IPv6 passthough?
-
I am currently getting /60 IPv6 prefix from ISP, and would like to passthrough /62 prefix via LAN to a Unifi UDM-SE to use for private, guest and IoT networks. Is this possible?
-
Generally you'd just route the subnets you want. I have done that here with my /56. I have a main LAN, guest WiFi, test LAN and OpenVPN. Just create an interface and choose the appropriate prefix ID for each.
-
Yes, I've done so when pfsense was the main gateway. I would like to keep using UDM-SE as the gateway for the private IP subnets, but I'm seeking to reintroduce pfsense into the mix to handle the public IPv4 / 28 subnet. UDM is very much lacking in that area.
Here is roughly what I'm trying to do:
-
Then you'll have to route the subnets to the UDM.
You say you have a /28 IPv4 from your ISP, but 3x /28 to the UDM. How do you manage to get 3, when you only had 1 to start with? -
@JKnott Sorry for the confusion, it is the entire /28 block of static IPs. They are routed to / via the DHCP IP from the ISP. UDM doesn't have a good way to handle that, so I'm trying to get a pfsense firewall to be a man in the middle for the public subnet block. I'm not planning on using NAT on pfsense at all.
-
You'll still have to route the subnets to the UDM.
-
Forgive me if I'm misunderstanding what you're wanting to do, but on pfSense you can set up a Prefix Delegation Pool in the DHCPv6 Server settings for the interface to which the UDM is connected. Assuming the UDM supports PD it should request a prefix from pfSense which will then take care of the routing.
Also, as you might already be aware, an easy way to disable NAT for IPv4 is to switch to Hybrid Outbound NAT and add a "NO NAT" rule for IPv4 for the interface the ISP device is connected to.
