Smart Firewall enabled, all the traces along the route time out.   If I disable Smart Firewall they succeed.  Traces to IPv4 addresses work either way.

Obviously there's a rule allowing traceroute responses for IPv4 that's missing for IPv6.  I can ping my PC's IPv6 address from the Internet so that's not being blocked, but traceroute responses are.

Anyone know how to set this up?

Edit:

It looks like the incoming packet for the traceroute is an ICMPv6 packet of type 3.  For some reason Norton seems to be blocking that.  There is a rule set up to allow it, called "Default Allow Inbound ICMPV6 Error Reports", but the check box next to it is unchecked and it's disabled so I can't check it. 

Is there some way to enabled this rule?

I found a similar question at http://www.dslreports.com/forum/remark,27216883 and the person simply created their own rule, but that just seems to work around the issue rather than fix the problem.

Edit 2:

I created my own version of the "Default Allow Inbound ICMPV6 Error Reports" and enabled it and now I can do IPv6 traceroutes.  I shouldn't have to do that though since there's alreaedy a rule for it, it's just permanently disabled, so I consider this a bug in NIS 20.4.0.40

Kudos0

Re: NIS 20.4.0.40 blocking IPv6 traceroute

Hi,

If memory serves, and it may not, I seem to remember somewhere in the release notes that IPv6 isn't supported. This would lead me to believe that the program would block it be default.

Support is coming but has not been announced

Stay well and surf safe

Dick Win 10x64 current current NSBU
Kudos0

Re: NIS 20.4.0.40 blocking IPv6 traceroute

Were you using a Windows account with Admin privileges when you tried to enable the setting?

Another suggestion to go with Dick's.

As IPV6 is still not being fully implemented yet, the rule may be ready for a future update to enable it when deemed necessary.

Just my $ .02

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: NIS 20.4.0.40 blocking IPv6 traceroute

IPv6 has been supported since NIS 2007, so it is supported.

https://support.norton.com/sp/en/us/home/current/solutions/kb20080811111546EN_EndUserProfile_en_us

 For the most part it works, it's just that for whatever reason the default rule "traceroute" rule is disabled. 

There was a similar problem with the the iPv4 traceroute a few years ago.

http://community.norton.com/t5/Norton-Internet-Security-Norton/Tracert-problem-with-NIS2011/td-p/290120

Kudos0

Re: NIS 20.4.0.40 blocking IPv6 traceroute

Looks like we have a question that needs an employee to address

I'll seee if I can get it directed to the correct one

Dick Win 10x64 current current NSBU
Kudos0

Re: NIS 20.4.0.40 blocking IPv6 traceroute

Default Allow Spefific Inbound ICMP

Default Allow Inbound ICMPv6 Error Reports

Both these rules are specific to Stateful protocol behavior of firewall, it will be enabled automatically once you turned off  Firewall->StateFul Protocol Filter feature.

Thanks,

Kudos0

Re: NIS 20.4.0.40 blocking IPv6 traceroute


madhan wrote:

Default Allow Spefific Inbound ICMP

Default Allow Inbound ICMPv6 Error Reports

Both these rules are specific to Stateful protocol behavior of firewall, it will be enabled automatically once you turned off  Firewall->StateFul Protocol Filter feature.

Thanks,


The thing is, traceroute works to ipv4 addresses even with the ICMP rule disabled.  It doesn't work with for ipv6 with the ICMPv6 rule disabled so the stateful protocol feature must not work with ipv6 which seems like a bug. 

This thread is closed from further comment. Please visit the forum to start a new thread.