Question on routing IPV6 WAN to IPV4 LAN

killmasta93 · Jun 7, 2024, 3:56 PM

Hi
I was wondering if someone could shed some light,
Currently our lSP gave us IPV6 and configured it, but when i try to create rule to open ports using the IPV6 route to an IPV4 im getting

IPv4 addresses can not be used in IPv6 rules (except within an alias).

i was reading as IPV6 is not recommended doing NAT but using the rules instead, also read
i was trying to look for a guide for this but couldn't really find any
the only wiki i found https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#mixing-ipv4-and-ipv6-addresses-in-aliases
but not sure what to add in the alias?

Thanks

Bob.Dig · Jun 7, 2024, 3:59 PM

@killmasta93 You can't mix IPv4 and IPv6.

killmasta93 · Jun 7, 2024, 4:04 PM

@Bob-Dig thanks for the reply, so i would need to create on my LAN another IPV6 and on my virtual machines also add them an ipv6?

JKnott · Jun 7, 2024, 5:39 PM

@killmasta93 said in Question on routing IPV6 WAN to IPV4 LAN:

@Bob-Dig thanks for the reply, so i would need to create on my LAN another IPV6 and on my virtual machines also add them an ipv6?

If you set up pfSense properly, that should happen automagically. Also, you can create many rules to work with both IPv4 and IPv6.

killmasta93 · Jun 7, 2024, 9:44 PM

@JKnott thanks for the reply, first time configuring ipv6 so in theory i need to have enabled ipv6 on my LAN and also for my Vms?

JKnott · Jun 8, 2024, 12:55 AM

@killmasta93 said in Question on routing IPV6 WAN to IPV4 LAN:

so in theory i need to have enabled ipv6 on my LAN and also for my Vms?

Yes.

Shack · Jul 17, 2024, 6:14 PM

This is something that I have been wondering about. I firmly believe that IPv6 is overkill, needlessly complex, and inappropriate for small networks such as in a home. I would like to see functionality added (if it does not currently exist) to translate from IPv6 on the WAN interface to IPv4 on the LAN interface. That way if I ever have to choose between being stuck with CGNAT and using IPv6, I can go the IPv6 route.

JKnott · Jul 17, 2024, 6:14 PM

@Shack

Why not just go with IPv6 and get rid of all the crap that's become necessary to keep IPv4 going? Stuff like NAT break things and CGNAT even more things. Because of NAT we need STUN for VoIP and some games. So, it's hack upon hack just to get around the IPv4 address shortage. On top of this, IPv6 cleans up some of the things in IPv4. For example, ARP predates IPv4 and was used because it was available. With IPv6, the functionality of it has been rolled into ICMPv6 with some other features added. Other things improve security and more. According to Vint Cerf, the guy who created it, IPv4 was intended only as a proof of concept and he expected the final protocol would have a much larger address space.

With my ISP, I have a single IPv4 address which requires NAT to support multiple devices. With IPv6, I get a /56 prefix, which provides 256 /64s, each of which contains 18.4 billion, billion addresses. NAT also breaks the end to end transparency, which the network gods had intended.