Hey everybody,
I do not know if it is the right place. But i would like to ask for some help by setting up an IPv6 config. Everything seems working flawless but there a some strange things, wich I do not understand. So i hope, you can help me.
First: There is no fix IPv6 prefix delegated, so it could be possible that these could change.
My networksetup:
- Main LAN:
- IP 192.168.20.0/24
- fd85:xx:feb8:9820::1/64
- 2003:xx:xx:20::/64
IOT Net
- IP 192.168.60.0/24
- fd85:xx:feb8:9860::1/64
- 2003:xx:xx:60::/64
Guest Net:
- IP 192.168.50.0/24
- fd85:xx:feb8:9850::1/64
- 2003:xx:xx:50::/64
If I get it right, so the internetacces is only possibel via the Global address "2003::".
>> This works fine > an IPV6 testsite shows me IPv4 and IPv6 compatibility
I set up an Pihole and provide this DNS via DHCPv6
> So every client gets an IPV4 DNS and IPV6 DNS Server (here - i provide the FD85:: adress, because these should be always the same)
And now to the part - i do not understand.
When i connect to the Guest or IOT net
> I only get the configured IPv6 adress. There is no "20" / "50" adress
But when i Connect to the Main LAN.
-> Every V6 Adress is provided "20" / "50" / "60"
I dont know why getting the other subnets at my main Lan . Maybe someone can explain it ? Or is there an configuration error?
Now one question to the Ruleset:
For Example the GUEST net.
> I added an allow rule for the DNS Server (fd85:XX:feb8:9820::2)
> I added an Block Rule for "LAN NET" and "IOT NET"
> I added an Block Rule for the Private IPv6 Ranges (fd85:XX:feb8:9820::/64 and fd85:XX:feb8:9860::/64)
Is this the right way, or can it blocked by another way ?
Thanks a lot for helping me
Mario