Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is a dynamic alias or variable for IPv6 Prefix scheduled?

    Scheduled Pinned Locked Moved IPv6
    25 Posts 14 Posters 9.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • -flo- 0-
      -flo- 0
      last edited by

      Ah ok: A random ID is used for the creation of an IPv6 address, Ethernet is however still required to use MAC addresses in Windows.

      This would have no impact on the suggested self learning of IPv6 host part of addresses by the firewall based on the MAC address.

      1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott
        last edited by

        Ethernet is however still required to use MAC addresses in Windows

        It's required, Windows or not, for Ethernet to function.  In addition to NICs recognizing frames for them, switches also use MAC addresses to learn how to forward traffic.

        BTW, MAC addresses go back before there even was a Windows.  In Novell Netware, your IPX address was based on a 16 bit network address and the 48 bit MAC address  There was even one network called ARCNET, which used 8 bit manually configured (switches or jumpers) MACs.  With it, it was quite possible to get duplicate MACs on a network, which could cause a bit of "fun".

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • D
          Double K
          last edited by

          Not sure if this was resolved in a separate thread, so apologies for bringing up an older thread that may already be solved.

          I'm trying to setup a dynamic alias for specific client machines - so the 64-bit client ID / MAC address is known (ie. a1b2:c3d4:e5f6:7890).  The 64-bit prefix is variable from the ISP, so I'm trying to "wildcard it".
          In the alias, I put the IP as: [0000-ffff]:[0000-ffff]:[0000-ffff]:[0000-ffff]:a1b2:c3d4:e5f6:7890
          When I click Save, it fails saying: "Please match the requested format".

          If this has already been solved another way, I'd appreciate the link to the solution.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            @Double:

            I'm trying to "wildcard it".
            In the alias, I put the IP as: [0000-ffff]:[0000-ffff]:[0000-ffff]:[0000-ffff]:a1b2:c3d4:e5f6:7890
            When I click Save, it fails saying: "Please match the requested format".

            Eeeeeeeeeeeh??? Huh?!?!

            1 Reply Last reply Reply Quote 0
            • S
              seidler2547
              last edited by

              I think this problem would be solved already if pfSense would not be restricted to CIDR. If a full subnet mask would be used, the top 64 bit could just be left 0 and the lower 64 bits (or at least the EUI-48 part could be 1 so that the IP+subnet mask would ignore the IPv6 prefix and only match the host-specific part. That's how firewall rules for dynamic IPv6 subnets can be easily implemented in ip6tables on Linux.

              I have idea however if the CIDR restriction is a pf issue and whether a full subnet mask can be easily implemented.

              Stefan

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.