NIS 20.4.0.40 blocking IPv6 traceroute

I recently enabled IPv6 on my Window XP SP3 machine and if I try to do a traceroute to an IPv6 address with the Smart Firewall enabled, all the traces along the route time out.   If I disable Smart Firewall they succeed.  Traces to IPv4 addresses work either way.

 

Obviously there's a rule allowing traceroute responses for IPv4 that's missing for IPv6.  I can ping my PC's IPv6 address from the Internet so that's not being blocked, but traceroute responses are.

 

Anyone know how to set this up?

 

Edit:

 

It looks like the incoming packet for the traceroute is an ICMPv6 packet of type 3.  For some reason Norton seems to be blocking that.  There is a rule set up to allow it, called "Default Allow Inbound ICMPV6 Error Reports", but the check box next to it is unchecked and it's disabled so I can't check it. 

 

Is there some way to enabled this rule?

 

I found a similar question at http://www.dslreports.com/forum/remark,27216883 and the person simply created their own rule, but that just seems to work around the issue rather than fix the problem.

 

Edit 2:

 

I created my own version of the "Default Allow Inbound ICMPV6 Error Reports" and enabled it and now I can do IPv6 traceroutes.  I shouldn't have to do that though since there's alreaedy a rule for it, it's just permanently disabled, so I consider this a bug in NIS 20.4.0.40

I recently enabled IPv6 on my Window XP SP3 machine and if I try to do a traceroute to an IPv6 address with the Smart Firewall enabled, all the traces along the route time out.   If I disable Smart Firewall they succeed.  Traces to IPv4 addresses work either way.

 

Obviously there's a rule allowing traceroute responses for IPv4 that's missing for IPv6.  I can ping my PC's IPv6 address from the Internet so that's not being blocked, but traceroute responses are.

 

Anyone know how to set this up?

 

Edit:

 

It looks like the incoming packet for the traceroute is an ICMPv6 packet of type 3.  For some reason Norton seems to be blocking that.  There is a rule set up to allow it, called "Default Allow Inbound ICMPV6 Error Reports", but the check box next to it is unchecked and it's disabled so I can't check it. 

 

Is there some way to enabled this rule?

 

I found a similar question at http://www.dslreports.com/forum/remark,27216883 and the person simply created their own rule, but that just seems to work around the issue rather than fix the problem.

 

Edit 2:

 

I created my own version of the "Default Allow Inbound ICMPV6 Error Reports" and enabled it and now I can do IPv6 traceroutes.  I shouldn't have to do that though since there's alreaedy a rule for it, it's just permanently disabled, so I consider this a bug in NIS 20.4.0.40

Were you using a Windows account with Admin privileges when you tried to enable the setting?

 

Another suggestion to go with Dick's.

 

As IPV6 is still not being fully implemented yet, the rule may be ready for a future update to enable it when deemed necessary.

 

Just my $ .02

 

 

 

IPv6 has been supported since NIS 2007, so it is supported.

 

https://support.norton.com/sp/en/us/home/current/solutions/kb20080811111546EN_EndUserProfile_en_us

 

 For the most part it works, it's just that for whatever reason the default rule "traceroute" rule is disabled. 

 

There was a similar problem with the the iPv4 traceroute a few years ago.

 

http://community.norton.com/t5/Norton-Internet-Security-Norton/Tracert-problem-with-NIS2011/td-p/290120

Looks like we have a question that needs an employee to address

I'll seee if I can get it directed to the correct one

Default Allow Spefific Inbound ICMP

Default Allow Inbound ICMPv6 Error Reports

 

Both these rules are specific to Stateful protocol behavior of firewall, it will be enabled automatically once you turned off  Firewall->StateFul Protocol Filter feature.

Thanks,


madhan wrote:

Default Allow Spefific Inbound ICMP

Default Allow Inbound ICMPv6 Error Reports

 

Both these rules are specific to Stateful protocol behavior of firewall, it will be enabled automatically once you turned off  Firewall->StateFul Protocol Filter feature.

Thanks,


The thing is, traceroute works to ipv4 addresses even with the ICMP rule disabled.  It doesn't work with for ipv6 with the ICMPv6 rule disabled so the stateful protocol feature must not work with ipv6 which seems like a bug.