Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    setup for server behind Comcast dynamic IPV6, VLANs, publicly reachable

    IPv6
    2
    4
    139
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lifespeed last edited by

      I run some personal servers behind Comcast residential ISP that currently are reachable by IPV4 using DNSexit dynamic DNS service using NAT in a consumer router, port forwarding and and static IPs set in the server. It works, but is an old-school setup and the consumer router is showing it's age. VPN is particularly problematic.

      Thinking I would like to convert to a new router, and on my LAN to IPV6 for the static servers, I assembled a Xeon-D running pfSense 2.4.4.

      The network requirements raise many questions regarding configuration and DNS, in my case GoDaddy.

      1. Can pfSense speak RFC 2136 dynamic dns updates to GoDaddy to keep mydomain.com pointed to the Comcast dynamic IPV6?

      2. how do I distribute the /56 or /60 from Comcast to my LAN and VLANs such that my servers are publicly reachable on an occasionally-changing address prefix from my ISP? How do I connect the GUA to internal ULA addresses in a seamless manner, across all my devices, such that dynamic DNS updates result in the device's valid global and local routing? Would the address prefix from Comcast change, but the bits pointing to the "static" devices on my LAN remain the same?

      Are there any write ups on this type of a configuration? It seems common enough, and was not too terribly difficult to set up in IPV4. But this is an all-new hardware and software setup on my new 10Gb network, I would like to try and do it the correct, modern way.

      JKnott 1 Reply Last reply Reply Quote 0
      • JKnott
        JKnott @lifespeed last edited by

        @lifespeed

        1. Your prefix & addresses should stay the same, unless Comcast does something stupid. This means you don't need a dynamic DNS. Regular DNS works fine.

        2. You can use as many /64s as they provide. When you create local networks, you choose the prefix ID for each network. The main LAN is typically 0, but you can use whatever you want. with a /56, you could choose any value between 0 & ff.

        L 1 Reply Last reply Reply Quote 0
        • L
          lifespeed @JKnott last edited by lifespeed

          @JKnott said in setup for server behind Comcast dynamic IPV6, VLANs, publicly reachable:

          @lifespeed

          1. Your prefix & addresses should stay the same, unless Comcast does something stupid. This means you don't need a dynamic DNS. Regular DNS works fine.

          I'm afraid just relying on Comcast to keep my IP address the same is not an acceptable solution because, as you say, it relies on Comcast not "doing something stupid". Surely you recognize that isn't an acceptable solution.

          Yes, I am well aware that Comcast's residential service with dynamic IP keeps the same IP address for months or even longer.

          JKnott 1 Reply Last reply Reply Quote 0
          • JKnott
            JKnott @lifespeed last edited by

            @lifespeed said in setup for server behind Comcast dynamic IPV6, VLANs, publicly reachable:

            Yes, I am well aware that Comcast's residential service with dynamic IP keeps the same IP address for months or even longer.

            There's a setting on the WAN page "Do not allow PD/Address release" that should be selected to prevent getting a different prefix. Have you selected it?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy