Airport Extreme IPv6 firewall bug

I've been experimenting with IPv6 support in the Airport Extreme, and I think I found a bug.
If a host on the WAN side has a smaller MTU, as might be the case if it is being tunneled, then attempting to run a bunch of data through a TCP connection will naturally result in the remote host returning an ICMPv6 packet too big notification. Those don't seem to be making it through the IPv6 firewall in the AEBS back to the originating host. This locks up the TCP connection. Reducing the MTU of the local host's interface is a workaround, but it's annoying.

This magically fixed itself some time ago.

Similar Messages

  • Airport Extreme-NAT-Firewall-TCP-IP-Ports and what not... I BEG FOR HELP!

    Problem: I can't use ISPQ (videochat) with my ibookG4 or MacBookPro.
    Details: iBookG4 [10.3.9] is the main one, MacBookPro [10.4.7] is the secondary one. I have a DSL modem attached to an Airport Extreme base.
    ===
    I have run a diagnostic test on IsPq and this is the result:
    Contacting server with HTTP protocol... success.
    Connecting to diagnostic server... success.
    Logging into diagnostic server... success.
    Testing TCP port 2000 (VideoChat control)... failed.
    Testing TCP port 2001 (VideoChat data)... failed.
    Testing TCP port 2002 (Quick Message)... failed.
    Results:
    Your local address is 10.0.1.3, your address as seen by the rest of the world is 151.51.233.232, and your address as seen by our HTTP servers is 151.51.233.232. Your computer is configured to use the following DNS servers: 193.70.192.25, 193.70.152.25, 10.0.1.1.
    This computer appears to be behind a NAT firewall, it cannot receive incoming connections. It can still use iSpQ VideoChat, but it will not be able to initiate VideoChat connections and quick messages will be delivered through the server.
    If you are using the MacOS X firewall, add an entry for iSpQ VideoChat to allow connections on ports 2000-2002. If you have a router on your network, make sure it is configured to properly route TCP ports 2000-2002 to your computer at 10.0.1.3. Otherwise, contact your network administrator for assistance.
    ===
    Please help me or I will start crying. I'm close to utter desperation.
    Thanks,
    Emmanuel

    Thanks Rick, I was afraind nobody was going to reply.
    Let me get this right. In my sharing options I have disabled firewall. So that bit is done. The next bit is about configuring my router, that is my dsl router (Castlenet AR250, I think).
    My airport base has nothing to do with it, correct?
    Thanks again...

  • Airport Extreme: Native Firewall/Encryption question

    The Airport Exteme offers a built-in firewall and supports industry-standard encryption technologies including WPA/WPA2 and 128-bit WEP.  I plan to install a NAS device onto my home network (hard wired to my AE) for the purposes of RAID 0, mirrored backups of the multiple computers on my personal network.
    Question:  Given the native fireway/encryption built into the AE, would I still need to encrypt my backups to my NAS?  Can I consider this technology 'safe' enough from any outside hacker?  Please advise. 
    Thanks!

    Question:  Given the native fireway/encryption built into the AE, would I still need to encrypt my backups to my NAS?  Can I consider this technology 'safe' enough from any outside hacker?
    As far as unwanted access over wireless, the AirPort offers similar levels of protection as most consumer or commercial routers. Using WPA2 with a strong encryption key and changing that key every 60-90 days would be the best that you can expect for current technology.
    As far as access via the AirPort's WAN port that is somewhat a different matter. The Apple routers offer only a basic NAT-type firewall. Effective, but not the most secure method that can be had today. If you are concerned about potential unwanted access from the Internet, you may want to consider routers that offer multiple firewall options, like stateful packet inspection, or provides additional "layers of protection," like an Intrusion Protection System. Note; however, implementing most of these additional methods can significantly reduce the WAN-to-LAN throughput as each packet of data is inspected multiple times before it can pass through.

  • Mac can't see new printer-told to Disable Airport Extreme Firewall and Mac Filtering...

    I have a new Epson WF-3520 AIO printer. I run Mac on OS X 10.5.7.  The printer appears to be properly set up to run wirelessly but it doesn't show up as a choice to be added to my list of available printers.  My Mac just doesn't see it.  After trying many things Epson's tech support told me to call Apple and find out how to disable the Airport Extreme's firewall as well as Mac Filtering.  I went into the Airport's utility and just got lost in knowing exactly what steps I need to take to do this.  Also, I'm somewhat dubious that this is really what needs to be done in the first place and I'm wondering if he simply wanted to get off the phone....  All advice welcome!  Thanks. Stephanie

    Forget it.... My suspicion was correct.  I was talking to an idiot.  Problem resolved by me.  Unrelated to Airport.
    Forgot to install a piece of software... duh!!!

  • Speed issue with the AirPort Extreme (802.11n)

    Hi, I was wondering if anyone could help out with this.
    I am the Design Manager and IT Director at a publishing company where we have just upgraded to an AirPort Extreme (802.11n) base station to drive our network. We went this route as all of our machines are Mac Minis with built-in Airport and we were in a situation where re-doing a hardwire on the building was not going to be a possibility due to budget costs.
    Our new configuration seems to be running very well and has the following devices connected to the AirPort Extreme:
    Linksys Firewall Router (which was used on our old system and was requested by corporate to stay in the lineup to keep the static IP addresses we've already defined for our printers, VPN, etc. intact). The configuration on this part is modem to Linksys router to uplink port on the Airport).
    New Panther, Intel based Xserve connected to the Airport's Ethernet port 1.
    A 4 port ethernet switch connected to the Airport's Ethernet port 2 which drives four of our HP LaserJet printers.
    Ethernet port 3 is not occupied.
    All of the ethernet cords connecting our equipment are brand new.
    For the most part, everything's been running blazing fast with a remarkable speed increase over our old hardwired setup. However, I've received a few complaints about slow speeds when dragging and dropping and working with files that are stored on our Xserve - we get alot of the "spinning wheel" and the transmission speeds seem very slow.
    At present, we have several category 6 ethernet cords on backorder. I was planning on using one to take advantage of the gigabit ethernet capabilities between the Airport and the Xserve (as these are the only two elements of the network that support gigabit ethernet, besides the majority of our Mac Minis. Printers and cable modem are only 10-100 capable, so those will stand as is).
    Can anyone tell me if the gigabit ethernet cord will be the solution to this one slow aspect of the new network? Any other settings I could apply to possibly speed up the transmission time when moving files to and from our server? Good news is that every workstation in the house is getting a full 4 bars.
    Many thanks!

    PS, just wanted to point out that we are also running in bridge mode.
    Thanks!

  • A bug in AirPort Extreme 802.11n

    I'm posting this on behalf of a colleague who has found a bug within the settings of the AirPort Extreme router both to make Apple aware as well as to see if anyone else is coming across this.
    He notes:
    "The bug is that the AirPort Extreme advertises the attached drive (USB) to the wan port via Bonjour even when you have that option disabled in the routers settings.
    ot=out
    The packets in question come exactly every 12 minutes (720 seconds) and are broadcast to 169.254.255.255 from 169.254.232.51 and appear to be smb packets containing the string "MAILSLOT/BROWSE"
    I assume that the from address (169.254.232.51) may change from Airport to Airport (not sure how it picked that address out of the ZeroConf range)"
    Ultimately it seems as though even when Bonjour is turned of in the router it still continues to broad cast across the sub-net. We are just curious as to Who, What, Where, How, and Why?
    Should it be committed as a bug so that this traffic can be completely disabled in the future?
    Is any one else seeing this? If so is it the same IP Address range?
    G3, G4, G5, iMac G5, Xserve G5, XRaid, PowerBook, iBook, MacBook Pro, Mac Mini   Mac OS X (10.4.6)   Have used every Mac OS since version 8 to date.

    Wil,
    Have you learned any more about this? I stumbled upon it because I had a setting on my SonicWall firewall that caused me to get "IP Spoof" Alerts on a regular basis. I started investigating it and finally got enough information to find your post.
    I am rather curious about this problem, why it exists and any work arounds, should they exist. In my case, I found a way to stop the alerts but not stop the "offending" packets. FYI, my thread is over here, but I don't think it adds much to your topic:
    http://discussions.apple.com/thread.jspa?threadID=881394&tstart=0
    Regards,
    Chip

  • How do I configure my Airport Extreme firewall?

    I seem to remeber configuring a firewall on my Airpot Extreme/Time Capsule when I first set it up.  How do I get into it again to check the configuration settings - The Airport Utility does seem to provide a way in.

    There is no "firewall configuration" on the AirPort Extreme. It provides a NAT firewall but this automatically closes all ports apart from the ones you choose to open.

  • How do I access the firewall in Airport Extreme?

    Hello, this may be a very stupid question, but how do I access the firewall in my brand new Airport Extreme?  According to the Apple specifications, it contains a built-in firewall, yet I cannot find any mention of this when using Airport Utility to set up the Extreme.
    I am using the Extreme connected directly to a modem on the UK BT Infinity fibre optic broadband system using PPoE.  The modem is not a combined modem/router, it is a modem only, hence using the Extreme to set up my network, which I have to say (apart from this one question) was incredibly easy.   The wireless system is protected as WPA2 Personal.
    Router mode is "DHCP and NAT" and  "Enable NAT port mapping protocol" is ticked as on - is that it?  Is that all I have do to have the firewall on?  Should I also have "Enable Default Host" ticked as well?  Apologies if this is a silly question - I do not understand firewall set-ups. 
    I am using 10.7.3 Lion on my MacBook Pro and have a Mac Mini on Snow Leopard connected to the Extreme, plus the usual assortment of iPads, iPhones, Apple TV and iPod Touch.

    I don't use this setting, so can't offer much assistance, but do know that your computer is exposed to the Internet, so it will receive all inbound traffic.
    Normally, a typical use of Default Host would be to setup a game console to allow online gaming when NAT settings otherwise would not allow communications to occur.
    You might want to start a new post for your question...but to get informed responses....you will need to state what you are trying to do. what steps you have performed, etc.

  • Howto disable the firewall in AEBS Airport Extreme Base Station

    Is there any way to do that?
    Motivation: I don't want to reroute ports to a DHCP address which changes constantly. Plus: Editing the port reroute list is a pain!
    I have no problems with my Asus WL500gP but this thing just doesn't get printing right while all the other funktions work flawlessly.
    AEBS plus: Canon ip3000 works perfect over WLAN
    AEBS minus: All services relying on ports being redirected are blocked
    I have a firewall in my mac which I can switch on and allow services to whatever I want, for the Airport Extreme Base Station, this simply does not work. If I donwload a new Ubuntu torrent with the Asus it's yipiiee, with the AEBS it's 0KB/s. Great.

    The only way to disable the "firewall" is to configure the AEBS to act as a bridge. In that mode it is not providing local IP addresses for local machines.
    Motivation: I don't want to reroute ports to a DHCP address which changes constantly. Plus: Editing the port reroute list is a pain!
    You can configure the AEBS to use DHCP. You can give one of your computers a static IP address outside the range used by the AEBS's DHCP server. Then you can configure the AEBS to recognize that computer as default host (thing DMZ) or you can forward selected ports only to that computer. Once configured you won't need to change anything since that computer is at a static IP address.

  • AirPort Extreme Gig - No Firewall???

    Just read in a PC mag review that the AirPort Base Station doesn't have a firewall built into it?
    My documentation shows that it does - can I correctly assume that they don't know what they're talking about?
    Mark

    When you configure the AirPort Extreme base station (AEBS) to distribute IP addresses, the combination of DHCP and NAT acts as a firewall. So yes it has a firewall but it isn't an industrial firewall.

  • Airport Extreme HD access and Norton Personal Firewall

    So I have set up my Airport Extreme base station and all is working fine. The only thing is the access to the shared HD from my old PC.
    I have found out that I can connect to it with Airport Disk Utility if I disable Norton Personal Firewall. It then works fine when I start the firewall again, but the next time the PC is started up, it has to be disabled. I have given Airport Disk Utility the highest level of permission in the firewall settings, but that does not seem to help.
    Has anyone found a solutions for this?

    The only way I know that this would have been that "seamless" would be via Back to My Mac (BtMM). BtMM would have required that you had either a MobileMe or iCloud account. Does this sound familar?

  • AIRPORT EXTREME to PS2, FIrewall

    I got my PS2 to go online thru my Airport extreme but it says I that the firewall port (3653?) needs to be opened to join etc.
    On the SHARING portion of the Network set up, I have allowed FTP Access as well as having checked BUILT IN Ethernet
    Should i add anything to the DNS Servers box?
    (my world domination of Burnout Revenge is about to begin as soon as I can get thru the firewall)

    1) Find out the IP address of your AEBS (First page of your Airport utility).
    2) Now we can allocate an IP address for your PS2. Substitude the last number with 201, and we'll make your PS2 at xxx.xxx.xxx.201. Don't use this IP for anything else.
    3) The IP address on PS2/3 is normally assigned automatically, and we want to change it to manual.
    4) Assuming the AEBS is on 10.0.1.1, then enter the follow setting on your PS2:
    IP = 10.0.1.201
    Subnet mask = 255.255.255.0
    Gateway = 10.0.1.1 (AEBS's ip address)
    DNS = 10.0.1.1 (I think it's optional)
    5) Now open your AirPort Utility and goto Advanced > Port Mapping
    6) Add a new rule
    7) Set both public and private UDP port to 3658, if you have older AEBS, the older BS's don't seperate UDP and TCP, so just set private and public to 3658.
    8) Set private address to 10.0.1.201 (address of your PS2) and click continue
    9) That's it.
    Here is the definition of type 2 and type 3 NAT from SONY:
    http://manuals.playstation.net/document/en/ps3/current/settings/connecttest.html
    For type 3 NAT you might be missing out the voice / video chat and online game play, direct communication with other PS3™ systems.
    Message was edited by: dchao99

