IPv6 test configuration behind NAT



  • I’d like to configure IPv6 using tunnel broker from Hurricane Electric. I have pfsense router connected to modem and I get public IP (but I have to use DDNS) - I understand that it is needed for IPv6 HE configuration. But before I make any permanent changes on my main router I would like to learn and play with it on VM test installation (VirtualBox). So here are my 2 main questions:

    • Is it possible to configure IPv6 (with HE tunnel broker) on pfSense which is behind NAT?
    • If it is possible then what I have to change on my main pfSense router? Port forwarding? DMZ? Something else?

    Regarding last question I mean only passing traffic from IPv6 tunnel broker to test pfSense on VM. I see that there are great sources showing how to configure IPv6 on pfSense (with HE) but I am not able to tell if there are special requirements that make it impossible if pfSense is behind NAT.



  • @tomashk

    Why do you have pfSense behind NAT? You should put the modem in bridge mode.



  • @JKnott said in IPv6 test configuration behind NAT:

    @tomashk

    Why do you have pfSense behind NAT? You should put the modem in bridge mode.

    I have it in bridge mode and my main pfsense router is not behind NAT - it is on real device (not virtual machine). But I want to create test VM with freshly installed pfsense (for IPv6 tests and learning) - and this one will be behind my main router (so behind NAT).



  • I see that there are no clear instructions for this scenario. As I like experiments I'll try to find it out just by trying to do this. Of curse it will help if somebody could tell that there is no way to configure pfSense behind NAT to properly handle IPv6 with tunnel broker (HE)

    Just for quick summary this is my setup:
    Internet <--> ISP modem (as bridge) <--> pfSense on real device (main router with public IP) <--> pfSense on virtual box (test router) <--> virtual box test network

    And as mentioned in first post I plan to learn by configuring IPv6 on "test router".


Log in to reply