• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Win XP: Impossible to reconcile IPv6 with the Firewall ???

Started by Ninho, November 16, 2011, 10:13:45 AM

Previous topic - Next topic

cholzhauer

I'm 99.9% sure I had the firewall on (I don't think I would have had the firewall off on an XP computer directly connected to the net)  I think I only had to allow incoming ICMP so I could create the tunnel.

I didn't read back through the thread, but did you try a brand new XP install with your setup?

Ninho

Quote from: cholzhauer on January 03, 2012, 04:50:29 PM
I'm 99.9% sure I had the firewall on (I don't think I would have had the firewall off on an XP computer directly connected to the net)  I think I only had to allow incoming ICMP so I could create the tunnel.

I didn't read back through the thread, but did you try a brand new XP install with your setup?

I used a fresh install from a CD slipstreamed with SP2, and updated from MS Update.
A brand new XP (SP zero) would not help diagnose the question, since it wouldn't have the new windows firewall - nor even IPv6 installed by default.

I don't think the problem is to do with something special in this install. But reading again your previous messages,

Quotejust connected directly to my internet router.

I wonder : were you NATting (IPv4) or not so ? IOW, in your experiment did that XP computer get the public IP from the ISP or did it get a private IPv4 address ? Notice how in my setting here, the XP comp gets a private 10.x.x.x addie from the Speedtouch ADSL "modem/router".  This might be the crucial point... 

Sincere regards

--
Ninho

cholzhauer

What about trying SP3?

No NAT what so ever.  My "local area connection" had a public IP address.  The next hop was the router owned by the ISP and from there, out to the abyss.

Ninho

Quote from: cholzhauer on January 04, 2012, 04:58:30 AM
What about trying SP3?

I am running SP3 and up-to-date with patches.

Quote
No NAT what so ever.  My "local area connection" had a public IP address.  The next hop was the router owned by the ISP and from there, out to the abyss.

Yup, this is where your test did not reproduce my settings. I get the distinctive feeling, were I to connect directly to the public internet, the firewall would let traffic pass thru the HE tunnel.

By no means feel obliged, but if you get an opportunity to - and curiosity for - testing with a local NAT, I'd be much interested. Anyone of you all, not just Carl, by the way ! That's Windows Firewall + NATted v4 LAN (the NAT should pass IP protocol 41 to the Windows computer of interest.) And maybe not just XP, who says this problem is fixed in Vista and above ?


--
Ninho

cholzhauer

Come to think of it, I did have a tunnel hosted on my home XP install a year or so ago.  I never really used it for anything because the machine isn't on much, but I do know it worked