OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of ClayJ »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - ClayJ

Pages: [1]
1
General Discussion / Re: Using transparent bridge to create a pure IPv6 network
« on: September 28, 2024, 05:51:42 am »
No one ever responded, and my experimentations with OPNSense myself never yielded acceptable results.

I switched back to PFSense and managed to get 98% of what I'm after.  My only problem there and probably would be a problem here as well, is there is no firewall rule to block ARPs.  So I still get arp requests and replies flooding across the bridge, as well as other  non IP protocols but it will do for my needs.

2
General Discussion / Re: Opnsense access from WAN system (Daisy chained router)
« on: September 22, 2024, 06:34:26 pm »
Here's what finally fixed my WEBui access from the WAN

Firewall / Settings / Advanced  -  Disable anti-lockout = Checked

I already had  - Disable administration anti-lockout rule = Checked

3
General Discussion / Using transparent bridge to create a pure IPv6 network
« on: September 21, 2024, 09:59:52 pm »
At work, we have products that help analyze networks.

We've supported IPv6 for years, but only in conjunction with IPv4 as well.  Recently we've been getting requests to support pure IPv6 networks with no IPv4 present at all.  Companies like Banks, Insurance, Google, Facebook, etc.  So we probably can't just tell them to go away, or it's a bad idea.

Our problem is that setting up pure IPv6 networks is HARD.  Most of our developers are remote like me.  I was able to setup pure IPv6 using PFSense and splitting the IPv4 NAT to one interface and the IPV6 to another but it's problematic since I no longer have a combined IPv4/IPv6 environment.

MY QUESTION:

Can I take an old laptop, desktop, or cheap x86 box, and using OPNSense, create a transparent bridge that strips off any/all IPv4 packets, but passes IPv6 (unicast and multicast) to create a seemingly pure IPv6 network?

This could give me the best of both worlds, plug into my normal lan for a combined 4/6 net, or plug into the lan port of the OPNSense to get a pure IPv6 net.

I kind of tried it with PFSense, but a few years ago they began blocking all broadcast packets between bridged networks, or at least that was the explanation I was given without any reasons why.  I'm hoping OPNSense hasn't done the same thing.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2