NPt IPv6 behind double nat
-
I'm trying to establish native IPv6 from my dsl provider the wan connection is behind a double nat I got a /48 assigned which the wan interface chooses a /64 prefix from. However I want to utilize NPt and mask other prefixes from my lan to a different prefix which is assigned to the wan interface.
IPv6 works from the WAN interface, masking works as well when I check the outgoing traffic then the outgoing traffic is mapped from fd01::/64 to a defined prefix /64 from the /48. However traffic isn't routed. How can I route this traffic.
-
@Ofloo said in NPt IPv6 behind double nat:
I'm trying to establish native IPv6 from my dsl provider the wan connection is behind a double nat
That's what's killing you. You want your modem in bridge mode, so that DHCPv6-PD can work.
-
@JKnott I know that's what I want but that's not possible as it also has LTE fallover basically it's doing what pfsense would do better. But this is delivered by the ISP. So is there a way to forward the packets ?
-
@Ofloo If your router can't further delegate IPv6, then no. All you could do is NATing pfSense WAN-address, like with IPv4, not NPt.
-
@Bob-Dig I guess but how would you delegate this further then? Just wondering what that exactly means. Static routes wouldn't help right?
or something like this?
-
@Ofloo said in NPt IPv6 behind double nat:
or something like this?
So you have a Fritzbox, many are able to further delegate, you find the option here:
-
@Bob-Dig I've set the setting of dhcp to what you've told me and client to dhcp instead of slaac, however no difference. pfsense it self does route however the clients in a different /64 do not. Are there any additional settings I need to set to the dhcp client?
-
@Ofloo WAN has to be DHCPv6, DHCPv6 Prefix Delegation size 60 for now; LAN has to be Track Interface.
-
@Bob-Dig I get what you're trying to do but I use NPt so actually the lan interfaces have a static ip outside that range as I want to be able to failover inside my lan and so I don't want my devices to get a IP from the isp range. As I have multiple isp.
-
@Ofloo said in NPt IPv6 behind double nat:
I get what you're trying to do
Are your prefixes dynamic? If so you first have to make sure that Track Interface is working in general.
-
@Bob-Dig not dynamic prefixes but ULA prefixes which are mapped to a routable IPv6 NAT 1:1
like you set fc08::1000 to a client then you can route it with NPt to whatever prefixes you own you just map ULA/64 to native /64 used to do it many times you can do this with he.net native IP and have failover links and choose which interface to use.
So all the IPv6 are static but not in the range of the routable IPv6 prefix
However never done it with double NAT seems to be tricky
