IPv6 with two or more LAN-side interfaces
-
Huh... They won't let you open 4 tunnels.. You have to have multiple IPv4s to do multiple tunnels.
-
@johnpoz Ah ok, sounds fair.
-
he.net tunnelbroker went to default blocking of "IRC" and SMTP" traffic long ago due to spammers/flooders.
To have it unblocked, they generally require you to pass their "IPv6 Certification testing" to level "Sage", then email them and if they choose to, they'll enable a button on the tunnelbroker advanced config page to "unblock" smtp & irc traffic.**obviously don't use it for devious purposes like spamming/trolling/flooding or you'll very likely get your whole tunnel removed in a hurry.
-
@taz3146 Yep. I somehow managed to get Sage.
-
For getting a PTR for every service that I run, I tried adding a second NIC to my VMs for another IPv6-addresse by the dhcp. But then I found out that the DUID was the same for every NIC, seems to be machine specific, so I couldn't use the DHCPv6 Server anymore, because it is not using the MAC-addresses, only DUID. So I finally switched to give those machines the IPv6 manually. For that I also didn't needed a second NIC in the first place.
Because the prefixes by HE never changes, that worked out well. But some time in the future, I would like to see all this managing is doable in pfSense.
-
With PTR in general there seems to be the problem that, if your machine hast two ore more addresses, to tell the server/service/program which of them to use for outgoing connections, right?
-
huh? Ya lost me... What does a dns record have to do with your machine having more than 1 address? And what does that have to do with what an application uses as its source IP?
-
@johnpoz PTR is nice to have but it seems to me, that many server-programs you can't define, which of the ips your machine has, to use for unsolicited outgoing connections (hope I got the term right).
-
Not if your using privacy IPv6 no - but anything would be used a service that would normally require a PTR would only have it 1 global address it uses..
-
@johnpoz So you mean like the machine, yeah so I did that wrong in the first place.
I run two different services on the same machine, which seems to be not a good idea for PTR because it is hard or impossible to bind. -
Privacy IPs not meant to be used by say your MTA sending mail ;) hehehe
-
@johnpoz With those "problems" it is really hard to cope with dynamic IP. So I see why you and others really don't care much about dynamic IPs and servers in general.
-
If by "dynamic" IP, you're referring to the privacy addresses, I hope you understand those privacy addresses are used for outgoing connections only. If you're running servers, you point the DNS to the consistent address, which is often based on the MAC address. There's no reason to use a privacy address in the DNS.
-
@JKnott No. I meant my ISP-WAN-IPv6-Addresse, which is more or less dynamic and I find the support for something like that in pfSense not as good as it could be and I am rumbling about that here from time to time...
Now I got all those IP-Addresses from HE and all those PTR possibilities but not enough machines for it to use. All servers need there own machine to fully take advantage of PTR is what I meant.
