Outbound NAT not work if pppoe have been used in WAN
-
Hi team, my current config has been setup as following,
WAN IPv4: PPPoE IPv6: SLAAC: 2405:xxxx:7792 LAN IPv4: static ip IPv6: static ip fc00::254 Outbound NAT Interface: WAN Source: fc00::/64 Destination: anyWith this config, I can not ping6 from my Mac (fc00::1c69:c11f:9ef1:1900),
I also checked with tcpdump in pfsense machine, snat seems not work# at my Mac $ ping6 2404:6800:4004:822::200e PING6(56=40+8+8 bytes) fc00::1c69:c11f:9ef1:1900 --> 2404:6800:4004:822::200e # at pfsense $ [2.6.0-RELEASE]: sudo tcpdump -nnn ip6 and host 2404:6800:4004:822::200e tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes 01:28:33.017296 IP6 fc00::1c69:c11f:9ef1:1900 > 2404:6800:4004:822::200e: ICMP6, echo request, seq 0, length 16 01:28:34.022610 IP6 fc00::1c69:c11f:9ef1:1900 > 2404:6800:4004:822::200e: ICMP6, echo request, seq 1, length 16 01:28:35.024011 IP6 fc00::1c69:c11f:9ef1:1900 > 2404:6800:4004:822::200e: ICMP6, echo request, seq 2, length 16 ## ping from pfsense works [2.6.0-RELEASE]: ping6 2404:6800:4004:822::200e PING6(56=40+8+8 bytes) 2405:xxxx:7792 --> 2404:6800:4004:822::200e 16 bytes from 2404:6800:4004:822::200e, icmp_seq=0 hlim=116 time=5.262 msBut if I setup IPv4 of WAN from PPPoE to None, the I can reach ipv6 from my Mac.
Is this an existed issue, any workaround?Thanks.
-
This caused by wrong rule
nat on pppoe0 inet6 from fc00::/64 to any -> 2405:xxx:7792/128 static-port
works after manual change it to
nat on igb0 inet6 from fc00::/64 to any -> 2405:xxx:7792/128 static-port
but how to make this persistent, the rule will reset after reboot
-
solved by add a WAN_IGB0 interface and use it in NAT Outbound.
