setup for server behind Comcast dynamic IPV6, VLANs, publicly reachable



  • I run some personal servers behind Comcast residential ISP that currently are reachable by IPV4 using DNSexit dynamic DNS service using NAT in a consumer router, port forwarding and and static IPs set in the server. It works, but is an old-school setup and the consumer router is showing it's age. VPN is particularly problematic.

    Thinking I would like to convert to a new router, and on my LAN to IPV6 for the static servers, I assembled a Xeon-D running pfSense 2.4.4.

    The network requirements raise many questions regarding configuration and DNS, in my case GoDaddy.

    1. Can pfSense speak RFC 2136 dynamic dns updates to GoDaddy to keep mydomain.com pointed to the Comcast dynamic IPV6?

    2. how do I distribute the /56 or /60 from Comcast to my LAN and VLANs such that my servers are publicly reachable on an occasionally-changing address prefix from my ISP? How do I connect the GUA to internal ULA addresses in a seamless manner, across all my devices, such that dynamic DNS updates result in the device's valid global and local routing? Would the address prefix from Comcast change, but the bits pointing to the "static" devices on my LAN remain the same?

    Are there any write ups on this type of a configuration? It seems common enough, and was not too terribly difficult to set up in IPV4. But this is an all-new hardware and software setup on my new 10Gb network, I would like to try and do it the correct, modern way.



  • @lifespeed

    1. Your prefix & addresses should stay the same, unless Comcast does something stupid. This means you don't need a dynamic DNS. Regular DNS works fine.

    2. You can use as many /64s as they provide. When you create local networks, you choose the prefix ID for each network. The main LAN is typically 0, but you can use whatever you want. with a /56, you could choose any value between 0 & ff.



  • @JKnott said in setup for server behind Comcast dynamic IPV6, VLANs, publicly reachable:

    @lifespeed

    1. Your prefix & addresses should stay the same, unless Comcast does something stupid. This means you don't need a dynamic DNS. Regular DNS works fine.

    I'm afraid just relying on Comcast to keep my IP address the same is not an acceptable solution because, as you say, it relies on Comcast not "doing something stupid". Surely you recognize that isn't an acceptable solution.

    Yes, I am well aware that Comcast's residential service with dynamic IP keeps the same IP address for months or even longer.



  • @lifespeed said in setup for server behind Comcast dynamic IPV6, VLANs, publicly reachable:

    Yes, I am well aware that Comcast's residential service with dynamic IP keeps the same IP address for months or even longer.

    There's a setting on the WAN page "Do not allow PD/Address release" that should be selected to prevent getting a different prefix. Have you selected it?


Log in to reply