IPv6 Auto-Created Outbound NAT Rules
-
CARP is currently running successfully with dual WAN in failover configuration. The primary ISP provides a static IPv6 /56 routed prefix. This works successfully and when the primary ISP fails, it reverts to IPv4 on the secondary WAN. At some point in the configuration, automatic outbound NAT rules were added for localhost, but of course, it is currently configured for Manual Outbound NAT. See screen shot.
I'm wondering why those rules were added and if they can be deleted since IPv6 shouldn't need NAT. There are no other IPv6 rules listed.
-
Note the source, it's localhost. If localhost needs to reach out for some reason, it would need NAT and it's basically just saying "If a service bound to localhost on the firewall exits the firewall WAN0/1, use the firewall WAN0/1 address"
It's harmless and best to leave it be.
-
Thank you, I appreciate the information.
-
@jimp said in IPv6 Auto-Created Outbound NAT Rules:
If localhost needs to reach out for some reason, it would need NAT
Why would it need NAT for IPv6?
-
It's not that you need NAT for IPv6, it's that without these specific rules, traffic bound to ::1 as a source could never leave the firewall.