/60 on WAN, /63 on LAN
-
With LAN set to Track Interface (WAN), it ends up with a /63 address, which in turn prevents SLAAC from working.
Shouldn't it be getting a /64?
The WAN interface is set to get a /60 delegation from Comcast. It doesn't seem to matter what I give the LAN for a subnet from 0 to f. I've tried other PD masks, and nothing seems to work but /60.
-
You are probably actually getting a /59 from Comcast which is pretty much nonsensical.
This seems familiar to me. I think they have another modem that doesn't exhibit that issue.
Turn on the debug logging options in the WAN DHCP configuration and search the DHCP system logs for command dhcp6c and see what is actually happening.
Chattanooga, Tennessee, USA
A comprehensive network diagram is worth 10,000 words and 15 conference calls.
DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
Do Not Chat For Help! NO_WAN_EGRESS(TM) -
Thank you — that helped me find this:
https://forum.netgate.com/topic/101581/comcast-business-56-fails-60-works-but-delegates-63s
This is exactly my scenario. I have a Cisco modem instead of a Netgear, and I have one static IPv4 address, so I can't go to bridge mode.
In the DHCP logs, it says "create a prefix" and then show a /59.
Not optimistic for a resolution at the moment.
-
While a /59 is borked for the prefix, why wouldn't the tracked prefix on your lan be /64? Why would it be a /63 that doesn't make any sense...
It should be the /64 out of that /59 via the prefix id you used 0, 1, 2 etc..
is there something odd that causing a failure of the math when the prefix is not normal /60, 56 /48 etc.
-
There is room for improvement where the delegation setting does not match the delegation received.
But that comcast situation is simply broken.
-
ah.. So your asking for /60 and they give you /59 and the screws up the math to figure out the tracked..
-
Yeah something gets off by a bit.
-
So can he not just pick /59 in the dropdown for what he is asking for - or does it then give him /58 or some oddness like that.
-
I can't remember. I think if a /59 is requested there is no delegation received or something. Totally hosed.
-
Yeah that would be borked - just setup a HE tunnel and be done with all this ISP lack of understanding would be my suggestion..
-
@derelict said in /60 on WAN, /63 on LAN:
You are probably actually getting a /59 from Comcast which is pretty much nonsensical.
It may be unusual, but there's nothing wrong with it, as it will provide 32 /64s. With my ISP, I can select anything between a /64 and /56.
-
I think the problem is asking for /60 and getting /59..
If you ask for /59 do you get a /58?
-
@johnpoz said in /60 on WAN, /63 on LAN:
Yeah that would be borked - just setup a HE tunnel and be done with all this ISP lack of understanding would be my suggestion..
Does Netflix still block He.net?
-
@johnpoz said in /60 on WAN, /63 on LAN:
I think the problem is asking for /60 and getting /59..
If you ask for /59 do you get a /58?
I don’t have /59 as an option in the drop-down. I suppose I could try configuring it manually.
-
sure its there..
Where are you not seeing that as an option?
-
@johnpoz perhaps that’s not available on this 32-bit system running 2.3.4.
-
dude... If your running old, you need to state that.. Why would you not be running current?
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
@johnpoz said in /60 on WAN, /63 on LAN:
dude... If your running old, you need to state that.. Why would you not be running current?
There's also a setting in newer versions that prevent pfSense from releasing the prefix for something as trivial as disconnecting/reconnecting the WAN Ethernet connection. Until that setting appeared, I had to occasionally update my DNS AAAA records with the new addresses.
-
@johnpoz 2.3 is current for 32-bit systems. It’s not a factor, except in the UI, which is a factor only because of the need for a workaround, which is just as feasible in a manual configuration. Forget I mentioned it.
-
No 2.3.5p2 is current for 32 bit.. not 2.3.4
Which not only all the pfsense changes that have happened in the 4 different releases your behind
.4p1
.5
.5p1
.5p2Your also behind be the base changes to freebsd, 2.3.4 is 10.3p17 while current on 2.3.5p2 is p26
I just do not get why anyone be behind on updates to their freaking firewall.. If your hardware can only run 32bit - guess what its time for an upgrade!!!
