Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
IPv6 Outbound NAT bug?
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPv6 Outbound NAT bug? (Read 2285 times)
netgeek
Newbie
Posts: 16
Karma: 0
IPv6 Outbound NAT bug?
«
on:
August 20, 2019, 03:52:27 pm »
I have a dynamic IPv6 address assigned to me via DHCP, that is an interface on the firewall. I use ULA space (fd00::/8) internally, and then do an outbound NAT. This works with pfsense. It does not with opnsense 19.7.2. The reason? My translation target is set to "interface address", but instead of grabbing the publicly routable IPv6 WAN address, opnsense translates my packets to the link local (fe80:
address, which obviously won't work on the internet.
root@cerberus:~ # tcpdump -Nni em0 host 2607:f8b0:4005:808::2004
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
06:42:07.475749 IP6 fe80::2e0:67ff:fe13:6324 > 2607:f8b0:4005:808::2004: ICMP6, echo request, seq 106, length 72
I don't know what my public IPv6 address is going to be day to day, so I can't hard code it. Is there any way to have opnsense ignore link local addresses when its doing an outbound nat? I can think of no reason that would be needed.
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: IPv6 Outbound NAT bug?
«
Reply #1 on:
August 20, 2019, 09:48:38 pm »
Why the hell do you need to NAT ipv6?
The smallest recommended ipv6 subnet (/64) can hold the complete ipv4 address space ^2.
No need to masquerade any more. Public ips for every node.
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
netgeek
Newbie
Posts: 16
Karma: 0
Re: IPv6 Outbound NAT bug?
«
Reply #2 on:
August 20, 2019, 11:05:55 pm »
If I had a /64 I wouldn't NAT.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
IPv6 Outbound NAT bug?