Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Homelab IPv6 - dynamic DNS and subnetting basics

    Scheduled Pinned Locked Moved
    IPv6
    4
    4
    333
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NickyDoes
      last edited by

      I'm embarking on IPv6 in my home lab. It's a typical lab: home LAN devices & traffic, and a few servers with public access. I've been reading & watching IPv6 material. No, I haven't read the IETF RFCs.

      I get the basics of IPv6 addressing, but I'm having trouble translating some concepts from IPv4 to IPv6. I have a /56 prefix delegated. I'm looking to understand homelab IPv6 from end-to-end. My understanding is that I do not have to remember or copy/paste whole IPv6 addresses (this will be awesome).

      For servers:
      Do I set up a dynamic DNS record to point to a home lab server directly? If so, how is the server addressed - dynamic e.g. via SLAAC, static, or some other method?

      For home devices like phones, PCs, TVs on a separate subnet? If so, do I then just create firewall rules for the subnet?

      johnpozJ Bob.DigB keyserK 3 Replies Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @NickyDoes
        last edited by

        @NickyDoes if you were delegated a /56 you would create your /64 prefixes you want to use on your different local segments from that.

        if you want to access your servers on ipv6 via some fqdn, then yes you would have to setup dns to resolve that fqdn to their IPv6 address, this could be dynamic dns, this could be just a AAAA record you created in the dns for that IPv6 address.

        Yes IPv6 isn't behind a nat, so your firewall rules would need to allow whatever IPv6 address behind pfsense to be accessed by who you want to access it there is no port forwarding, etc.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

        1 Reply Last reply Reply Quote 1
        • Bob.DigB
          Bob.Dig LAYER 8 @NickyDoes
          last edited by

          @NickyDoes said in Homelab IPv6 - dynamic DNS and subnetting basics:

          Do I set up a dynamic DNS record to point to a home lab server directly? If so, how is the server addressed - dynamic e.g. via SLAAC, static, or some other method?

          Probably yes.
          I would use DHCPv6 for a server behind dynamic IPv6.
          DDNS might be troublesome. At least I wish we had support for DHCPv6-hosts and the usual DDNS-Clients in pfSense.

          1 Reply Last reply Reply Quote 1
          • keyserK
            keyser Rebel Alliance @NickyDoes
            last edited by

            @NickyDoes IPv6 gets quite tricky when it comes to pfSense. Like with IPv4 there is no support for automatic client DNS nameregistration in IPv6, so either you have to register all clients/servers manually (SLAAC clients and Static IP clients) or in some products the DHCPv6 server can register its clients in DNS - but not on pfSense though (so manually it is….).

            Also - IPv6 on most/all clients use something called privacy extensions, so if you use SLAAC you cannot create pr. Client outbound firewall rules. You have to allow og deny everything equally for the intire subnet.
            With privacy extensions clients will pick a new random IPv6 address every day for oubound connections.

            You could experiment with the new MAC address based firewall rules though…

            Love the no fuss of using the official appliances :-)

            1 Reply Last reply Reply Quote 1
            • First post
              Last post