Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What is needed for NAT64?

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 60 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mcfly9
      last edited by

      This question is going to be theoretical on my thought journey towards an IPv6 only LAN.

      I was wondering whether the "Enable NAT64" checkbox on a firewall rule is enough for NAT64'ing, or there is any other pfsense-side dependency... (apart from enabling DNS64 of course)?

      Meaning, does "Enable NAT64" result in pfsense ignoring the first 96 bits of the destination IP address (let that be prefixed with 64:ff9b::/96 or a GUA /96 prefix) and only caring about the last 32 bits?
      Or is there any additional check against some other setting (eg: destination prefix matches NAT64 prefix set in the RA settings for the interface)?

      patient0P 1 Reply Last reply Reply Quote 0
      • patient0P Online
        patient0 @mcfly9
        last edited by

        @mcfly9 yep, that is what you need, together with DNS64, I do use the standard NAT64 prefix.

        In the pfSense doc it's mentioned to enable PRE64 in the router advertisment. It does work for me without it.

        pfSense doc: NAT64

        ... pfsense ignoring the first 96 bits of the destination IP address ...

        The NAT64 prefix is not ignored but the whole is translated and the information (src, dst & port) is keep since pfSense gotta know where to send the return traffic.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.