OPNsense Forum
English Forums => General Discussion => Topic started by: Anon87 on April 22, 2018, 01:56:21 pm
-
Hi,
I am currently in the process of setting up an IPv6 range. My provider appointed a /56 range for me, native, but I cannot seem to get it running.
Right now, my network is IPv4 only. I have a /28 IPv4 range. It's setup like this:
xxx.xxx.xxx.1 => Main IP
xxx.xxx.xxx.2 => Mail IP
xxx.xxx.xxx.3 => Game IP
The internal net is:
192.168.1.0/24 => LAN
192.168.2.0/24 => OPT1
The firewall consists of three interfaces, WAN, LAN and OPT1. The three aforementioned public IP's are appointed to the WAN interface, through port forwarding traffic is allowed from, for example, WAN => OPT1. Using reverse NAT, the game PC has the .3 IP as it's outgoing IP.
Now, I wanted to do the same with IPv6. However, this territory is completely unknown to me. I tried it like this:
XXXX:XXXX:XXXX:XXXX:0:0:0:1 => Main IP
XXXX:XXXX:XXXX:XXXX:0:0:0:2 => Mail IP
XXXX:XXXX:XXXX:XXXX:0:0:0:3 => Game IP
And the internal IPv6 range:
fdf1:44a3:70cb:10c6::/64 => LAN
Thing is, however I tried, I can't get this to work. Is this the correct way to set it up, will the picture I've painted even work?
-
A few things to remember:
- IPv6 does not need NAT
- All subnets that contain hosts should have a /64 netmask
- The routable part of IPv6 needs to be in 2000::/3
You can pick a /64 from your /56 allocation and set it as the internal LAN subnet. You need to set a static IP on the firewall LAN interface and configure this as the IPv6 default gateway.
That would make your LAN addressing:
2XXX:XXXX:XXXX:XXXX::1 Firewall (DG for the others)
2XXX:XXXX:XXXX:XXXX::2 Mail
2XXX:XXXX:XXXX:XXXX::3 Game
Bart...