IPV6 and firewall rules with dynamic IPV6
-
We seem to have different philosophies. I have always been a techie, who likes to learn. For example, I recently started training on Avaya IP Office. I also have decades of experience, which allows me to see the shortcomings of IPv4. I first saw those when I was first learning about IPv4, with only 4 billion addresses. That was in 1995. Shortly after, I read about IPv6 in the April 1995 issue of Byte magazine and realized that was the way forward. Even Vint Cerf has said that 32 bit addresses were only for a demonstration and he planned on much larger address space. Also, over the years, I have come across a lot of people who don't seem to have much ambition to learn more about the technology and just stick their head in the sand. They seem to think adding hacks on hacks to get around the address shortage is a good idea, rather than move to IPv6. IPv4 has been inadequate for decades. In addition to the huge address space, IPv6 brings other benefits, as the designers were able to look at IPv4 to see what the short comings were. That's the reason there are no broadcasts in IPv6 or things like arp moved into ICMP, etc.. IPv4 is holding the Internet back. It's long past time to move fully to IPv6.
-
@johnpoz Well to be honest, internet its self is not something i consider a need. Its a luxury and a tool that is nice to have. It certainly makes life more efficient.
My use case is so my kid and i can both play on xbox live and connect to parties without issues.
Believe it or not, once ipv6 is on, it works flawlessly, where with ipv4 it has all sorts of connection issues.The problem i run into, is that my kid is also a teen that sometimes needs internet regulated to enforce household rules.
It would be nice to have the luxury of the whole family being able to play on xbox live without connection issues while also being able to use rules that contain alias's and schedules.So there is your first real world ipv6 use case.
Xbox live with multiple xbox's on a single connection.So my need is a more enjoyable time with my family when we have family game sessions.
The effort is worth it. Especially if i learn something along the way.
I am a pretty decent hardware guy. I can do anything i have ever needed with IPV4.
It would be nice to get to the same level of understanding with IPV6, and while i follow a lot of the basics, im still struggling with how to make things work within the restrictions i have due to my ISP of which i have no real choice.
I am grateful that my ISP supports IPV6 at all, however their support is laughable when it comes to asking them anything.
Their response is plug in the modem we sent you and see how well it works while we gobble up your data. mmmmm 'nipple twist'So any an all help is appreciated.
The Hurricane Electric thing is not something im aware of. Where can i find more info on that, what it is, how to configure it with PFSense?
I will google search it also, but i figure you might have good links handy or otherwise enjoy sharing about it. If not, all good, im sure there are resources out there.
Also, i have a gigabit connection, can it keep up with that kind of speed?
I am imagining its something along the lines of a vpn like connection which is why i ask so if that will be answered once i google it, dont worry about taking the time to response on that. :-) -
@jknott said in IPV6 and firewall rules with dynamic IPV6:
You should call their help desk and ask. Do they have a community forum where you can ask questions?
I wish that was an option. Their response is to plug their modem back in and see how it magically works. And sure it works, and everything is wide open. Let alone there are zero features.
I do understand the suggestion though.
Honestly in the past i tried to kindly escalate to someone that would know something. After many hours on the phone of begging i did get to someone that seemed quite knowledgeable, and that understood my struggle and wished me luck. haha
Their policy is plug the modem back in and see how magically it works. Past that, they wont even respond to their own tech support when they do go asking about things. -
@johnpoz said in IPV6 and firewall rules with dynamic IPV6:
If his isp does not provide stable easy to use IPv6 that meets his needs/wants - then change ISP, good luck here in the states actually finding a isp that does IPv6 correctly or well even that is not business level connectivity ;)
You said it yourself, changing ISP's is not an option. The choice doesnt have half the speed and charges 3 times as much. Without exaggerating. I am considerably lucky to be in an area of town close enough to the ISP to have fiber at this point. They are only starting to build out.
@johnpoz said in IPV6 and firewall rules with dynamic IPV6:
Or the simple solution for most home users - just not use it ;) Come back to it in 3 to 5 years and see if ready for prime time at that point..
Funny you should say that, i first started trying to use IPV6 about 5 years ago, came back to it a couple times since then. Even as recently as a few months ago on this forum.
Haven't had much luck each time in the past.
This time seems to be not much different.
