"
Hi, If you are using NAT with IPv6, make sure that IPV6 link-local addresses are not included in the list of source addresses for NAT66.
Background – My setup is dual WAN (Uverse fiber and Spectrum), with load balancing and failover, and I use NAT66 (I know the reasons that I shouldn't). About a month ago, I noticed that my WAN2 (Spectrum) interface did not have a global IPv6 address (dhcpv6 client). I checked the logs and saw the "dhcp6c transmit failed: Permission denied" error, but did not know how to interpret it.
Over a couple of weeks, I tried everything that I could think of to resolve the issue, but nothing worked. Then, I stumbled across a post about dhcpv6 issues, in which someone suggested that the problem may be related to NAT66. I looked at my NAT66 configuration and realized that included in the source alias list "Internal_All_IPv6" that I use for NAT66 was fe80::/10 (link-local addresses). I suspected that this might be interfering with DHCPv6 (Solicit, Advertise, Request, Reply) sequence, so I removed the link-local addresses from the NAT66 source alias. As soon as I did this, the WAN2 interface obtained a global address, and I have not had the problem since.
...just a newbie's suggestion of something to try.
Will
Background – My setup is dual WAN (Uverse fiber and Spectrum), with load balancing and failover, and I use NAT66 (I know the reasons that I shouldn't). About a month ago, I noticed that my WAN2 (Spectrum) interface did not have a global IPv6 address (dhcpv6 client). I checked the logs and saw the "dhcp6c transmit failed: Permission denied" error, but did not know how to interpret it.
Over a couple of weeks, I tried everything that I could think of to resolve the issue, but nothing worked. Then, I stumbled across a post about dhcpv6 issues, in which someone suggested that the problem may be related to NAT66. I looked at my NAT66 configuration and realized that included in the source alias list "Internal_All_IPv6" that I use for NAT66 was fe80::/10 (link-local addresses). I suspected that this might be interfering with DHCPv6 (Solicit, Advertise, Request, Reply) sequence, so I removed the link-local addresses from the NAT66 source alias. As soon as I did this, the WAN2 interface obtained a global address, and I have not had the problem since.
...just a newbie's suggestion of something to try.
Will
