Setting up ULA and GUA addresses
- 
 @bob-dig In the firewallrules there's only an allow all rule for ipv6.... I allready tried a reboot. Maybe there is a setting missing? UPDATE 
 now I see I am not even able to ping the firewall via ULA... 
- 
 @gwabber The vip should be /64 I think. Also let us see the RA config. 
- 
 @bob-dig Allright, I will check that out!  
- 
 @gwabber Looking good. 
- 
 @bob-dig awesome! the /64 did it! I can ping inside the subnet now I'm going to tinker further tomorrow for pinging between the subnets. Will post the results! :) Thanks! 
- 
 @bob-dig mind. blown. Weeks of trouble and you gave the solution in about 10 minutes. It works! The only thing I am still puzzling with, is how to give a static ULA to a device. I see I can do it with GUA's with the DCHPv6. Is there a similiar solution for the ULA's? And you told me something about firewall rules via hostnames instead of IP's. Is there a good tutorial for that. I can't find it in Netgates manual, but maybe I use the wrong searchterms. Thanks! 
- 
 @gwabber I think it is one or the other. If you have GUA with DHCPv6 you would assign the "static" ULA in those hosts directly. @gwabber said in Setting up ULA and GUA addresses: And you told me something about firewall rules via hostnames instead of IP's. Just create an alias with the hostname. You can use the same hostname with IPv4 and IPv6. If you look at the table of that alias, it will contain both IP-addresses (maybe the first time a restart is required). Now if the prefix changes, the DHCPv6 will change that prefix for the static mapping too and so will that alias. That means you can create firewall rules with that alias no problem, it will change automatically if the prefix changes, no need for a static ULA. 
- 
 @bob-dig Cool! going to try that ! 
- 
 @gwabber If you are not aware, you can have a look at your aliases in "Diagnostics > Tables". Here you can check if this alias is already up to date or if maybe a restart is required, also give it some time. 
- 
 @gwabber said in Setting up ULA and GUA addresses: The only thing I am still puzzling with, is how to give a static ULA to a device. With SLAAC, the addresses are static, based on either the MAC or a random number. There are also optional privacy addresses, which change every day. This is determined by the client. 
- 
 
- 
 You'd use the consistent address for DNS, for incoming traffic and the privacy addresses are used for outgoing. 
- 
 @jknott works like a charm now! thanks! 
- 
 @gwabber hey all, I was having problems with my ULA routing when my track interface goes down, for example when my internetconnection has an error. Since you guys helped me with setting up ULA routing in the first place, I refer you to this New topic I started. Maybe you experience the same problem. @NightlyShark helps me with the issue in this topic: https://forum.netgate.com/topic/186787/ula-routing-stops-when-trackinterface-is-down?_=1710756586659 