If only PFsense supported alias's with dynamic IPV6 address's. sigh -
@johnpoz said in IPV6 and firewall rules with dynamic IPV6:
@jknott said in IPV6 and firewall rules with dynamic IPV6:
I read that China plans to be single stack IPv6 only by 2030
Thats great - have never in my life ordered anything from site hosted in China ;)
So you think this site that sells stuff, so they need people to get to it is going to ONLY be available via IPv6? You want to make a bet ;)
2030 huh, its 2021.. Lets say plan on doing it by 2025 even, and just blocking all access from IPv4 after some future cut off date. That is not today, that is not next week, that is not next year even.. So in the current state of affairs there is zero "need" for it.. And from your statement its almost a decade away from a point where he would need IPv6 to order something from china ;) Which I would bet a HUGE sum of money is not going to be the case.. Blocking or preventing access from IPv4 is multiple decades down the road - no matter how much you might want it to be sooner.. Even if XYZ company or country said - hey you can only talk to us on IPv6.. Do you not feel that countries/ISP that are still behind would not put in methods to talk from their IPv4 network to these IPv6 IPs.. Just like how your IPv6 only phone now today talks to IPv4 networks.. Hopefully with a properly deployed IPv6 network for their users - but clearly this is not the case with his current isp and 6rd ;)
To be honest countries or companies that would have the balls to do such a thing and say hey on date X, we are turning off IPv4 and will only communicate with IPv6 would be one way to push the adoption to IPv6 along and actually get it done in our lifetimes ;) hehehe
Even if that date was 10 years in the future.. Not saying IPv6 is not the future, its just that future is not any time soon, and sure not in a state now that anyone that doesn't want to play with IPv6 and spend the cycles to learn it and get up to speed with it really needs to be concerned with it..
And it sure not in a state where some user that wants to allow 1 or couple of his machines to use IPv6 should spend any cycles dicking with 6rd where his prefix changes as the wind blows. If his isp does not provide stable easy to use IPv6 that meets his needs/wants - then change ISP, good luck here in the states actually finding a isp that does IPv6 correctly or well even that is not business level connectivity ;) Or just use say HE where he can get a static /48... I have had mine for like 10+ years, it works.. It takes a couple of minutes to setup.. It would give him all the flexibility he could want to add IPv6 to his network that is stable, easy to manage and configure.
Or the simple solution for most home users - just not use it ;) Come back to it in 3 to 5 years and see if ready for prime time at that point..
Yeah, and Xbox live is a good use case for it right now. I assume youll see my other comment about what im trying to do so i wont re-explain.
-
Check your IPv4 address. As I mentioned 6rd uses it to determine your prefix. Maybe your ISP can do something with it.
-
@cr8tor said in IPV6 and firewall rules with dynamic IPV6:
Their policy is plug the modem back in and see how magically it works. Past that, they wont even respond to their own tech support when they do go asking about things.
My ISP has provided native IPv6 for about 6 years and via 6rd and 6to4 before that. I used 6in4 from a tunnel broker for almost 6 years before my ISP offered native IPv6. My ISP has a community forum, where I'm occasionally referred to as an expert(?) on pfsense. I have also noticed that the support people generally know IPv6, but not the finer details that can affect service.
-
@jknott said in IPV6 and firewall rules with dynamic IPV6:
Check your IPv4 address. As I mentioned 6rd uses it to determine your prefix. Maybe your ISP can do something with it.
It may be used to determine my prefix, however my address changes each time i reboot their ONT or my PFSense box.
Their is nothing they will do. "Plug in the modem that is supposed to be there" is all they care about and will not help past that.I appreciate your help.
It seems that until PFsense supports an alias with a dynamic IPV6 address's i'm hosed.Side note, i'm finding that the hurricane electric tunnel does not play nice with Xbox live so it doesn't seems to be an option at the moment. Am still researching though.
By the time i get all this working our last kid will be grown and out of the house and it wont matter any more.
-
@jknott said in IPV6 and firewall rules with dynamic IPV6:
My ISP has a community forum
My ISP refers to Facebook as a community forum. haha
-
@cr8tor said in IPV6 and firewall rules with dynamic IPV6:
i'm finding that the hurricane electric tunnel does not play nice with Xbox live
And why is that.. the xbox wouldn't have any idea your running through a tunnel - just like your tunnel your using via 6rd..
If all you want it for is your xbox - put that on its own vlan.. Only box on that vlan - then who cares if its IPv6 address changes via 6rd..
-
@johnpoz said in IPV6 and firewall rules with dynamic IPV6:
@cr8tor said in IPV6 and firewall rules with dynamic IPV6:
i'm finding that the hurricane electric tunnel does not play nice with Xbox live
And why is that.. the xbox wouldn't have any idea your running through a tunnel - just like your tunnel your using via 6rd..
If all you want it for is your xbox - put that on its own vlan.. Only box on that vlan - then who cares if its IPv6 address changes via 6rd..
Because a moderator on an xbox live forum said so. Please note, i did also finish with "Am still researching though." Far be it for a forum moderator to be incorrect.
You sure do seem sour. Not pleasant to deal with. But alas, thanks for the suggestions anyways.
I know im not always the best to deal with either so i am not flaming, just sharing.
I am curious. Are you currently drunk so as "to spend time with his fools".
That seems like an odd quote to have in your signature. Seems to imply we are fools.