Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    alias use for IPv4+IPv6

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 440 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lifespeed
      last edited by

      I've been trying to configure pfSense in a way that fully supports IPv4+IPv6. My PCs are assigned a static IP, which of course is IPv4, in DHCP server. But they do pull a routable IPv6 through prefix delegation, not just the FE80 link-local. I have even seen an external connection to my FTP server from my Verizon phone (Verizon may be IPv6 only?) use IPv6.

      I notice when I ping mypc.mydomain.com it answers from an IPv4 address, but a PC that wasn't assigned a static IP(v4) will answer from IPv6. Is there a way to do this where the PC is always at the same IPv4 address, but it will prefer IPv6?

      Along this same line of thinking, I have defined alias' for this server PC to be used in firewall rules - this way if I ever change the address for some reason I don't have to go through every rule in the firewall and edit addresses. Which I think is why alias' exist. Currently I have an IPv4 alias to the server PC address, and an IPv6 alias to an address. So this means I set up two firewall rules, one IPv4 and IPv6. But there is an option for firewall rules to be IPv4+IPv6. Is this as simple as using one alias pointing to my FQDN: mypc.mydomain.com, for a single rule set to IPv4+IPv6?

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @lifespeed
        last edited by

        @lifespeed said in alias use for IPv4+IPv6:

        Is there a way to do this where the PC is always at the same IPv4 address, but it will prefer IPv6?

        That is the way it normally works, IPv6 is preferred.

        So this means I set up two firewall rules, one IPv4 and IPv6. But there is an option for firewall rules to be IPv4+IPv6.

        You can use the combined rule for protocols, but not addresses. So, if you want a rule for ssh, for example, you could create one that allows both, though NAT may be an issue. Of course, any address based rule needs to be for only one or the other.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        L 1 Reply Last reply Reply Quote 0
        • L
          lifespeed @JKnott
          last edited by

          @JKnott said in alias use for IPv4+IPv6:

          @lifespeed said in alias use for IPv4+IPv6:

          Is there a way to do this where the PC is always at the same IPv4 address, but it will prefer IPv6?

          That is the way it normally works, IPv6 is preferred.

          It doesn't work that way if I set DHCP address reservation. A ping to the machine in question answers back from IPv4. But if I let pfSense assign a DHCP address and ping the host it answers from IPv6. Any way to change this?

          So this means I set up two firewall rules, one IPv4 and IPv6. But there is an option for firewall rules to be IPv4+IPv6.

          You can use the combined rule for protocols, but not addresses. So, if you want a rule for ssh, for example, you could create one that allows both, though NAT may be an issue. Of course, any address based rule needs to be for only one or the other.

          What about an alias to an FQDN? That is address-based, but couldn't the FQDN look up as either IPv4 or IPv6?

          1 Reply Last reply Reply Quote 0
          • L
            lifespeed
            last edited by

            Here is a ping to my FQDN from pfSense using IPv4
            654e556d-0edb-4aa6-8219-2787897ba8e7-image.png

            Same FQDN using IPv6
            c0b773f2-521c-47e8-b268-9f4120ef775f-image.png

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.