  • New Base Airport Extreme 802.11n .....bugs

    Well,
    I have just read tens of posts in many forums, included this one.
    It seems that the Base Airport Extreme 802.11n has severe problems of connections to internet.
    That's is also my case.
    This is my config.
    1. Modem NetGear DM111P <--> WAN Base Airport Extreme 802.11n
    2. LAN Base Airport Extreme 802.1n <--> Ethernet iMac 24"
    3. LAN iMac as DHCP auto IP
    4. Base Airport set for PPPoE
    There is no way to get into Internet.
    If I connect the Modem DM111P directly to the iMac 24" LAN the Internet is on, fast, fluid.
    With the Airport in betwwen....no way...
    Any help ?
    I am seriously thinking Apple has distributed a product full of bugs.
    Read other forums with same problem.
    Beppe
    iMac 24"   Mac OS X (10.4.8)   Base Airprt Extreme + 2 x Airport Express

    James,
    Confirmed: the NetGear <--> AEBS <--> iMac does not work.
    I have set the Bridge Mode as you suggest, but nothing, no internet !
    Othe 3 hours of tests in setting tens of conigurations. No one works.
    All the leds of the NetGear Modem as the one in the AEBS are solid green.
    I will return back the NetGear modem to the retailer.
    I am now running with my old Pirelli Modem from Alice Service (Telecom Italia Net) that - even if slower - at least it works.
    I am concluding that the Airport Extreme has seriuos problems of compatibility with the open market modems.
    Apple should check the SW+HW before selling such difficult items as the the Airport Extreme base.
    Just a question: which model/type of modem(s) is(are) effectively compatible with the AEBS ?
    If the retailer will permit me this, I will replace the NetGear (a very good modem...what a pity) with a compatible one with this strange base.
    Thaks for your help.
    Beppe

  • Firewall and AirPort Extreme

    I am hoping someone can direct me to the appropriate place for this (there really needs to be a security forum).
    I need to create a secure wireless network. The features included in the Apple software for the OS and the AirPort Base Station are not enough and we will have to pay fines if we do not secure this network (I say this because I know everyone means well but those that are about to say I don't need anything else might as well know this so they don't waste their time typing). Apparently I need a firewall in between our AirPort base station and the net. I assume this means in between the AEBS and the cable modem (someone correct me if I am wrong). I also assume this has to be a piece of hardware and not software (again, correct me if I am wrong).
    I need to know what I am looking for and where to find it. Does it replace the AirPort Base Station or work with it? Does it hinder our use of the net, AEBS, computers, printers, or anything else in any way? Is it difficult to install?
    TIA

    I just did an <http://grc.com> *Shields Up* test on my Airport Extreme and 192 was NOT open.
    So I'm wondering if you have enabled port 192 by mistake on your Airport base station.
    Perhaps what you want to do is some *Shields Up* scans while playing the your Airport base station configuration options.
    For example do you have *Base Station* -> *Allow configuration over Ethernet WAN port* option enabled?
    Do you have Advanced -> *Allow SNMP* or *Allow SNMP over WAN* enabled?
    Do you have any anything in Advanced -> *Port Mapping*?
    If your using *Shields Up* doesn't show port 192 being open, then perhaps it is not using the same methods your security service is using. In that case work with your security service having them probe while you play with Airport base station configuration options.

  • AirPort Extreme compatibility with native IPv6

    Fibre To The Cabinet becomes available soon in my street, in the UK.
    Speaking to two ISPs who offer IPv6 native service, both say that their customers trying to use AirPort Extreme routers for IPv6 natively are experiencing problems.
    They both say that the device only works when setup in tunnel mode.
    My understanding is that such a setup is inferior.
    Both ISPs blame the device for the lack of compatibility.
    Has anyone here experienced this problem?
    Has anyone here found a provider with whom this works?
    Thanks for any suggestions.

    I tested it, does not really work either. I just submitted an enhancement request via apple.com/feedback to ask if they want to add native v6 over PPPoE.
    I hope they take it into account.

Maybe you are looking for

  • How do I reduce a file size in workspace?

    How do I reduce a file size in workspace?

  • How to find my query ?

    Hellow all ! Re-design I can not find a list of their questions asked by the community. Prompt, where to find them?

  • Can't sync photo's from PC

    I have i-cloud set up on ipad and PC and the photo's box is ticked on both. I am trying to get photo's taken from my camera which I have transferred to my PC onto my ipad. I have copied the required photo's from my PC and pasted into the Photo stream

  • Reverse the service entry sheet

    Hello, I would like to reverse the service entry sheet, as the amount I first entered is wrong. I get the below screen and error message: "A parked invoice already exists for this entry sheet" Could you tell what I should do to change the amount of t

  • PDF creation with jsPDF

    Hello, Has someone use jsPDF ( http://parall.ax/products/jspdf ) to create pdf from animate? I have project where can select images and want the user to create a pdf file for printing with his configurations. If someone has another suggestion, welcom