4. IPv6 dynamic NAT

IPv6 dynamic NAT

  • P

    Is it "by design" not possible to use dynamic (hide) NAT on IPv6?

    I know that this maybe not the perfect design to use, but my service provider (Telenor) only assigns /128 address.

    0
  • C

    Yes, that's bad. If your ISP isn't routing at least a /64 to you for your internal network, they're doing it wrong. I really doubt such a big provider would screw up v6 that badly, you sure you don't have some option for prefix delegation?

    0
  • P

    My mistake! It seems like the info I got was wrong, and they are actually assigning /48 (!).

    Thx!

    0

  • This is what providers should do…  :P
    Is it a static prefix or does it change?
    A changing prefix gives you more anonymity, a static one gives you the possibility to offer services via that line.

    0
  • P

    I assume that it is dynamic, pmisch. Which gives me a little headache one how to address internal servers. I have a few internal servers that I would like to assign ULA addresses, but it seems like I'm not able to assign a static ULA address to a "tracked interface" on my pfsense gateway…

    Anyone with best practices on how to solve this? Assigning GLA's that might change for the internal servers does not seem to be a good option...

    0
  • H

    @pii77:


    Anyone with best practices on how to solve this? Assigning GLA's that might change for the internal servers does not seem to be a good option...

    To expect a dynamic IPv6 prefix-delegation as a mature native IPv6 product, that you can use for a public server, is false.
    Do not try to repair half-backed/donkeyed products. Achieve your goal with tunnel over IPv4, HE or SIXXS. IPv6 is a public exposure.

    0
  • S

    Hello,

    I have the same problem. We have two slow DSL-Connections with dynamic IPv6. There is now option to get a fixed IPv6 address from my ISP. So I need for load balacing dynamic "Destination IPv6 Prefix" in "NPt". I don't need an external access. It is necessary for my internal client.

    Dynamic NPt in pfSense would be very nice.

    Have a nice day!

    Snowyrain

    0
  • H

    @pii77:


    Anyone with best practices on how to solve this?...

    Why does an/your ISP issue a prefix /48 and not keep it the same number for you, despite you get it with DHCP6c(PD) (and they reserve the right to change/pull it ofcourse). ?

    Why not just assume that your /48 is a permanent number (quasi-static) ? Because then next assign your LAN a subnet static or with DHCP6-server…

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy