DMZ Bridge with IPv6

  • Hello,

    Preface: I am new to IPv6, so I may be thinking of this wrong.

    I have pfSense 2.3.2-RELEASE-p1 set up in my colocation space as a firewall for my hypervisor. For years I have had this set up with IPv4 and it has worked great. I have a /26 IPv4 block from my provider, and I pass it through to my hypervisor via a bridged interface to the WAN. I have a VLAN interface between pfSense and my hypervisor that is bridged to WAN. This way I can filter traffic from my WAN while assigning WAN addresses to individual VMs, rather than using a private network.

    I have recently acquired a /48 IPv6 allocation from my provider and tried to pass it through the same way, but it does not work. I have added an IPv6 address to my WAN interface and added the gateway and all seems to work. I can pass IPv6 traffic from pfSense to the internet.

    I then gave my hypervisor an address from my range. This is where the behavior gets strange to me.

    My hypervisor has the IPv6 address set properly, but it cannot ping6 anything but its own address. When I ping the hypervisor from pfSense, it times out on the first few tries, then it is able to ping the hypervisor. After that, then my hypervisor seems to be able to ping pfSense and itself, but not my IPv6 gateway or the internet!

    At first I thought it was an issue with my hypervisor, so I bypassed pfSense entirely to check and it works just fine. If I connect my providers connection directly to the hypervisor without going through pfSense I can pass IPv6 traffic just fine and all works as intended.

    My question is - Am I missing a setting to get IPv6 to work over my bridge like IPv4, is this even possible at all?


    • WAN - /26 IPv4 & /48 IPv6 (static ips set from blocks)

    • DMZ_WAN - VLAN interface connected to hypervisor

    • DMZ_BRIDGE - Bridging WAN and DMZ_WAN

    Thank you.