Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPV6 Problem

    IPv6
    3
    4
    929
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rb504c last edited by

      My Above setup is working perfect for IPv4 and BGP.

      Its not working so great for my IPv6

      I can ping out to the internet from the the Edge, Primary, and COLO firewalls (all pfsense)

      But when i try to do DHCP6 for the Internal Networks nothing works. I dont get a router for internet but i do get an IP address.

      RA : Managed
      Router Priority: high
      RA Subnet : None

      DNS: Use SAME settings as DHCPv6 Server.
      When i try to ping the internal interface of the Primary or COLO Firewall i dont even get a ping response. ( i have a floating rule that allows all ICMP on all interfaces)

      Should i change my setup to let the edge routed just do DHCPv6 and move on from there and is there any examples of the setup i should use. I am new to IPv6 but not networking. im trying to get all of our offices to ipv6 but this is proving very problematic

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        What is that /80 on the LANs? Do not do such things, ever. Anything smaller than /64 is not routable.

        P.S. I noticed you mentioned BGP. Not really sure what you are trying to do. You'll have a hard time getting prefixes longer that /32 globally routable, RFCs or not.

        1 Reply Last reply Reply Quote 0
        • R
          rb504c last edited by

          @doktornotor:

          What is that /80 on the LANs? Do not do such things, ever. Anything smaller than /64 is not routable.

          P.S. I noticed you mentioned BGP. Not really sure what you are trying to do. You'll have a hard time getting prefixes longer that /32 globally routable, RFCs or not.

          Per you reply i checked. You are right. My BGP is not announcing the /48 because the IPv6 pool was provided by comcast. So im working on getting a /32 from ARIN atm

          Pulling BGP out of the equation i have this setup (per you comment about anything smaller then /64 is not routeable)

          Now i can ping devices on the same network.
          ie: LAN Device can ping LAN Gateway

          but i ran into a new issue. LAN Device cant ping Edge Firewall or any of the external interfaces

          ie: X:X:X:1000::5 can not ping X:X:X:F000:1 or X:X:X:F000:3 but can ping X:X:X:F000:2

          is there any other information i need to provide for the example?

          Edge Router has a IPV6 Any to Any Rule

          Both Firewall have IPV6 ICMP from Any as Allowed.

          the Edge Firewall has Gateways setup and showing the firewalls as up. I have a feeling I am missing something really basic here and its make me feel stupid.

          is there an easier way to do this ??

          with prefix delegation and or DHCPv6 on the edge firewall?

          1 Reply Last reply Reply Quote 0
          • H
            hda last edited by

            Yes, your edge firewall is a master holding the /48. Request by slave DHCP(PD).

            Stop the /52-ing internal. Peel off /64-ers from your comcast /48. Stick to /64 routing.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post