From 60fa26be2834a536de8629704a33149681463a46 Mon Sep 17 00:00:00 2001 From: Monviech Date: Mon, 25 May 2026 15:55:43 +0200 Subject: [PATCH 1/3] net/ndp-proxy-go: Fix some small details in manual --- source/manual/ndp-proxy-go.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source/manual/ndp-proxy-go.rst b/source/manual/ndp-proxy-go.rst index c99ea9ae..db3c03be 100644 --- a/source/manual/ndp-proxy-go.rst +++ b/source/manual/ndp-proxy-go.rst @@ -182,7 +182,9 @@ Verify the setup by pinging an IPv6 location on the internet. .. Attention:: - Since in the default setup, the router advertisements of the ISP are used, please stop any other router advertisement daemons on the LAN interface. + In the default setup, the Router Advertisements from the ISP are forwarded directly. + Any other Router Advertisement daemons on the LAN interface must be disabled, for example in + :menuselection:`Services --> Router Advertisements` and :menuselection:`Services --> Dnsmasq DNS & DHCP`. Firewall Rules @@ -420,7 +422,7 @@ The proxy must install host routes to target the individual downstream clients: - route deleted: "IPv6 address" - A route was deleted, most likely the client was offline longer than the neighbor caching time, or it changed its IPv6 address via privacy - extension. On a clean shutdown, all routes of learned clients in the cache will be deleted. + extension. - route add err: exit status 1 (out: add host "IPv6 address": gateway eth0 fib 0: route already in table) - There is already a different route that would overlap with the one the proxy tries to install. From 4512368e0b7605676d567f0f823ee0852208254b Mon Sep 17 00:00:00 2001 From: Monviech Date: Mon, 25 May 2026 15:56:45 +0200 Subject: [PATCH 2/3] net/ndp-proxy-go: Fix some small details in manual --- source/manual/ndp-proxy-go.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/manual/ndp-proxy-go.rst b/source/manual/ndp-proxy-go.rst index db3c03be..abc72332 100644 --- a/source/manual/ndp-proxy-go.rst +++ b/source/manual/ndp-proxy-go.rst @@ -148,7 +148,7 @@ In such a setup, your router will not receive a prefix delegation via DHCPv6-PD, Settings -------------------------------------------------- -Go to :menuselection:`Interfaces --> WAN` +Go to :menuselection:`Interfaces --> WAN` and select SLAAC as IPv6 configuration. ============================================== ==================================================================== **IPv6 Configuration Type** ``SLAAC`` @@ -156,7 +156,7 @@ Go to :menuselection:`Interfaces --> WAN` Save the settings. -Go to :menuselection:`Interfaces --> LAN` and choose either a link-local IPv6 configuration. +Go to :menuselection:`Interfaces --> LAN` and select link-local as IPv6 configuration. ============================================== ==================================================================== **IPv6 Configuration Type** ``link-local`` From dc9969b3dad4c70e3869885012b2a8825ac248bf Mon Sep 17 00:00:00 2001 From: Monviech Date: Mon, 25 May 2026 21:32:35 +0200 Subject: [PATCH 3/3] Fix typo in alias name, and hint about alias usage --- source/manual/ndp-proxy-go.rst | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/source/manual/ndp-proxy-go.rst b/source/manual/ndp-proxy-go.rst index abc72332..282efb75 100644 --- a/source/manual/ndp-proxy-go.rst +++ b/source/manual/ndp-proxy-go.rst @@ -180,13 +180,19 @@ After applying the configuration, all devices in your LAN network will autogener the router as their default gateway. Check the firewall rules on LAN if IPv6 is allowed to any destination. Verify the setup by pinging an IPv6 location on the internet. -.. Attention:: +.. Note:: In the default setup, the Router Advertisements from the ISP are forwarded directly. Any other Router Advertisement daemons on the LAN interface must be disabled, for example in :menuselection:`Services --> Router Advertisements` and :menuselection:`Services --> Dnsmasq DNS & DHCP`. +.. Attention:: + + The default firewall aliases (e.g., LAN network) will not contain any proxied IPv6 addresses. + Either follow the `Firewall Rules` example, or set the source to any in your default IPv6 allow rule. + + Firewall Rules -------------------------------------------------- @@ -198,7 +204,7 @@ Since only learned clients are added, the alias will always have an up to date s .. Note:: The proxy only learns IPv6 addresses that are inside the WAN on-link prefix and only of clients it manages. - These aliases are not for general use, but only for combination with the proxy to ease creating the correct firewall rules. + After initial setup, it can take a few minutes until all clients have been learned. - Go to :menuselection:`Firewall --> Aliases` and create these aliases: @@ -206,7 +212,7 @@ Since only learned clients are added, the alias will always have an up to date s ================================== ======================================================================================================= Option Value ================================== ======================================================================================================= -**Name** ``ndp_proxy_all`` (Will contain all learned IPv6 addresses) +**Name** ``ndp_proxy_global`` (Will contain all learned IPv6 addresses) **Type** ``External (advanced)`` ================================== ======================================================================================================= @@ -254,8 +260,6 @@ Option Value ============================================== ==================================================================================================== - Press **Apply** - -Now your IPv6 firewalling is tight. It is self-healing when client addresses change due to IPv6 privacy extensions or when the on-link prefix changes. .. Tip::