Static IPv6 (got a /48)
-
Hi everyone,
I think there's a huge flaw in my setup and I just don't see it. Hopefully someone can enlighten me about my mistake…
I got a /48 from my ISP and want to use the first /64 for several pfSense boxes and all networks behind them get their own /64 (taken from the original /48).
So e.g. if I have aaaa:bbbb:cccc::/48 and aaaa:bbbb:cccc::1 is my default gateway, I take aaaa:bbbb:cccc::2/64 for thw WAN interface of my first pfSense Box, aaaa:bbbb:cccc::3/64 for the second and so on.
On the LAN interfaces I use aaaa:bbbb:cccc:1::/64 for the first network, aaaa:bbbb:cccc:2::/64 for the second and so on (giving the LAN interface aaaa:bbbb:cccc:X::1 as address).Using this setup I can:
-
Enable RA's on the inside and recieve automatic configuration
-
ping6 the LAN address of that pfSense
-
ping6 the WAN address of that pfSense
-
ping6 the default gateway of the pfSense from its WAN interface
However, I can not ping6 the WAN default gateway from the LAN side. I cannot ping6 any other system in the WAN network of the pfSense boxes either.
As said, I don't see what is going wrong here. For testing purposes I allow any outgoing IPv6 traffic at the moment. Maybe anyone has an idea?Thanks in advance!
Jens -
-
the Wan default gateway needs to have a route for the /48 pointing to your pfsense Wan ::2
e.g. for all the networks behind your pfsense
-
Hello databeestje,
Thanks a million for your quick answer!
I gave it a nights sleep and feel really stupid right now.That means my ISP would have to make a routing for every firewall I run, that is of course not doable.
I will ask the ISP for an interconnect subnet and place my own router, then I can do those routings myself.Regards,
Jens -
Hello,
Just FYI: I now not a /64 for routing purposes and can use the whole /48 as expected.
Everything works fine now.Thanks again and Greetings,
Jens