Vista Firewall and local IPV6 traffic dropped?

12-12-2007, 11:44 PM

I finally upgraded my XP Pro system to Vista Business and have now
noticed a problem with Vista's firewall, or IPV6, maybe both.

I have some client/server software which I have used in the past. I
typically install the server component and the use client software to
interact with the server. Two such packages include the Apache Tomcat
server with your typical browsers, and also CVSNT (for source code
revision control).

I setup rules in the firewall to allow traffic to both services. But,
when I use client software to connect to the server service, there is
a lengthy delay before a connection is established. After some
research, I enabled the firewall logging and actually see incoming
IPV6 packets being dropped if I refer to the server component using
the machine's network.

For example, using my IE browser to connect to the Tomcat web server
using "http://{machinename}:8080/appName" results in the following:

2007-11-26 20:58:57 DROP TCP fe80::cab:790:3f57:fe99
fe80::cab:790:3f57:fe99 50291 8080 72 S 161832912 0 8192 - - - RECEIVE

2007-11-26 20:58:57 DROP TCP fe80::cab:790:3f57:fe99
fe80::cab:790:3f57:fe99 50292 8080 72 S 60696163 0 8192 - - - RECEIVE

2007-11-26 20:59:00 DROP TCP fe80::cab:790:3f57:fe99
fe80::cab:790:3f57:fe99 50292 8080 72 S 60696163 0 8192 - - - RECEIVE

2007-11-26 20:59:00 DROP TCP fe80::cab:790:3f57:fe99
fe80::cab:790:3f57:fe99 50291 8080 72 S 161832912 0 8192 - - - RECEIVE

2007-11-26 20:59:06 DROP TCP fe80::cab:790:3f57:fe99
fe80::cab:790:3f57:fe99 50292 8080 68 S 60696163 0 8192 - - - RECEIVE

2007-11-26 20:59:06 DROP TCP fe80::cab:790:3f57:fe99
fe80::cab:790:3f57:fe99 50291 8080 68 S 161832912 0 8192 - - - RECEIVE

The Apache Tomcat server listens on TCP port 8080 for incoming
connections.

Also, using the CVSNT client software to try to connect to the server
using the machine name results in the following:

2007-12-08 16:20:51 DROP TCP fe80::2c75:1433:3f57:fef5
fe80::2c75:1433:3f57:fef5 54212 2401 72 S 47232140 0 8192 - - -
RECEIVE
2007-12-08 16:20:54 DROP TCP fe80::2c75:1433:3f57:fef5
fe80::2c75:1433:3f57:fef5 54212 2401 72 S 47232140 0 8192 - - -
RECEIVE
2007-12-08 16:21:00 DROP TCP fe80::2c75:1433:3f57:fef5
fe80::2c75:1433:3f57:fef5 54212 2401 68 S 47232140 0 8192 - - -
RECEIVE
2007-12-08 16:21:25 DROP TCP fe80::2c75:1433:3f57:fef5
fe80::2c75:1433:3f57:fef5 54213 2401 72 S 351475315 0 8192 - - -
RECEIVE
2007-12-08 16:21:28 DROP TCP fe80::2c75:1433:3f57:fef5
fe80::2c75:1433:3f57:fef5 54213 2401 72 S 351475315 0 8192 - - -
RECEIVE
2007-12-08 16:21:34 DROP TCP fe80::2c75:1433:3f57:fef5
fe80::2c75:1433:3f57:fef5 54213 2401 68 S 351475315 0 8192 - - -
RECEIVE

The CVSNT server listens on port TCP port 2401 for incoming
connections.

If I refer to the host component using 'localhost' instead of the
machine's network name, the connection is established almost
immediately, with no delay. The delay only occurs when connecting to
the sever component using the machine name.

