Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why is there an automatic Outbound NAT for ::1/128

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 60 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I Offline
      IonutIT
      last edited by

      Just noticed recently that in the Outbound NAT page, if you use Automatic NAT or Hybrid NAT, there's an automatic NAT rule for ::1/128.

      If you have IPv6 working and the router has a GUA IPv6 address what is the point of this NAT rule?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator @IonutIT
        last edited by

        @IonutIT because ::1/128 is the localhost address.. just like you have an outbound nat for 127.0.0.0/8 which is the localhost IPv4 address range, normally local host would be 127.0.0.1, but really anything 127.x can be used as localhost address. With ipv6 the localhost range is just /128

        if you source traffic from your localhost address it needs to be natted to the IP of the interface its leaving on. For example I use localhost for outgoing interface in unbound. Which gets natted to wan IP when unbound looks up something

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07 | Lab VMs 2.8, 25.07

        I 1 Reply Last reply Reply Quote 0
        • I Offline
          IonutIT @johnpoz
          last edited by IonutIT

          @johnpoz yeah, that makes sense. I don't know why seeing IPv6 there triggered my thinking "what's the point if you have GUA addresses", but makes sense localhost needs NAT to work.

          Can I ask why you use localhost for outhgoing interface in unbound instead of the WAN interface? What are the benefits?

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator @IonutIT
            last edited by

            @IonutIT localhost is always going to be up to bind to.. but possible that my wan or say a vpn interface is not up when unbound restarts. If interface is not up can not bind to it.. So helps to make sure unbound starts and binds on interface to use to do outgoing queries.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07 | Lab VMs 2.8, 25.07

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.