IPv6 Routing?



  • Hello, My question is kind of 101 a bit, but it is in my opinion the missing link in everything that I read.
    I have a Static IPv6 and a Dynamic IPv6 (two providers) going to my router.
    I have a pfSense router, imagine if I created a rule to open all IPv6 traffic completely for the sake of this question.
    If the public IPv6 starts with 2001, and my PC starts with fc00, how is the traffic routed to this PC from the router? Is there something that I need to do? Normally with IPv4, I would provide a NAT route. But in my case, I am trying to expose a server to the internet (of course specific ports, not everything). How would I access my PC from a remote location via IPv6?



  • Forget everything you know about NAT, but not what you know about routing. For the most part, IPv6 should not be using any NAT. It is expected that every device has a real, routable IP. In fact the protocol was conceived to not need NAT, and putting NPt in place could actually break some protocols.
    The IPv6 protocol allows for multiple different subnets to exist on a network interface, so your internal machines could have an IP on both subnets at the same time. There have been some discussion on this forum about running a private subnet Unique Local Address (ULA in the fd00::/16 space) and then using NPt to NAT the prefix, mainly in situations where the provider is using dynamic IPv6 prefix allocation (broken provider AFAIK).
    In order to use NPt, the first constraint I'd say, is that your IPv6 subnets from each provider need to be the same size, or if not pick the smallest one of the two. Then using a ULA prefix of the same size you could do NPt between that and the outside world.
    Finally, in order to be able to route, each leg of the router (pfSense) must be present on the subnet in question, so for instance you have the WAN sides on 2001, and the LAN side on fd00:X:Y:Z::/64, with PCs also on fd00:X:Y:Z::/64.



  • How can I configure this? Is there any tutorial's for IPV6 and setting up an IPv6 address on a PC behind the firewall that is accessible from the outside?


  • Banned

    This post is deleted!

Log in to reply