Also, "ping localhost" results in timely responses. If I try
"ping {machinename}", there is no response. The log file shows:

2007-12-08 19:06:50 DROP ICMP fe80::3416:f3:3f57:fef5
fe80::3416:f3:3f57:fef5 - - 80 - - - - 128 0 - RECEIVE
2007-12-08 19:06:54 DROP ICMP fe80::3416:f3:3f57:fef5
fe80::3416:f3:3f57:fef5 - - 80 - - - - 128 0 - RECEIVE
2007-12-08 19:06:59 DROP ICMP fe80::3416:f3:3f57:fef5
fe80::3416:f3:3f57:fef5 - - 80 - - - - 128 0 - RECEIVE
2007-12-08 19:07:04 DROP ICMP fe80::3416:f3:3f57:fef5
fe80::3416:f3:3f57:fef5 - - 80 - - - - 128 0 - RECEIVE
2007-12-08 19:11:08 DROP ICMP fe80::3416:f3:3f57:fef5
fe80::3416:f3:3f57:fef5 - - 80 - - - - 128 0 - RECEIVE
2007-12-08 19:11:19 DROP ICMP fe80::3416:f3:3f57:fef5
fe80::3416:f3:3f57:fef5 - - 80 - - - - 128 0 - RECEIVE

For testing/debugging, I have created rules for both services which
are enabled, allow the connections, specify the exact path/filename of
the service, any protocol, any port, for any local/remote ip address
for all profiles.

Can anyone provide some information why references to the machine name
result in IPV6 packets being dropped by the Vista firewall?

TIA.

12-19-2007, 01:51 AM

On Wed, 12 Dec 2007 18:44:55 -0600, Ernie <user@nospam.net> wrote:

Quote:

>
>I finally upgraded my XP Pro system to Vista Business and have now
>noticed a problem with Vista's firewall, or IPV6, maybe both.
>

Has no one noticed this type of problem? Or is my problem description
too vague? Do I need provide additional information?

