NAPT for IPv6



  • Hi, I've been trying to find a solution that provides one to many NAT for IPv6. I've read through the forums a lot trying to find a solution.

    http://forum.pfsense.org/index.php/topic,50546.msg269256.html#msg269256

    This topic was a good bit of information. But that only provided 1:1 NAT, not 1:n NAT. So I was wondering if there's some feature that I've missed that will give me NAPT (Network Address and Port Translation) for IPv6 under pfSense 2.1? I appreciate the help guys.



  • Why would you want to do such a thing? NAT is bad. Some argue NAPT shouldn't even be considered, though for multi-homing small to mid sized networks it's currently your only option.

    There is no such capability at this time.



  • @peteknot:

    Hi, I've been trying to find a solution that provides one to many NAT for IPv6.

    Why? What are you trying to accomplish here that you're looking for NAT in v6?



  • Without any motivation the request is denied, move on. Routing works just fine.



  • Sorry for the late reply. I did not receive a message about updates to this post. My motivation behind a 1:N NAT for IPv6 is for security purposes. I'm working on a project and one of the requirements is to be able to obscure the network from the outside world. So 1:1 NAT (NPT) isn't an option as hosts are still identifiable. Thanks.



  • Even though you have public IPv6 on your LAN interface and the machines behind it, the firewall is still in between those hosts and the internet, no?


  • Rebel Alliance Developer Netgate

    Security by obscurity is no security at all. Drop the dated concept of "security" from NAT, and you'll be better off.



  • Regardless of NAT or no NAT, you can still firewall it so that only connections to the ports you allow through to each system will pass through the router.


Locked