Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 Auto-Created Outbound NAT Rules

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    5 Posts 3 Posters 476 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jeremyjvogel
      last edited by jeremyjvogel

      CARP is currently running successfully with dual WAN in failover configuration. The primary ISP provides a static IPv6 /56 routed prefix. This works successfully and when the primary ISP fails, it reverts to IPv4 on the secondary WAN. At some point in the configuration, automatic outbound NAT rules were added for localhost, but of course, it is currently configured for Manual Outbound NAT. See screen shot. Untitled.png

      I'm wondering why those rules were added and if they can be deleted since IPv6 shouldn't need NAT. There are no other IPv6 rules listed.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Note the source, it's localhost. If localhost needs to reach out for some reason, it would need NAT and it's basically just saying "If a service bound to localhost on the firewall exits the firewall WAN0/1, use the firewall WAN0/1 address"

        It's harmless and best to leave it be.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        JKnottJ 1 Reply Last reply Reply Quote 1
        • J
          jeremyjvogel
          last edited by

          Thank you, I appreciate the information.

          1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott @jimp
            last edited by

            @jimp said in IPv6 Auto-Created Outbound NAT Rules:

            If localhost needs to reach out for some reason, it would need NAT

            Why would it need NAT for IPv6?

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              It's not that you need NAT for IPv6, it's that without these specific rules, traffic bound to ::1 as a source could never leave the firewall.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.