12-12-2007, 11:44 PM	#1 (permalink)
Vista Firewall and local IPV6 traffic dropped? I finally upgraded my XP Pro system to Vista Business and have now noticed a problem with Vista's firewall, or IPV6, maybe both. I have some client/server software which I have used in the past. I typically install the server component and the use client software to interact with the server. Two such packages include the Apache Tomcat server with your typical browsers, and also CVSNT (for source code revision control). I setup rules in the firewall to allow traffic to both services. But, when I use client software to connect to the server service, there is a lengthy delay before a connection is established. After some research, I enabled the firewall logging and actually see incoming IPV6 packets being dropped if I refer to the server component using the machine's network. For example, using my IE browser to connect to the Tomcat web server using "http://{machinename}:8080/appName" results in the following: 2007-11-26 20:58:57 DROP TCP fe80::cab:790:3f57:fe99 fe80::cab:790:3f57:fe99 50291 8080 72 S 161832912 0 8192 - - - RECEIVE 2007-11-26 20:58:57 DROP TCP fe80::cab:790:3f57:fe99 fe80::cab:790:3f57:fe99 50292 8080 72 S 60696163 0 8192 - - - RECEIVE 2007-11-26 20:59:00 DROP TCP fe80::cab:790:3f57:fe99 fe80::cab:790:3f57:fe99 50292 8080 72 S 60696163 0 8192 - - - RECEIVE 2007-11-26 20:59:00 DROP TCP fe80::cab:790:3f57:fe99 fe80::cab:790:3f57:fe99 50291 8080 72 S 161832912 0 8192 - - - RECEIVE 2007-11-26 20:59:06 DROP TCP fe80::cab:790:3f57:fe99 fe80::cab:790:3f57:fe99 50292 8080 68 S 60696163 0 8192 - - - RECEIVE 2007-11-26 20:59:06 DROP TCP fe80::cab:790:3f57:fe99 fe80::cab:790:3f57:fe99 50291 8080 68 S 161832912 0 8192 - - - RECEIVE The Apache Tomcat server listens on TCP port 8080 for incoming connections. Also, using the CVSNT client software to try to connect to the server using the machine name results in the following: 2007-12-08 16:20:51 DROP TCP fe80::2c75:1433:3f57:fef5 fe80::2c75:1433:3f57:fef5 54212 2401 72 S 47232140 0 8192 - - - RECEIVE 2007-12-08 16:20:54 DROP TCP fe80::2c75:1433:3f57:fef5 fe80::2c75:1433:3f57:fef5 54212 2401 72 S 47232140 0 8192 - - - RECEIVE 2007-12-08 16:21:00 DROP TCP fe80::2c75:1433:3f57:fef5 fe80::2c75:1433:3f57:fef5 54212 2401 68 S 47232140 0 8192 - - - RECEIVE 2007-12-08 16:21:25 DROP TCP fe80::2c75:1433:3f57:fef5 fe80::2c75:1433:3f57:fef5 54213 2401 72 S 351475315 0 8192 - - - RECEIVE 2007-12-08 16:21:28 DROP TCP fe80::2c75:1433:3f57:fef5 fe80::2c75:1433:3f57:fef5 54213 2401 72 S 351475315 0 8192 - - - RECEIVE 2007-12-08 16:21:34 DROP TCP fe80::2c75:1433:3f57:fef5 fe80::2c75:1433:3f57:fef5 54213 2401 68 S 351475315 0 8192 - - - RECEIVE The CVSNT server listens on port TCP port 2401 for incoming connections. If I refer to the host component using 'localhost' instead of the machine's network name, the connection is established almost immediately, with no delay. The delay only occurs when connecting to the sever component using the machine name. Also, "ping localhost" results in timely responses. If I try "ping {machinename}", there is no response. The log file shows: 2007-12-08 19:06:50 DROP ICMP fe80::3416:f3:3f57:fef5 fe80::3416:f3:3f57:fef5 - - 80 - - - - 128 0 - RECEIVE 2007-12-08 19:06:54 DROP ICMP fe80::3416:f3:3f57:fef5 fe80::3416:f3:3f57:fef5 - - 80 - - - - 128 0 - RECEIVE 2007-12-08 19:06:59 DROP ICMP fe80::3416:f3:3f57:fef5 fe80::3416:f3:3f57:fef5 - - 80 - - - - 128 0 - RECEIVE 2007-12-08 19:07:04 DROP ICMP fe80::3416:f3:3f57:fef5 fe80::3416:f3:3f57:fef5 - - 80 - - - - 128 0 - RECEIVE 2007-12-08 19:11:08 DROP ICMP fe80::3416:f3:3f57:fef5 fe80::3416:f3:3f57:fef5 - - 80 - - - - 128 0 - RECEIVE 2007-12-08 19:11:19 DROP ICMP fe80::3416:f3:3f57:fef5 fe80::3416:f3:3f57:fef5 - - 80 - - - - 128 0 - RECEIVE For testing/debugging, I have created rules for both services which are enabled, allow the connections, specify the exact path/filename of the service, any protocol, any port, for any local/remote ip address for all profiles. Can anyone provide some information why references to the machine name result in IPV6 packets being dropped by the Vista firewall? TIA.	Ernie Guest Posts: n/a

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Vista AD Member - Explorer non-responsive when 445 traffic dropped	Jason R. Coombs	Windows Vista Administration	0	10-31-2007 01:43 AM
How to Disable IPV6 on Local host	RayG	Windows Vista Networking & Sharing	0	10-15-2007 04:11 PM
Vista firewall not blocking outbound traffic despite explicit rules to do so	Roof Fiddler	Windows Vista Security	11	02-12-2007 07:08 PM
ipv6 connection firewall	2scoopes	Windows XP Help & Support	0	11-13-2003 06:08 PM
xp firewall block my VPN netbios traffic	zhu zhu	Windows XP Network & Web	0	08-27-2003 06:53 AM

Vista Firewall and local IPV6 traffic dropped?

Similar Threads