Cannot Open Ports

kilasin

@JKnott Could you help me setup ipv6 on pfsense to work. I know am following guides but not understanding half the stuff to be honest and i figured that in plex i can use the ipv6 function to work so that seems like it can work flawlessly.

Regarding the plex its not for my friends but for me and my wife to be honest noone else has access to it and i travel a bit for work so i like having my plex setup.

I am using this guide

A big thank you for this. For anyone reading and has pfsense.
##############################################

I am using: 21.02.2-RELEASE (arm64)

Step 1: Go to Interfaces > Your Starlink WAN Interface

** Note your interface id in brackets and remember it. Mine was (mvneta0.4090)

General Configuration:

You can keep IPV4 DHCP
Set IPV6 Configuration Type: DHCP6

DHCP6 Client Configuration

With everything unchecked:
CHECK: Use IPv4 connectivity as parent interface
CHECK: Request only an IPv6 prefix
Set to 56: DHCPv6 Prefix Delegation size
CHECK: Send IPv6 prefix hint
CHECK: Do not wait for a RA
Save
Apply Changes

Step 2: Go to Interfaces > Your LAN Interface

Track IPv6 Section

IPv6 Interface: Starlink WAN
IPv6 Prefix ID: 0
Save
Apply Changes

Step 3. Go to System > Advanced then the Networking Tab.

CHECK: Allow IPv6Save

Step 4. System > Routing

Select your Starlink IPv6 gateway
Set Monitor IP: 2001:4860:4860::8888

Step 5. Setup a Cron

Method 1: Cron Package
Go to System > Package Manager and open Available Packages Tab
Install Cron
Go to Services > Cron

Add Cron and use the below settings: (Change my mvneta0.490 to your Starlink WAN id)

*/2
*
*
*
*
root
/sbin/rtsol mvneta0.4090
Save

johnpoz

@kilasin said in Cannot Open Ports:

I am using: 21.02.2-RELEASE (arm64)

dude!! that is ancient version.. 24.11 is current - your first step would be to upgrade to a current and supported version of pfsense

kilasin

@johnpoz ok i am using pfsense the current version 2.7.2 amd 64 but ya i cant find anything regarding guide that is current. i might be blind sorry mate like i said not networking guru here just a normal guy learning this stuff for my own safety and knowledge

JKnott

@johnpoz said in Cannot Open Ports:

Stilling waiting you to name 1 actual resource that would require me to use IPv6.. Been years since been asking you for just one. ;)

As I mentioned before and you also mentioned in this thread, look at your cell phone. It's IPv6 only. Watch TV? If you get it from your ISP, as I do, there's a good chance it's over IPv6.

Yes, people like you are part of the problem, if it's available, in that they're discouraging the move to IPv6. Your ISP is also the problem. I'm in Canada, where my ISP/cable TV/cell network are all the same company and they've provided IPv6 for years. They've had native IPv6 on cable for around 9 years and used 6rd and 6to4 tunnels before that. Other companies provide IPv6, but one, Bell Canada, does not provide it to consumers, even though 3rd party ISPs that use Bell to reach their customers do. Even Bell's cell network doesn't do IPv6 properly. This makes Bell, like your ISP, part of the problem. The inadequacy of IPv4 has been known for decades, and there's simply no excuse for a) ISPs not providing it and b) customers who have it available but don't configure their routers to use what's already available to them.

As I mentioned a while ago, I took some networking classes, including TCP/IP, at a local college almost 30 years ago. Even back then, sitting in that class, I knew 32 bits was not enough. IPv6 was already in development back then and I first read about it in the April 1995 issue of Byte magazine. I have been an advocate of it since then, as it is simply what should be used, instead of all these hacks and hacks on top of hacks, just to get around the IPv4 address shortage.

As for the big carriers dropping IPv4, that means dropping something they already have, even when they provide IPv6. They'll continue to do so, as long as people insist on hanging on to IPv4, even if that means forcing them on CGNAT.

Maybe I'm of this opinion because most of my career, going back to 1972, has been in telecommunications, mostly data communications.

Incidentally, when I first started with IPv6, in May 2010, I used a 6in4 tunnel, though not with he.net. While I had a /56 prefix on my home network, I had my notebook computer configured to get a single address, with a 6in4 tunnel, when I was away from home. These days, I just fire up my VPN to my home network, if I need to.

Maybe you should be asking your ISP when they're going to get IPv6.

JKnott

@kilasin said in Cannot Open Ports:

@JKnott Could you help me setup ipv6 on pfsense to work.

I can try, though I have no experience with Starlink. Here's my info on connecting to my ISP, though it also applies to others. What I find curious is your instructions say to request only a prefix, when the link I provided says they provide a /64 prefix for your WAN, which implies you'd get an address on your WAN port. However, that's not important as you don't actually need one and some other ISPs also don't provide one. One thing you could try is capture your DHCPv6-PD sequence, so that we can see what's actually happening. When you do that, post the capture file here, not what Packet Capture displays, as it doesn't show everything.

kilasin

@JKnott

So i got the IPv6 running and got my lan also dchping addresses in IPv6 now to make this work with Plex lol

Also @johnpoz Thanks so much mate for helping and providing both options the tunneling and possibly ipv6

Both of you guys thank you.. I see you guys have differences however, having knowledge on both is extremely helpfull for not only me but everyone.

Sigh now next part of my problem pass through plex with ipv6 wish me luck

JKnott

@kilasin said in Cannot Open Ports:

also dchping addresses in IPv6

You might want to consider using SLAAC, instead of DHCPv6, if you have any Android devices. Thanks to some genius at Google, Android doesn't support DHCPv6.

kilasin

@JKnott
So I got my dchp6 working great.. I even have my unraid server having both ipv4 and ipv6 addresses which i can see in pfsense. I can log in plex anywhere woot woot ... Holy mollly this is amazing lol lol but wow phones and tvs already got ipv6 addresses and i can have access to use ddns on it,, I never knew this junk dude its good to know things

JKnott

@kilasin

You shouldn't have to use ddns, if Elon did things right. Normally, you'd have a consistent prefix. I've had mine for over 5 years and that's even with my cable modem and the computer I run pfSense on being replaced. I just use an ordinary external DNS server.

Most devices support IPv6 now and operating systems have for many years. Windows has had it since XP SP3. While the basic principles remain the same, some things are different, including gazillions of addresses on your LAN. A single /64 prefix contains 18.4 billion, billion addresses and you have 256 of them! If you want more fun, you can enable Unique Local Addresses, which is somewhat like RFC1918 addresses on IPv4, but you can have them and global addresses at the same time.

Gertjan

@kilasin said in Cannot Open Ports:

i live in the woods pretty much so no other choice with Starlink

They got you covered
.... and use the same approach as many ISP did in the past.
You want a WAN IP that you can reach from the Internet, so you can NAT addresses and ports.
As IPv4 is a very expensive resource these days, your wallet will be the solution.

Look here :

starlink static WAN IP ?

A little bit lower on the page I saw :

So ... go "Business" would be a solution....