NAPT for IPv6



  • Hi, I've been trying to find a solution that provides one to many NAT for IPv6. I've read through the forums a lot trying to find a solution.

    http://forum.pfsense.org/index.php/topic,50546.msg269256.html#msg269256

    This topic was a good bit of information. But that only provided 1:1 NAT, not 1:n NAT. So I was wondering if there's some feature that I've missed that will give me NAPT (Network Address and Port Translation) for IPv6 under pfSense 2.1? I appreciate the help guys.



  • Why would you want to do such a thing? NAT is bad. Some argue NAPT shouldn't even be considered, though for multi-homing small to mid sized networks it's currently your only option.

    There is no such capability at this time.



  • @peteknot:

    Hi, I've been trying to find a solution that provides one to many NAT for IPv6.

    Why? What are you trying to accomplish here that you're looking for NAT in v6?



  • Without any motivation the request is denied, move on. Routing works just fine.



  • Sorry for the late reply. I did not receive a message about updates to this post. My motivation behind a 1:N NAT for IPv6 is for security purposes. I'm working on a project and one of the requirements is to be able to obscure the network from the outside world. So 1:1 NAT (NPT) isn't an option as hosts are still identifiable. Thanks.



  • Even though you have public IPv6 on your LAN interface and the machines behind it, the firewall is still in between those hosts and the internet, no?


  • Rebel Alliance Developer Netgate

    Security by obscurity is no security at all. Drop the dated concept of "security" from NAT, and you'll be better off.



  • Regardless of NAT or no NAT, you can still firewall it so that only connections to the ports you allow through to each system will pass through the router.


Log in to reply