[solved] NPt doesn't let me do that, why?
-
I would like to use only one /64 from the delegated prefix on WAN to be used for all of my LAN interfaces but pfSense doesn't allow me to do that. What is the reasoning behind that?
It will only allow me to select /64 but I don't see much benefit from doing that because I would have to do that for every LAN interface, one by one?
I am on 23.01.r.20230202.1645.
pfSense on Hyper-V
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
-
It looks like it is working, one /64 for many interfaces, you just have to create the NPt rules for every LAN-interface. But because there is a copy dialog, it is not that much work.
Multi-IPv6-WAN with Failover is working like a charm for now and the problems with a changing prefix on my DSL-WAN is somewhat mitigated.
I hope I got that right. -
If you have more than 1 /64, why are you trying to do this? The only reason for NAT on IPv4 is the address shortage. No need on IPv6.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@jknott it is not NAT it is NPt.
And I do it for failover purposes and the lack of pfSense to cope with changing IPv6 prefixes, which will result in a gateway going offline for some time for me.pfSense on Hyper-V
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
-
What problem is the changing address causing? If messing up local DNS, then you can use Unique Local Addresses, which are static.
The proper way to do fail over is to have your own routed prefix, so that it will be constant, no matter how it's delivered and a routing protocol, such as OSPF, will sort things out. Your problem occurs because you're using 2 providers, without a routed prefix, so it will change.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@jknott My internet (DSL) has only dynamic IPv6. I am just a home user with now knowledge about OSPF.
pfSense on Hyper-V
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
-
Mine too. However, I have Do not allow PD/Address release set, which makes it virtually static. I've had the same prefix for a few years and it's survived replacing, at different times, both the modem and firewall/router computer. On IPv4, replacing either of those would have caused a change of address and host name.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@jknott said in [solved] NPt doesn't let me do that, why?:
Mine too. However, I have Do not allow PD/Address release set, which makes it virtually static.
I know that but around my place with DSL it is different. Not only is it changing daily, my last IP will be given to a different customer immediately, at least with IPv4. And I can see funny things if I don't immediately update my DDNS-records.
pfSense on Hyper-V
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
-
@bob-dig said in [solved] NPt doesn't let me do that, why?:
I don't immediately update my DDNS-records.
Are you talking about internal or external DNS? If internal, ULA is all you need for static addresses.
