IPv6 LAN to WAN NAT
-
Hello All
We have a public IPv6/32 range and we have split them up, so we are using a ipv6/64 for example.
The issue is that we have local computers which i have created a local IPv6 address fc00:1:1::/64 and want to nat out to our public ipv6 for example 2b02:2bc8:1:1::/64
As they are kind of both inernal as they run inside the network it doesnt seem to work when i set the gateway in pfsense 2b02:2bc8:1:1::1/64 which is set in my cisco router i cant ping the range any more but can ping from my cisco router, not sure what is going on.
Also tried NTP with 0 luck and made no difference.
-
Given you have a /32, why would you want to use NAT, when you have so much public address space? Just assign another /64 to those computers. The reason for NAT was to get around the IPv4 address shortage and there's no shortage of IPv6 addresses.
-
@jknott security..
You don't put public it's on a local secure lan.
Also want it to connect to other internal networks on ipv6
-
That's what firewall rules and routing are for. If you don't enable that network to route to the Internet, it won't. If you do, you use appropriate rules to allow only what you want. Claiming NAT protects you is a false sense of security.
BTW, you can route between public and unique local addresses just fine. I do it here.
-
What do you have setup for NAT for configuration?
-
This is my basic setup
CISCO vLan IP as GW - 2b02:2bc8:1:1::1/64
pfsense details
pfsenseIPv6 Gateway - 2b02:2bc8:1:1::1
WAN IPv6 - 2b02:2bc8:1:1::3/64LAN IPv6 - fc00:1:1::/64
NAT Outbound Settings
Interface - WANv6
Source Network - fc00:1:1::/64it pings the WANv6 interface IP from fc00:1:1::/64 pc's
and when i ping from pfsense i can ping fine as well but not on nat.
So we want the fc00:1:1::/64 to ping the 2b02:2bc8:1:1::/64 range
When i dont set the WAN IPv6 on the interface i can ping fine, if i set the gateway i cant ping
Firewall rules are all ok and IPV6 is allowed and icmp enabled
-
Have setup a test on a lab server with vm's and i am getting the same issues. i am not sure where this issue.
-
would i need to create any static routes?
-
I don't use NAT on IPv6 at all. No need for it.
-
@chrisjmuk said in IPv6 LAN to WAN NAT:
would i need to create any static routes?
Routing between networks directly connected to pfsense is automatic. Networks beyond that require manually configured routes. The exact method depends on the client. i.e. Linux, Windows, OS/2, etc.
-
@jknott found the issue, was stuck in the state, needed to clear.
another issue is that i can cant ping a certain ip on my cisco and it cant ping the pfsense, ::1 but can ping ::20 no idea why.
