Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 dynamic NAT

    Scheduled Pinned Locked Moved IPv6
    8 Posts 5 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pii77
      last edited by

      Is it "by design" not possible to use dynamic (hide) NAT on IPv6?

      I know that this maybe not the perfect design to use, but my service provider (Telenor) only assigns /128 address.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Yes, that's bad. If your ISP isn't routing at least a /64 to you for your internal network, they're doing it wrong. I really doubt such a big provider would screw up v6 that badly, you sure you don't have some option for prefix delegation?

        1 Reply Last reply Reply Quote 0
        • P
          pii77
          last edited by

          My mistake! It seems like the info I got was wrong, and they are actually assigning /48 (!).

          Thx!

          1 Reply Last reply Reply Quote 0
          • junicastJ
            junicast
            last edited by

            This is what providers should do…  :P
            Is it a static prefix or does it change?
            A changing prefix gives you more anonymity, a static one gives you the possibility to offer services via that line.

            1 Reply Last reply Reply Quote 0
            • P
              pii77
              last edited by

              I assume that it is dynamic, pmisch. Which gives me a little headache one how to address internal servers. I have a few internal servers that I would like to assign ULA addresses, but it seems like I'm not able to assign a static ULA address to a "tracked interface" on my pfsense gateway…

              Anyone with best practices on how to solve this? Assigning GLA's that might change for the internal servers does not seem to be a good option...

              1 Reply Last reply Reply Quote 0
              • H
                hda
                last edited by

                @pii77:

                …
                Anyone with best practices on how to solve this? Assigning GLA's that might change for the internal servers does not seem to be a good option...

                To expect a dynamic IPv6 prefix-delegation as a mature native IPv6 product, that you can use for a public server, is false.
                Do not try to repair half-backed/donkeyed products. Achieve your goal with tunnel over IPv4, HE or SIXXS. IPv6 is a public exposure.

                1 Reply Last reply Reply Quote 0
                • S
                  snowyrain
                  last edited by

                  Hello,

                  I have the same problem. We have two slow DSL-Connections with dynamic IPv6. There is now option to get a fixed IPv6 address from my ISP. So I need for load balacing dynamic "Destination IPv6 Prefix" in "NPt". I don't need an external access. It is necessary for my internal client.

                  Dynamic NPt in pfSense would be very nice.

                  Have a nice day!

                  Snowyrain

                  1 Reply Last reply Reply Quote 0
                  • H
                    hda
                    last edited by

                    @pii77:

                    …
                    Anyone with best practices on how to solve this?...

                    Why does an/your ISP issue a prefix /48 and not keep it the same number for you, despite you get it with DHCP6c(PD) (and they reserve the right to change/pull it ofcourse). ?

                    Why not just assume that your /48 is a permanent number (quasi-static) ? Because then next assign your LAN a subnet static or with DHCP6-server…

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.