4. IPV6 Problem

IPV6 Problem

  • R

    My Above setup is working perfect for IPv4 and BGP.

    Its not working so great for my IPv6

    I can ping out to the internet from the the Edge, Primary, and COLO firewalls (all pfsense)

    But when i try to do DHCP6 for the Internal Networks nothing works. I dont get a router for internet but i do get an IP address.

    RA : Managed
    Router Priority: high
    RA Subnet : None

    DNS: Use SAME settings as DHCPv6 Server.
    When i try to ping the internal interface of the Primary or COLO Firewall i dont even get a ping response. ( i have a floating rule that allows all ICMP on all interfaces)

    Should i change my setup to let the edge routed just do DHCPv6 and move on from there and is there any examples of the setup i should use. I am new to IPv6 but not networking. im trying to get all of our offices to ipv6 but this is proving very problematic

    0
  • D
    Banned

    What is that /80 on the LANs? Do not do such things, ever. Anything smaller than /64 is not routable.

    P.S. I noticed you mentioned BGP. Not really sure what you are trying to do. You'll have a hard time getting prefixes longer that /32 globally routable, RFCs or not.

    0
  • R

    @doktornotor:

    What is that /80 on the LANs? Do not do such things, ever. Anything smaller than /64 is not routable.

    P.S. I noticed you mentioned BGP. Not really sure what you are trying to do. You'll have a hard time getting prefixes longer that /32 globally routable, RFCs or not.

    Per you reply i checked. You are right. My BGP is not announcing the /48 because the IPv6 pool was provided by comcast. So im working on getting a /32 from ARIN atm

    Pulling BGP out of the equation i have this setup (per you comment about anything smaller then /64 is not routeable)

    Now i can ping devices on the same network.
    ie: LAN Device can ping LAN Gateway

    but i ran into a new issue. LAN Device cant ping Edge Firewall or any of the external interfaces

    ie: X:X:X:1000::5 can not ping X:X:X:F000:1 or X:X:X:F000:3 but can ping X:X:X:F000:2

    is there any other information i need to provide for the example?

    Edge Router has a IPV6 Any to Any Rule

    Both Firewall have IPV6 ICMP from Any as Allowed.

    the Edge Firewall has Gateways setup and showing the firewalls as up. I have a feeling I am missing something really basic here and its make me feel stupid.

    is there an easier way to do this ??

    with prefix delegation and or DHCPv6 on the edge firewall?

    0
  • H

    Yes, your edge firewall is a master holding the /48. Request by slave DHCP(PD).

    Stop the /52-ing internal. Peel off /64-ers from your comcast /48. Stick to /64 routing.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy