2.4.3-RELEASE-p1 / 2.4.4 - IPV6 Issues - Description and need help (Resolved, Updated)
-
@johnpoz I knew I was not Crazy. Yes WOW and yes WHY. I also have tunnel with HE and that always seems to be unaffected and works fine, its the Native I have issues with. My NAT is set to Manual outbound NAT but I have No rules in the list for ipv6 they are all ipv4. Should I tick the box for Disable Outbound Nat?
So I am Operatoal again all working except the NAT for WAN on ipv6. -
I apologize for the Cricket comment, I thought Maybe I found a bug in pfsense. It would seem I have many rules that were generated over the years in that Manual Nat They are all WAN interface and each is ipv4+ipv6. I don't want to change anything right now because I can ping from WAN, I can Ping from LAN but my Local network has no ipv6 access. I will revert to this Morning Config and start trouble shooting again. Where is your NAT set which option should I be using here?
-
@johnpoz I did what you show above and I can duplicate with the HE tunnel, shows my tunnel address now. So I must have some Rogue Rule from eon's ago that is messing with me.
-
Well I just looked the the Rules to see what might Match and found it. Disabled and all is Normal now. Although its nice to Know so all those Users that keep asking about how to NAT ipv6 and were told not possible, although this is not really Nat as you don't create in bound rules, more of a spoof no?
I am Back to my Dead Flea Face IP address again!!! -
Why are you running manual rules? Why not just run hybrid if you want to create some specific outbound?
Now the question is when did this become possible? It must be really new I have never noticed it before now that is for sure.. I have not edited outbound nats in a while - but pretty sure the whole ability to pick ipv4 or ipv6 or both has got to be somewhat new..
-
@johnpoz so I must have had that stale rule enabled for Years it says last edit was 2013 But never noticed this issue till 2.4.3 update to 2.4.4 so some how now ipv6 actually recognizes this Rule and enforces it.
My Native ipv6 is very unreliable, since my last test its already off line again. I have to constantly Bounce my LAN interface to bring it back. I lowered my MTU to stop Modem crashes now its affecting everything else.
-
Comcast was HORRIBLE!!! for ipv6 - HORRIBLE!!! never used native.. HE way better, and then when moved to new ISP they don't even have native ipv6 support and I don't give 2 shits don't care if they ever get.. I will just use my same /48 I have had for years from HE thank you very much.. I can take that with me no matter what ISP I use ;)
Just turn off your native and just use your tunnel :)
edit:
Just looked brought up my first tunnel with HE
January 13, 2011 23:40:14 PSTSo yeah a few years back ;)
-
@johnpoz Yes the HE is Solid, that is what I put my exchange server on due to having reverse dns access I can get past the filters. enabled Dmarc and dkip. The HE interface always comes up never fails. I also have a /48 from them they are Great. When I enabled a HE /64 on my local lan my internet speeds got too slow. so I put HE on couple of the Vlans just for some servers and my local network is all native. That's why I keep trying to get ipv6 to work. I think the ISP is so bad about NOT allowing you to have static ip's for any length of time they have very short leases for the /56 so it renews like every other day. each time it renews I have to bounce my LAN to get ipv6 back or reboot the appliance. Yes very annoying. Bounced my LAN and im back in Action again. such a manual process to keep it Alive
-
I forgot to say Thank you, because you did solve the issue by getting me to look at those outbound NAT rules. Since I have not changed them in years I never thought to look there till I found that tick box in Advance and followed the crumbs to outgoing NAT for ipv6 but who would have thought that would be the problem. I read the release notes 3 times to make sure I did not miss " And we have enabled NAT now for IPV6" that statement did not exist.
so again Thanks :-) -
Yeah thanks to you as well - I looked through some old release notes I can not find where they enabled that either.. Without this thread prob would of never seen that... I have a PM out to derelict might have to hit up jimp to see when this became an option.. But least know where to look now if anything like this comes up again in other threads
Yeah I use ipv6 from HE on a few boxes on a few different vlans - many only thing I have that is always using ipv6 is have my ntp server in the pool on both ipv4 and ipv6.. Other than I don't really use IPv6 much - normally even have it turned off on my PC..
