Automatic Prefix translation



  • Is it somehow possible to implement a prefix translation that just translates the LAN prefix to whatever prefix the WAN gateway uses it leaves from?

    It would be very helpful because I am planning to implement IPv6 multi wan but my ISP does not provide me with a static prefix. The prefix can change from time to time.

    They provide me with a modem which sends router advertisements which assign the routed /64 prefix to it's clients.

    Or is there some other workaround I can use?



  • And they don't support prefix delegation (DHCP-PD)?


  • Rebel Alliance Developer Netgate

    To translate to the WAN prefix would be unworkable. The firewall would need a mechanism such as proxy NDP that doesn't yet exist.

    Eventually there will be an auto NPt option for a delegated prefix, but that doesn't exist quite yet either.

    If your ISP isn't delegating you a routed prefix, they haven't properly implemented IPv6 support for end users.



  • @jimp:

    If your ISP isn't delegating you a routed prefix, they haven't properly implemented IPv6 support for end users.

    They give me a crappy router which has a cable modem integrated. This router does DHCP-PD to get the prefix from the ISP. Basically they don't want you to deploy your own router so the thing does not support bridge mode.

    It is not possible to get another modem because they won't give you the access data.

    Unfortunately this is a common case and I think pfSense should be mindful about that. When you implement this auto NPt feature you should allow us to track and interface (use the prefix of an ip from a specific interface) besides the delegated prefix.


  • Rebel Alliance Developer Netgate

    Ah, that does make sense. Though that is not going to work with another router behind it. You can't use IPv6 in a viable way in that scenario unless you bridge pfSense. Cascaded DHCP-PD is possible if they are willing to allocate more than one prefix to the edge router, it can in turn delegate a subnet to a client behind it. So there is no technical reason they couldn't actually let you have your own router and still do what they want.

    I doubt proxy NDP is going to happen. Even if we get some form of automatic NPt it would only be viable for use with routed subnets that are delegated to the firewall.



  • You are absolutely right there is no technical reason besides "we don't want to implement or support it".

    The edge router of the ISP gets an /57 prefix and uses a /64 network in it's router advertisements. He just doesn't delegate any prefix. There is no setting on the router to activate that. I can change WiFi psk, that's about it.



  • You could try replacing the modem they supplied with a plain DOCSIS 3.0 retail modem. The DOCSIS 3.0 spec mandates IPV6 support and should work just fine after you give your ISP the new MAC address of your modem. That's what I did for Comcast. They had supplied with a router/modem combo that could not be put into bypass mode.



  • Get rid of the stock router. That is for people who have no clue how to use networking. Buy a DOSCIS 3.0 modem or better.

    If your ISP forces you to use a router, like AT&T, then change ISPs. I changed ISPs solely on this reason and I haven't regretted it.



  • Our rent contract forces us to use this provider and our provider forces the router. Basically we are fucked. I don't want to move just because of this. So I have to live with it.