Thank you for the IPv6 NAT capabilities in 2.5
-
@bob-dig said in Thank you for the IPv6 NAT capabilities in 2.5:
so I made a cron job to reboot pfSense
Hi,
pls. allow me a question
is it a good thing if a "cron" always restarts a firewall?
you're just losing, we've tried
-
@daddygo The prefix changes daily and pfsense don't know about it, because of the router upfront, so I have to it
-
@bob-dig said in Thank you for the IPv6 NAT capabilities in 2.5:
The prefix changes daily and pfsense don't know about it
Yupppp...
it's an ISP issue + own setting, not pfSense
can we agree with that?
a good setting, = no restarts required + acceptable service providerBTW:
I would go crazy, - if the solution was a daily reboot -
@daddygo It is not the ISP this time, its me having another router in front of pfsense. Need this for telephony and as a modem.
-
@bob-dig said in Thank you for the IPv6 NAT capabilities in 2.5:
its my having another router in front of pfsense.
hmmm.... it hurts
It's up to you, throw it out
Sure it's a joke, but you don't have another phone?
+++edit:
maybe we talked about it earlier
is it a dual-NAT configuration? -
@daddygo Actually it is a fax, that I need three times a year.
-
@bob-dig said in Thank you for the IPv6 NAT capabilities in 2.5:
it is a fax
then it is time for liquidation..
+++edir:
seriously it is necessary -
@daddygo You can vote with that... not with email. I am talking about the US.
-
@bob-dig said in Thank you for the IPv6 NAT capabilities in 2.5:
You can vote with that
I do not believe it
I am not interested in the votes systems, just be safe
+edit:
good daily readings.....
https://thehackernews.com/
https://www.theregister.com/ -
While its commendable you want to use IPv6 - since it is the future.. As of yet there is no actual "need" for it.. Do you have some actual need of IPv6 - is there some resource you can not access without IPv6? Are you behind a nat from your ISP, and the only service you can get that allows for unsolicited inbound is if your IPv6? Are you playing or hosting some game that only works via IPv6? I have yet to run into one of these unicorns..
Only reason I have any IPv6 at all - is well yes it is cool ;) And it is the future.. And this sort of stuff is fun for me.. But actual "need" nope haven't seen it.. I have a public IPv4, nothing is blocked inbound on it from the isp (25 and smb maybe). I can serve up what I want to serve up just via IPv4, while I do provide ntp for the pool via both IPv4 and v6.. That is not something I need to do..
Such scenarios with my isp at the time comcast shitty ipv6 deployment (changing prefixes) etc. I went with just a HE tunnel like 10+ years ago.. Guess what, multiple isps later - with current one not even supporting IPv6 and I still have my same /48 ;)
Never changes. Its static - I can assign whatever prefixes I want out of that /48 to my lans.. ie no need to track a prefix to assign.
For what maybe a couple of extra ms in latency, slight extra overhead since tunnel.. You could have your cake and eat it too if just went with HE - just saying.. More likely than not HE has better peering than your ISP anyway, atleast for IPv6..
There is no reason to try and find some work around or "method" that works with some isp, when in 30 seconds you could have a very stable, fast and static /48 assigned and even allows for PTR on the space.. Other than say some video services blocking it - because it could allow for geoip circumvention.. I have has zero problems with a HE tunnel as a way to use IPv6. And it frees you up to use really any isp you want, be it they support ipv6 or not.. If what you want is ipv6.
-
@johnpoz said in Thank you for the IPv6 NAT capabilities in 2.5:
While its commendable you want to use IPv6 - since it is the future..
Hi John, we talked a long time ago...-
(I'm really starting to understand you)
now the situation is that I totally agree with you..!!!! -
@johnpoz I even became sage and it was a lot of fun. But I don't have a need for sending emails over IPv6 anymore and like you said, it is still totally optional, at least for me having dual-stack anyway.
-
Well then why dick with something that would change, or do NAT (uggggh).. Just use HE for your clearly "optional" IPv6 needs - way less hassle, and more functionality to be honest than what most isps call IPv6 ;)
edit: Yeah sage was fun.. Still have the shirt.. Even though it is starting show its age ;)
Certification Level: Sage earned at 2011-01-26 09:05:43 -
@johnpoz said in Thank you for the IPv6 NAT capabilities in 2.5:
Even though it is starting show its age ;)
BTW:
otherwise, the colleague is very evolving @Bob-Dig
-
@johnpoz said in Thank you for the IPv6 NAT capabilities in 2.5:
Certification Level: Sage earned at 2011-01-26 09:05:43
Let's start talking about ipv6?
-
@johnpoz Certification Level: Sage earned at 2020-04-03 13:04:33
One year for me, ten for you.
-
@bob-dig said in Thank you for the IPv6 NAT capabilities in 2.5:
one year for me, ten for you.
-
Yes, I received the new computer a few weeks ago. The VPN problems were actually not VPN problems. I get 2 IPv4 addresses from my ISP. For years, I had been using that 2nd address for testing, right up to the day before I updated to pfsense 2.5.0. For some reason, I can no longer connect to pfsense from that address, even though the packets are arriving at the WAN interface. On the other hand, the VPN works fine if I tether to my cell phone. I have absolutely no idea why that 2nd address now fails.
Why is there another router ahead of pfsense? You should have your modem configured for bridge mode, not gateway.
-
@bob-dig said in Thank you for the IPv6 NAT capabilities in 2.5:
Need this for telephony and as a modem
My modem has Internet, phone and IPTV on it. It's in bridge mode. Gateway vs bridge mode has no effect on my phone. Are you sure your phone service requires gateway mode?
-
@jknott It is not cable anymore, now it is VDSL and I have no separated modem anymore, you have to rent or buy it yourself.