Static IPv6 (got a /48)
I think there's a huge flaw in my setup and I just don't see it. Hopefully someone can enlighten me about my mistake…
I got a /48 from my ISP and want to use the first /64 for several pfSense boxes and all networks behind them get their own /64 (taken from the original /48).
So e.g. if I have aaaa:bbbb:cccc::/48 and aaaa:bbbb:cccc::1 is my default gateway, I take aaaa:bbbb:cccc::2/64 for thw WAN interface of my first pfSense Box, aaaa:bbbb:cccc::3/64 for the second and so on.
On the LAN interfaces I use aaaa:bbbb:cccc:1::/64 for the first network, aaaa:bbbb:cccc:2::/64 for the second and so on (giving the LAN interface aaaa:bbbb:cccc:X::1 as address).
Using this setup I can:
Enable RA's on the inside and recieve automatic configuration
ping6 the LAN address of that pfSense
ping6 the WAN address of that pfSense
ping6 the default gateway of the pfSense from its WAN interface
However, I can not ping6 the WAN default gateway from the LAN side. I cannot ping6 any other system in the WAN network of the pfSense boxes either.
As said, I don't see what is going wrong here. For testing purposes I allow any outgoing IPv6 traffic at the moment. Maybe anyone has an idea?
Thanks in advance!
databeestje last edited by
the Wan default gateway needs to have a route for the /48 pointing to your pfsense Wan ::2
e.g. for all the networks behind your pfsense
Thanks a million for your quick answer!
I gave it a nights sleep and feel really stupid right now.
That means my ISP would have to make a routing for every firewall I run, that is of course not doable.
I will ask the ISP for an interconnect subnet and place my own router, then I can do those routings myself.
Just FYI: I now not a /64 for routing purposes and can use the whole /48 as expected.
Everything works fine now.
Thanks again and Greetings,