IPv6 minor question
-
Is there a way to assign a particular IP address to the LAN interface? With IPv6 it appears to have chosen a random address, instead of *5350:208:a2ff:fe0d:69d3 it would be more convenient to be something like *5350::1.
Just playing around, there are a lot of website that are IP4 only. Several news site are IP4 only, this website is both.
-
@AndyRH If you don't do static, which you can't if you don't have a static prefix, no.
-
@Bob.Dig Will it keep the same address?
-
@AndyRH Yes, the interface identifier will stay the same.
-
@Bob.Dig Thank you.
Now it is down to me experimenting creating rules for IPv6 systems.
-
If you're using SLAAC, you should have one consistent address, based on either the MAC address or a random number. If you want a specific address you can then locally assign the MAC to create that address or, as others mentioned, just use a static configuration.
-
@JKnott These are ATT IPv6 addresses. I have tested putting up a web server and getting to it from the outside. The cool thing is the DDNS address I registered works the same inside and out.
-
@AndyRH Depending on how AT&T does things, your address may be virtually static. I'm on Rogers, in Canada, and my IPv6 addresses have not changed in coming up on 7 years. I am aware some ISPs do not do that. I have a static DNS AAAA record for my home network so I can connect with a VPN. On IPv4, my host name is based on the modem and firewall MAC addresses and that doesn't change unless I change hardware. So I have an alias that points to that long host name. Even without that, my IPv4 address hasn't changed in years. And yes, I would expect that address to work inside and out. Since you don't have NAT in the way to mess things up, it's just normal routing. PfSense knows exactly how to reach that address.
-
@JKnott I do not expect ATT to change my address, I have had the same IP4 address for over 7 years.
Right now I am making sure I understand how PiHole will behave and get in place my DNS blocking to prevent to use of rouge DNS. I suspect to solution will be to block all IPv6 port 53 (except PiHole) and force the use of internal IPv6 and continue to masquerade IP4 rouge DNS requests.
