MyCloud NAS & IPv6

Irgendwas mit Gartenbau...

So we had “non-deterministic” issues connecting to our Western Digital MyCloud NAS on the home network…until I started drilling down into it. Our workaround was typing in its local IPv4 address instead of nas.local. Which is of course annoying. So the non-determinism was whether we were running with IPv6 enabled or not on the laptops, which changes a bit, since I’m using a tunnel to HE.net which terminates in Sweden and messes up the occassional geo-ip.

It turns out it started breaking when I turned on IPV6, since the management interface listens on *:80, but on IPv6 you only get 403s:

% curl -v -o /dev/null http://192.168.10.2
* Connected to 192.168.10.2 (192.168.10.2) port 80
> GET / HTTP/1.1
> Host: 192.168.10.2
> User-Agent: curl/8.7.1
> Accept: */*
> 
< HTTP/1.1 200 OK

% curl -v -o /dev/null http://nas.local   
* IPv6: 2001:470:...
* IPv4: 192.168.10.2
*   Trying [2001:470:...]:80...
* Connected to vnest.local (2001:470:...) port 80
> GET / HTTP/1.1
> Host: nas.local
> User-Agent: curl/8.7.1
> Accept: */*
> 
< HTTP/1.1 403 Forbidden

Well done, Western Digital, well done.

There is a configuration file on the NAS in /etc/nasAdmin.toml which defines listening ports, but not addresses, and I’m not getting paid for reverse-engineering their crap.

So any IPv6 connections to port 80 are now terminated by OPNSense, which at least helps clients on the wifi, though not necessarily the …checks notes… single computer connected to the Ethernet.