I recently enabled IPv6 on my Window XP SP3 machine and if I try to do a traceroute to an IPv6 address with the Smart Firewall enabled, all the traces along the route time out. If I disable Smart Firewall they succeed. Traces to IPv4 addresses work either way.
Obviously there's a rule allowing traceroute responses for IPv4 that's missing for IPv6. I can ping my PC's IPv6 address from the Internet so that's not being blocked, but traceroute responses are.
Anyone know how to set this up?
Edit:
It looks like the incoming packet for the traceroute is an ICMPv6 packet of type 3. For some reason Norton seems to be blocking that. There is a rule set up to allow it, called "Default Allow Inbound ICMPV6 Error Reports", but the check box next to it is unchecked and it's disabled so I can't check it.
Is there some way to enabled this rule?
I found a similar question at http://www.dslreports.com/forum/remark,27216883 and the person simply created their own rule, but that just seems to work around the issue rather than fix the problem.
Edit 2:
I created my own version of the "Default Allow Inbound ICMPV6 Error Reports" and enabled it and now I can do IPv6 traceroutes. I shouldn't have to do that though since there's alreaedy a rule for it, it's just permanently disabled, so I consider this a bug in NIS 20.4.0.40
I recently enabled IPv6 on my Window XP SP3 machine and if I try to do a traceroute to an IPv6 address with the Smart Firewall enabled, all the traces along the route time out. If I disable Smart Firewall they succeed. Traces to IPv4 addresses work either way.
Obviously there's a rule allowing traceroute responses for IPv4 that's missing for IPv6. I can ping my PC's IPv6 address from the Internet so that's not being blocked, but traceroute responses are.
Anyone know how to set this up?
Edit:
It looks like the incoming packet for the traceroute is an ICMPv6 packet of type 3. For some reason Norton seems to be blocking that. There is a rule set up to allow it, called "Default Allow Inbound ICMPV6 Error Reports", but the check box next to it is unchecked and it's disabled so I can't check it.
Is there some way to enabled this rule?
I found a similar question at http://www.dslreports.com/forum/remark,27216883 and the person simply created their own rule, but that just seems to work around the issue rather than fix the problem.
Edit 2:
I created my own version of the "Default Allow Inbound ICMPV6 Error Reports" and enabled it and now I can do IPv6 traceroutes. I shouldn't have to do that though since there's alreaedy a rule for it, it's just permanently disabled, so I consider this a bug in NIS 20.4.0.40
Both these rules are specific to Stateful protocol behavior of firewall, it will be enabled automatically once you turned off Firewall->StateFul Protocol Filter feature.
Both these rules are specific to Stateful protocol behavior of firewall, it will be enabled automatically once you turned off Firewall->StateFul Protocol Filter feature.
Thanks,
The thing is, traceroute works to ipv4 addresses even with the ICMP rule disabled. It doesn't work with for ipv6 with the ICMPv6 rule disabled so the stateful protocol feature must not work with ipv6 which seems like a bug.