InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

ABE blocks IPv6 address during Admin login

https://forums.informaction.com/viewtopic.php?t=20051

Page 1 of 1

ABE blocks IPv6 address during Admin login

Posted: Tue Sep 09, 2014 8:30 pm
by Allen C
I am running a dual protocol IPv4 / IPv6 local network At the moment there is no IPv6 connection to the outside world.

A local DNS server resolves <hostname> to a correct IP4 and/or IP6 address.

Connecting to a normal website / wiki is fine with either IPv4 or 6; Logging in to the firewall as administrator is also OK using either protocol.

However, when I try to log in to a Synology NAS unit (the url typed in is "fileserver:5000"), with an IP4 address it works perfectly, but when I use a IP6 address I see the error:- filtered by ABE <LOCAL> Deny

I am running Firefox 25.0 and Noscript Ver 2.6.8.40 on a Mint 12 system the most recent versions my PC will support :-(

There doesn't seem to be a method of whitelisting an IPv6 subnet... Any ideas?

Allen C

Re: ABE blocks IPv6 address during Admin login

Posted: Tue Sep 09, 2014 9:02 pm
by Giorgio Maone
May I look at any [ABE] message you can find in your Browser Console (Ctrl+Shift+J)?

Re: ABE blocks IPv6 address during Admin login

Posted: Wed Sep 10, 2014 2:23 pm
by Allen C
Giorgio Maone wrote:May I look at any [ABE] message you can find in your Browser Console (Ctrl+Shift+J)?
Many for thanks your prompt reply

[15:10:00.634] [ABE] <LOCAL> Deny on {GET http://fileserver:5000/webman/index.cgi <<< http://fileserver:5000/, chrome://browser/content/browser.xul - 6}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
[15:10:00.657] TypeError: this.proxs.resolve is not a function @ chrome://dndetails/content/dndetails.js:280


In reality this is something I can live with; it is easy enough to force an IPv4 address - but I thought it might help others if there is a general solution.

Allen C

Re: ABE blocks IPv6 address during Admin login

Posted: Wed Sep 10, 2014 9:12 pm
by Giorgio Maone
It looks like a bug I'm investigating (this load shouldn't trigger because it's initiated from the browser UI).

Anyway you can work around it by inserting the following code in the very beginning of the SYSTEM ruleset:

Code: Select all

Site LOCAL
Accept from ^http://fileserver:5000/

Re: ABE blocks IPv6 address during Admin login

Posted: Thu Sep 11, 2014 2:47 pm
by Allen C
Many thanks - your fix works a treat.

FYI I am using a "Unique Local" address prefix - fd74:f320:7637:e574::/64
Unique-local addresses have the advantage over site-local in that they can be routed, or even tunneled to another site. There are no consequences if they leak onto the worldwide internet.

The prefix was randomly generated, as recommended by the RFI's. Simpledns.com have a web page which generates such prefixes. I am sorely tempted, though, to use prefix that I can actually remember, based on my date of birth, perhaps :-)

Once again, thanks for your help

Allen C
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited