Forward port on IPv6



  • Hey everyone,

    I've got IPv6 working great with Comcast. My machines behind pfsense get a global v6 IP and I can browse IPv6 sites just fine.

    My question is about forwarding ports from pfsense to various machines behind it. I have one DNS name that I want to use for every port (80, 22, 443, etc…), but since I obviously don't want to use NAT anymore with IPv6 what is the best way to accomplish this?

    I can do it with load balancing just fine, but that seems overkill since this is a home network and I'm never going to actually need to load balance anything.

    Is there a best practice for this type of thing with IPv6?

    thanks.


  • Rebel Alliance Developer Netgate

    Port forwarding is NAT. NAT and IPv6 is bad.

    There isn't going to be a way to properly use one DNS hostname for services on multiple IPs the way you're after. Use unique hostnames per IP.

    Port forwarding with IPv6 may work already, but I'd still avoid it like the plague where possible.



  • Thats what I was afraid of. Thanks for confirming!



  • We have waited so long to be cured of NAT.  Resist the addiction.



  • @kejianshi:

    We have waited so long to be cured of NAT.  Resist the addiction.

    haha, yeah I'm definitely going to avoid port forwarding. It is VERY nice to have a global IP on all my desktops with just a firewall in front to protect. Such a weird thing to have though after all these years.



  • That said, it would be very nice if the miniupnpd version included in pfSense supported WANIPv6Firewall / pinholes / PCP.


  • Rebel Alliance Developer Netgate

    @razzfazz:

    That said, it would be very nice if the miniupnpd version included in pfSense supported WANIPv6Firewall / pinholes / PCP.

    Last time we tried to enable IPv6 for miniupnpd, it broke in various ways. Maybe a newer version would help there, but at the time we tried it, it was the most current version available. It has been a while though, we may revisit that for 2.2.


Log in to reply