Ip port forwarding for ipv6
-
This is getting back off topic. I'm interested in only the answer to my original question. I appreciate your enthusiasm but I have professional restraints to work within. Thanks though!
-
BTW, Comcast can provide up to a /60 for residential accounts or /56 for business accounts. The trick is that if you've already requested a /64, you need to turn off IPv6 on your WAN for a week (I was told that IPv6 prefix leases are for 7 days) and let the lease expire, or see if you can contact someone at Comcast that can delete your existing /64 lease. As long as pfSense doesn't allow changing the DUID used for DHCPv6 (there's a feature request to allow changing it), we're at the mercy of the ISP.
I can't help with IPv6 NAT/port forwarding… I have a /60 from Comcast on my home network and will just use firewall rules to allow incoming connections when necessary.
-
Our CMTS is currently configured for /64 allocations for this town's business class connections.
-
-
Perfect answer. Thanks doktornotor.
-
Our CMTS is currently configured for /64 allocations for this town's business class connections.
That seems horribly inconsistent with what Comcast provides elsewhere in the country, especially for business class service. Who told you that that's how your area is set up? You might want to ask about that in either Comcast's forums or in the Comcast HSI forum at DSLReports. There are some Comcast employees - including some of their network engineers - that visit the DSLR forum, so I know that's a good spot to get some info/help.
Also a note… if you had originally requested a /64, you won't be able to request a different prefix size until that /64 lease expires. So you might try turning off IPv6 on the WAN for a week (their lease length for IPv6 prefixes is 7 days), then turn it back on and request a larger prefix. Or if you can get someone at Comcast to delete your /64 lease info, then you could change to a /60 and you should be good to go.
-
The comcast rep I spoke with told me this. I had to call many, many times before I started to get people that knew what v6 is. After I was speaking with v6 aware people, it was still some time before I spoke with one that understood what I was asking for. He relayed all of my questions to someone sitting near him who I was not allowed to speak with but knew what prefix delegation is. My rep was told to tell me that our area doesn't support prefix delegation but that sometime after 2015 it was possibly going to be available again. (I'm in new hampshire).
I have a now-closed comcast business ticket number, with an escalate status and a 72 hour window where they didn't call. I just kept calling and eventually I got as good as I got. I'm trying to not summon up how frustrated I got.
I really feel as though there is quite simply no one there that is able to help us, so we have just tried to work around their technical support. The longer I put onto that ticket, the more my bosses start to become aware of the time being spent going nowhere.
So I tried to work around all of it with a technological solution. This thread's wont suffice, although in theory it was a good fit. I'm fine that v6 nat doesnt exist - I wouldn't code it up either, knowing what people will do with it.
edit: Adding this, we have a comcast router we are leasing because we have a static v4 /28 routed to us with a comcast rip client configuration we are not allowed to run on our own hardware. This router's configuration is locked in place - if we used our own router, we could do the /60 PD req no problem. I should have mentioned this earlier but I didnt want to take my own thread off topic.
-
Zero other options? Vote with your $$. It's all they understand.
-
I'm not the one with the $$ in this scenario, just the one with the problem.
-
So pfsense is behind a comcast router? And your getting a address in the /64 that routers hands out on pfsense?
So still trying to understand your actual issue - is that you want more /64s of your own and the ability to use good ipv6 dns? Why is it that you can not just create a tunnel with HE? You stated you were looking for tech work around - so why is that solution does not work for you. Click click and you could be handing out as many /64s you need behind your HE tunnel. And hand out whatever ipv6 dns you wanted to hand out to clients.
-
we have a comcast router we are leasing because we have a static v4 /28 routed to us with a comcast rip client configuration we are not allowed to run on our own hardware. This router's configuration is locked in place - if we used our own router, we could do the /60 PD req no problem. I should have mentioned this earlier but I didnt want to take my own thread off topic.
This was a critical piece of info.
Comcast doesn't support more than /64 on their own gateway devices. They don't yet support "sub-delegation", where you would be able to have a /60 or /56 on their gateway (which is required to be used for static IP addressing) and then sub-delegate prefixes to other routers (like pfSense).
That's why you can't get more than a /64, because you're using Comcast's gateway.
If the static IPv4 addresses weren't necessary, then you would be fine to use pfSense as your only router (have theirs put into Bridge mode, or buy a modem-only device) and request a /60 or /56 for IPv6.
