Go Back   English Forum Switzerland > Help & tips > TV/internet/telephone  
Reply
 
Thread Tools Display Modes
  #1  
Old 02.05.2020, 13:20
Newbie
 
Join Date: May 2020
Location: Geneva
Posts: 5
Groaned at 0 Times in 0 Posts
Thanked 0 Times in 0 Posts
asheenlevrai has no particular reputation at present
Salt box, how to open ports? (IPv6)

Hi

I have a Salt box that is configured in DS-lite apparently (static IPv6 but no routable IPv4, only a local v4 provided by Salt's carrier-grade NAT). All my devices thus have a routabe IPv6 address. I own a NAS and I can access it from the outside using its IPv6 address when the necessary ports are open in the IPv6 firewall of the Salt box.

In order to perform backups to my NAS from my laptop when I am not at home, I need to open port 6281. When I go into the webUI of the Salt box, there is an "IPv6" tab containing 2 sections: "Firewall" and "Access Control". Unfortunately, the firewall section is really odd since it doesn't allow the user to open specific ports. Using check-boxes, I can only chose among predefined sets of ports that I could open. Or the last check-box is "all other ports" in order to open all ports but the predefined ones. Again, this is very strange to me and the solution that the developers chose to implement doesn't make any sense to me... Anyways, when I turn off the firewall (or open "all other ports", then I can reach my NAS without any issue. The problem is that these ports are now open to the outside FOR ALL MY DEVICES and there is thus a big risk, security-wise.

I don't understand exactly what the second section ("Access Control") does. It looks like it gives the opportunity to open/block a given port (or a given range of ports) for a given IPv6 address by creating custom rules. However, if I create a rule to open port 6281 for the IPv6 of my NAS and then turn the firewall back on, it doesn't work (my NAS isn't reachable).

Does anyone understands what exactly the "Access Control" section is for?

I couldn't find online any documentation or detailed user manual for the Salt box. If there is one, please provide a link to it.

Thank you very much in advance for your help.

Best,
-a-
Reply With Quote
  #2  
Old 03.05.2020, 11:21
CHnuschti's Avatar
Member
 
Join Date: Jul 2018
Location: Zürich
Posts: 175
Groaned at 3 Times in 1 Post
Thanked 76 Times in 53 Posts
CHnuschti has earned some respectCHnuschti has earned some respect
Re: Salt box, how to open ports? (IPv6)

Quote:
View Post
I don't understand exactly what the second section ("Access Control") does. It looks like it gives the opportunity to open/block a given port (or a given range of ports) for a given IPv6 address by creating custom rules. However, if I create a rule to open port 6281 for the IPv6 of my NAS and then turn the firewall back on, it doesn't work (my NAS isn't reachable).

Does anyone understands what exactly the "Access Control" section is for?
I also understand it as you do.
I don't have IPV6 running here, but it seems to me that's the way to go.

In the salt box:
expert>network>ipv6>firewall => on / user defined check/uncheck needed, then save settings
expert>network>ipv6>access control => "Add+" service as needed, save settings

Don't forget to "save settings" after each adjustment.
Reply With Quote
  #3  
Old 03.05.2020, 20:15
Newbie
 
Join Date: May 2020
Location: Geneva
Posts: 5
Groaned at 0 Times in 0 Posts
Thanked 0 Times in 0 Posts
asheenlevrai has no particular reputation at present
Re: Salt box, how to open ports? (IPv6)

Quote:
View Post
I also understand it as you do.
I don't have IPV6 running here, but it seems to me that's the way to go.

In the salt box:
expert>network>ipv6>firewall => on / user defined check/uncheck needed, then save settings
expert>network>ipv6>access control => "Add+" service as needed, save settings

Don't forget to "save settings" after each adjustment.



Thanks


But as I said, as soon as the ports are closed in the IPv6 firewall, it seems that whatever rule I may create in Access Control in order to open them for a given IPv6 address is ineffective. The target remains unreachable
Reply With Quote
  #4  
Old 04.05.2020, 15:19
CHnuschti's Avatar
Member
 
Join Date: Jul 2018
Location: Zürich
Posts: 175
Groaned at 3 Times in 1 Post
Thanked 76 Times in 53 Posts
CHnuschti has earned some respectCHnuschti has earned some respect
Re: Salt box, how to open ports? (IPv6)

Quote:
View Post
Thanks


But as I said, as soon as the ports are closed in the IPv6 firewall, it seems that whatever rule I may create in Access Control in order to open them for a given IPv6 address is ineffective. The target remains unreachable
There is a blog-entry that adresses IPV6 with the salt box and a NAS. In french however, but might give some indications.
https://sacha.horovitz.ch/ipv4-et-ipv6-avec-salt-fiber/
EDIT: Ups, i see you already were there ...
Reply With Quote
  #5  
Old 04.05.2020, 20:35
Newbie
 
Join Date: May 2020
Location: VD
Posts: 9
Groaned at 1 Time in 1 Post
Thanked 2 Times in 2 Posts
tripz has no particular reputation at present
Re: Salt box, how to open ports? (IPv6)

I have the same issue where I want to allow both TCP/UDP on a specific port.

I have tried adding a custom entry on "Access" but it does not appear on the list of services that appear on the "Firewall" section ...

I am now stuck on having a pre-configured port only on tcp, this can't be it I mean this box has been around for 2 years now?
Reply With Quote
  #6  
Old 05.05.2020, 14:14
Newbie
 
Join Date: May 2020
Location: Geneva
Posts: 5
Groaned at 0 Times in 0 Posts
Thanked 0 Times in 0 Posts
asheenlevrai has no particular reputation at present
Re: Salt box, how to open ports? (IPv6)

Thanks I appreciate


Yeah, I know I'm looking all over the place for a way to open this port I need (and not ALL of them, to every downstream device).


About that blog you referred to. I wish I could somehow contact that "Cate" user that seem to know a whole lot more than me about how that Salt box router works.


Tx
-a-
Reply With Quote
  #7  
Old 08.05.2020, 16:08
Newbie
 
Join Date: May 2020
Location: Geneva
Posts: 5
Groaned at 0 Times in 0 Posts
Thanked 0 Times in 0 Posts
asheenlevrai has no particular reputation at present
Re: Salt box, how to open ports? (IPv6)

I contacted Salt and their only answer is:
- "Pay an extra CHF10.- monthly for a static IPv4 and then you can run things as usual (NAT&Port forwarding)"


This is both lame and ridiculous.


The whole issue could be "easily" solved be a firmware update allowing custom port management in the IPv6 firewall.


Maybe if many f us keep asking for that firmware update they might implement it (I'm being VERY optimistic).
I'd be happy to be a beta tester if that could help...
Reply With Quote
  #8  
Old 08.05.2020, 16:11
Newbie
 
Join Date: May 2020
Location: Geneva
Posts: 5
Groaned at 0 Times in 0 Posts
Thanked 0 Times in 0 Posts
asheenlevrai has no particular reputation at present
Re: Salt box, how to open ports? (IPv6)

Quote:
View Post
I contacted Salt and their only answer is:
- "Pay an extra CHF10.- monthly for a static IPv4 and then you can run things as usual (NAT&Port forwarding)"


This is both lame and ridiculous.


The whole issue could be "easily" solved be a firmware update allowing custom port management in the IPv6 firewall.


Maybe if many f us keep asking for that firmware update they might implement it (I'm being VERY optimistic).
I'd be happy to be a beta tester if that could help...



So basically, we cannot select which port to open for IPv6 and we cannot use a third party router to manage our LAN : this also only work on IPv4 boxes but not on DS-lite (aka IPv6) boxes.
Reply With Quote
  #9  
Old 09.05.2020, 11:13
Newbie
 
Join Date: May 2020
Location: VD
Posts: 9
Groaned at 1 Time in 1 Post
Thanked 2 Times in 2 Posts
tripz has no particular reputation at present
Re: Salt box, how to open ports? (IPv6)

yeah got the same response, I know Salt is not Free but can't they share the love ? I remember the freebox had lots of cool features (bittorrent, nas ...)
Reply With Quote
Reply

Tags
firewall, ipv6, salt




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPv6 in Switzerland grealish TV/internet/telephone 5 22.01.2019 10:38
where do the ethernet ports go? NigerianBusinessman TV/internet/telephone 13 24.05.2015 14:31
Swisscom blocking ports kyo TV/internet/telephone 1 12.12.2012 20:15
Can someone help ? USB ports are not working !! Joolie General off-topic 10 01.12.2009 15:36
Do IC/ICE trains have 12-volt ports? bozothedeathmachine Transportation/driving 3 04.10.2007 11:31


All times are GMT +2. The time now is 06:09.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.1.0