Goes nowhere. From my POV, blocking ICMP is a pretty useless and as far as IPv6 goes, also completely broken idea. So, we'll agree to disagree.

I talked to CMB a few weeks ago and he probably will consider NAT66… There really are use cases for NAT66. As i told earlier especiallay if you have to use ISP hardware that cannot be changed, doesn't get reconfigured, too small delegated prefix etc... Thanks for the bridging Firewall info, that could be of help. Didn't think of that :-) Allthough NAT is bad in general it wouldn't be too hard to implement it in pfSense; PF supports NAT66 and it would only require small change to the GUI. There has been even code for the pfSense GUI https://github.com/pfsense/pfsense/pull/427   <- even discussed on the forum here…

We are in talks with QSC. They will setup correct Prefix Delegation, so that we hopefully have autoconfiguration pwith pfsense.

+1 on that, need a tunnel iface for that with WAN as parent, not ethernet. The howto should get you started pretty quickly.

IPV6LAN Use the HE client IPv6 address as the interface IPv6 address IPV6DMZ You’re going to type your HE client IPv6 address into the IPv6 address box. And if not what kind of IPv6 adrdress I should use :) instead of the one in the manual? Kind regards Simon

I don't use snort for anything; not worth the myriad of false positives.

No, you don't need any second range from another tunnel broker. Please, read the howto more carefully, it works perfectly fine.

Use 2.1RC snapshots. P.S. You need at least /64 to get usable IPv6 on a router (one network); /56 or better for multiple subnets. /128 is definitely useless (very much doubt it's the case anyway).

that's it: I deleted dhcpd6.leases  and dhcpd6.leases~ in /var/dhcpd/var/db solved

That said, there are still some issues being sorted out with DHCP-PD; see this thread in the 2.1 snapshot section.

According to this article: http://www.zw3b.fr/linux/reseaux/ipv6-derriere-une-freebox-routeur-linux My ISP (Free), send a /64 prefix, which does not allow to have sub-networks. So one of the solution is to create a bridge between LAN and WAN. with: ebtables -t broute -A BROUTING -p ! ipv6 -j DROP brctl addbr br0 ifconfig br0 up brctl addif br0 eth0 brctl addif br0 eth1 I have created a bridge in >Interfaces > Bridge BRIDGE0 : WAN, LAN But what else now? what ipv6 should be assigned to OPT1 (BRIDGE0) and WAN?