How to separate clients to different WAN interfaces with IPv6?
-
Hi,
This may be a simple question, but I cant figure out how to do it. I am running NetGate 6100 PFSense 22.05-RELEASE (amd64), and I have two WAN interfaces configured. I would like to have traffic from my IOT devices go to WAN #1, and all other traffic go to WAN #2.
With IPv4 I accomplished this by assigning the IOT device a specific IP range via DHCP and then creating a firewall rule directing devices from that IP range to the correct WAN.
However with IPv6 it does not seem like a best practice to NAT and have your own IPv6 ranges. With that said does anyone know how I could accomplish this?
Thanks
-
Do you not have multiple /64 prefixes available? With my ISP I get 256 /64s and can easily assign them to individual networks.
-
First, let me note that I'm assuming your IOT devices are on their own network here. If they're on the same network as your other LAN devices, what you want won't be possible.
If both WAN 1 and WAN 2 providers have IPv6 available, you would set your IOT network to track the IPv6 prefix of WAN 1, and your other network(s) to track the prefix of WAN 2. pfSense should then be able to route the IPv6 traffic accordingly.
If WAN 1 provider doesn't provide IPv6 service then I would disable IPv6 on your IOT network. You wouldn't be able to use WAN 2's IPv6 prefix to provide IPv6 to IOT, then have it route through WAN 1. Your WAN 1 provider wouldn't be able to route traffic from WAN 2's IPv6 addresses.
