Converting to dual stack
I'd like to implement a dual stack on our network but I'm a little confused.
Prior to deploying PFSense, all of our servers sat behind a cisco router. Each server had 2 connections, lan and wan.
All the servers had static public IP's and their own firewall.
When we deployed pfsense, we got rid of the wan connection and used port forwarding and alias's to provide the servers with their own external IP's
We now want to enable our webserver for IP6 as well as IP4. Before the change over we simply put an IP6 address on the wan connection and it worked.
What I can't figure out is how we would now do this with just the lan connection without exposing the LAN. (we currently have a IP6 /64 allocated)
At the moment I have setup a gateway on PFSense pointing to the router ::1 and given the wan an ip6 address of ::15
The web server originally had an address of ::205
Can some kind soul tell me what I need to do to make this work?
This is a production environment so I'm a little nervous in just trying to experiment.
You could set firewall rules to only allow traffic to the servers' IPv6 addresses, and not allow connections to other PCs.
You might double check your ISP's router as well...many block inbound IPv6 by default.