When using NAT64 does pfSense block routing in internal VLANs?
-
So I'm testing a IPv6-mostly setup with a VLAN that has NAT64 and PREF64 and DHCP Option 108. Apple devices support CLAT natively and everything triggers and works as expected for outbound stuff.
But I'm trying to ping a device in another VLAN inside my network through its IPv4 and it doesn't seem to work.
Do I need to have some specific rule to allow this in pfSense, or does the NAT64 implementation fail to work with RFC1918 destinations when arriving via 64:ff9b::/96 ?
-
The NAT64 RFC says you shouldn't be able to do that, so now it isn't allowed by default.
-
That's weird, so when in an IPv6-only environment you have mechanisms to talk to anybody in the IPv4 world (with NAT64) except your own internal networks? How does that make sense?
Is there a way to change the default behavior and allow this?
-
@IonutIT Check "NAT64 Prefix Override" on System > Advanced, Firewall/NAT
