alias use for IPv4+IPv6

lifespeed

I've been trying to configure pfSense in a way that fully supports IPv4+IPv6. My PCs are assigned a static IP, which of course is IPv4, in DHCP server. But they do pull a routable IPv6 through prefix delegation, not just the FE80 link-local. I have even seen an external connection to my FTP server from my Verizon phone (Verizon may be IPv6 only?) use IPv6.

I notice when I ping mypc.mydomain.com it answers from an IPv4 address, but a PC that wasn't assigned a static IP(v4) will answer from IPv6. Is there a way to do this where the PC is always at the same IPv4 address, but it will prefer IPv6?

Along this same line of thinking, I have defined alias' for this server PC to be used in firewall rules - this way if I ever change the address for some reason I don't have to go through every rule in the firewall and edit addresses. Which I think is why alias' exist. Currently I have an IPv4 alias to the server PC address, and an IPv6 alias to an address. So this means I set up two firewall rules, one IPv4 and IPv6. But there is an option for firewall rules to be IPv4+IPv6. Is this as simple as using one alias pointing to my FQDN: mypc.mydomain.com, for a single rule set to IPv4+IPv6?

JKnott

@lifespeed said in alias use for IPv4+IPv6:

Is there a way to do this where the PC is always at the same IPv4 address, but it will prefer IPv6?

That is the way it normally works, IPv6 is preferred.

So this means I set up two firewall rules, one IPv4 and IPv6. But there is an option for firewall rules to be IPv4+IPv6.

You can use the combined rule for protocols, but not addresses. So, if you want a rule for ssh, for example, you could create one that allows both, though NAT may be an issue. Of course, any address based rule needs to be for only one or the other.

lifespeed

@JKnott said in alias use for IPv4+IPv6:

@lifespeed said in alias use for IPv4+IPv6:

Is there a way to do this where the PC is always at the same IPv4 address, but it will prefer IPv6?

That is the way it normally works, IPv6 is preferred.

It doesn't work that way if I set DHCP address reservation. A ping to the machine in question answers back from IPv4. But if I let pfSense assign a DHCP address and ping the host it answers from IPv6. Any way to change this?

So this means I set up two firewall rules, one IPv4 and IPv6. But there is an option for firewall rules to be IPv4+IPv6.

You can use the combined rule for protocols, but not addresses. So, if you want a rule for ssh, for example, you could create one that allows both, though NAT may be an issue. Of course, any address based rule needs to be for only one or the other.

What about an alias to an FQDN? That is address-based, but couldn't the FQDN look up as either IPv4 or IPv6?

lifespeed

Here is a ping to my FQDN from pfSense using IPv4

Same FQDN using IPv6