Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipv6 forward an adres Gua ula etc between vlans

    Scheduled Pinned Locked Moved
    Firewalling
    2
    4
    80
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      snippem
      last edited by

      Hi all,

      First topic here🙃
      I have multiple vlans and diving into ipv6 atm. Its not that ipv4 isn't giving me what I want but I just want it to learn it for the future. Ipv6 is working atm with everything including ula. From my isp i get a 56 network and have my private network setup with 64 networks. I isolated all of my internal networks from each other the usual way. I am testing to get a specific ipv6 adres to communicate to another ipv6 adres on another vlan. When i setup an rule on vlan 1 to pass the traffic ( subnet level ) to the specific ipv6 adres in vlan 2 this works ( i can ping the adres ula Gua and global).
      But when i create a rule to pass the traffic from a specific ipv6 adres on vlan 1 to vlan a specific ipv6 adres in vlan 2 it does not ( I can't ping the device ula gua and global)
      Hope somebody can point me in the right direction.

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @snippem
        last edited by

        @snippem

        One thing to bear in mind is if you're using SLAAC, the outgoing address will change daily. If you look at your device addresses, you will see 1 consistent address, which you use when you want to connect to it, such as for a server. You will also get up to 7 privacy addresses, with a new one every day. These are used with outgoing connections, such as when you use a browser.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        S 1 Reply Last reply Reply Quote 0
        • S
          snippem @JKnott
          last edited by

          @JKnott I have a 56 prefix from ziggo the ipv6 adres has not changed the past months even with a modem swap. I have the do not release option enabled so hope the adres stays the same. For my internal services i would like to use the ULA adres range as the ipadresses are configured with the mac-adres of the device. The outgoing connections i would like to manage through something like HA-proxy (as i now do with ipv4). But i want my services strictly accessible where it is needed so that is why i am asking:
          How i forward a ipv6 from device to device acces and not a whole network to a device. The network on VLAN1 from which i want acces to device on the other VLAN 2 is in my opinion a rule that gives to much room for other devices on VLAN 1.

          JKnottJ 1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott @snippem
            last edited by

            @snippem

            You might consider static addresses on ULA, though I haven't tried that. Unfortunately, pfSense doesn't filter on MACs, at least not in CE.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • First post
              Last post