• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Living With Airport Extreme and XBox 360

Started by colonelf74, June 26, 2012, 04:09:13 PM

Previous topic - Next topic

colonelf74

I'm sort of sure I know the answer to this one but wanted to ask just in case anyone else is living with this issue.

The Airport Extreme is a wonderful little product, but from what I can tell it doesn't do ANY IPv6 firewalling or NAT.  As a result, and in contradiction with Hurricane Electric's example config I've left the option to block incoming IPv6 connections off.

Why?  Well, typically the XBox 360 uses incoming connections to do things like advanced partying, and from what I can tell, voice transmission.

So I'm basically giving up the old world of private IP address space, and the security that goes along with it, to have my XBox 360 perform as best it can with IPv6.

Anyone have any suggestions or comments?

Thanks,

Adam

broquea

comment: NAT != security
suggestion: Install something in front of or behind the Airport that can provide an IPv6 firewall. I mean openwrt, ddwrt, m0n0wall, etc can accomplish this.

colonelf74

Thanks for the advice.  Unfortunately, I don't have a spare PC and am looking to just work with what I have.

kcochran

If you're using Airport Utility 6.1, under the Network section, you can add things under Port Settings.  This is for both IPv4 port forwards, as well as IPv6 firewall rules.

colonelf74

All I can say to that is maybe some day?  Or perhaps it's disallowed because I'm running WiFi.

Unfortunately, for my primary Airport Extreme the drop-down "Firewall Entry Type" is hard-coded
to "IPv4 Port Mapping".  My old Port Settings for the XBox 360 were dutifully noted as under the "Type" column.

If you want I can post a screenshot or something.  It's pretty bizarre.  :)

kcochran

Hmm, mine's running Wi-fi and operating as the front-end router (behind a 2Wire that's been told to basically act as a translation bridge between U-verse).

colonelf74

Update:  I'm stupid.  I now see how I can enable IPv6 firewalling on my Airport Extreme.  (First, you -have- to enable "Block incoming IPv6 connections" and then it's happy.)

Once I do that, though, I'm again at a loss.  How can I tell what IPv6 address has been picked up by my Xbox 360?

Does anyone know what type of tool I can use in place of good old "arp"?  Maybe sniff enough broadcast traffic from a Mac on a different physical network to guess?

As a hack/workaround could I just enter the entire IPv6 LAN Address and just use that to allow ports through?  I suppose any security is better than none.  Blah.

broquea

#7
Xbox360 supports IPv6? I just powered mine on and don't see it setting an IPv6 address at all (admittedly, my LAN is using SLAAC, not DHCPv6). You'd want to look at NDP as the "replacement" for ARP in IPv6.

colonelf74

A huge thank you for telling me about "ndp".

colonelf74

Well, at least I've managed to figure out how to make my XBox 360 most happy.

Now I'm moving on to a firewall question.  :-)