IPv6 dynamic NAT

IPv6
Log in to reply
  • P

    Is it "by design" not possible to use dynamic (hide) NAT on IPv6?

    I know that this maybe not the perfect design to use, but my service provider (Telenor) only assigns /128 address.

    0
  • C

    Yes, that's bad. If your ISP isn't routing at least a /64 to you for your internal network, they're doing it wrong. I really doubt such a big provider would screw up v6 that badly, you sure you don't have some option for prefix delegation?

    0
  • P

    My mistake! It seems like the info I got was wrong, and they are actually assigning /48 (!).

    Thx!

    0
  • pmisch

    This is what providers should do…  :P
    Is it a static prefix or does it change?
    A changing prefix gives you more anonymity, a static one gives you the possibility to offer services via that line.

    0
  • P

    I assume that it is dynamic, pmisch. Which gives me a little headache one how to address internal servers. I have a few internal servers that I would like to assign ULA addresses, but it seems like I'm not able to assign a static ULA address to a "tracked interface" on my pfsense gateway…

    Anyone with best practices on how to solve this? Assigning GLA's that might change for the internal servers does not seem to be a good option...

    0
  • H

    @pii77:


    Anyone with best practices on how to solve this? Assigning GLA's that might change for the internal servers does not seem to be a good option...

    To expect a dynamic IPv6 prefix-delegation as a mature native IPv6 product, that you can use for a public server, is false.
    Do not try to repair half-backed/donkeyed products. Achieve your goal with tunnel over IPv4, HE or SIXXS. IPv6 is a public exposure.

    0
  • S

    Hello,

    I have the same problem. We have two slow DSL-Connections with dynamic IPv6. There is now option to get a fixed IPv6 address from my ISP. So I need for load balacing dynamic "Destination IPv6 Prefix" in "NPt". I don't need an external access. It is necessary for my internal client.

    Dynamic NPt in pfSense would be very nice.

    Have a nice day!

    Snowyrain

    0
  • H

    @pii77:


    Anyone with best practices on how to solve this?...

    Why does an/your ISP issue a prefix /48 and not keep it the same number for you, despite you get it with DHCP6c(PD) (and they reserve the right to change/pull it ofcourse). ?

    Why not just assume that your /48 is a permanent number (quasi-static) ? Because then next assign your LAN a subnet static or with DHCP6-server…

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy