English Forums > Tutorials and FAQs
IPv4 on LAN - Can I NAT to both IPv4 and IPv6 on WAN?
ember1205:
I recently ran into an issue with trying to access a local company's web site. On my LAN/WiFi, I could not access the site at all with mobile devices (part of my testing) but it worked fine from the same devices on the cellular data network. It turned out that the issue was because they never bound an IPv4 address to the site, only IPv6.
My ISP assigns both an IPv4 and an IPv6 address to my firewall via DHCP. Opening up a site like whatismyip.com shows that only the IPv4 address is being used.
Is it possible to set up NAT rules that will translate my internal IPv4 network to IPv6 when the destination is an IPv6 address? What are my options here to be able to support both address types for translation?
bartjsmit:
--- Quote from: ember1205 on April 17, 2023, 07:08:41 pm --- What are my options here to be able to support both address types for translation?
--- End quote ---
NAT the IPv4 and allow the IPv6. There is no need for IPv6 NAT. Concentrate on routing the IPv6 internally. You'll likely need RADVD.
You could run a reverse proxy if your ISP doesn't give you static IPv6 delegation but that's just dumb and you should complain. Apply the KISS principle.
Bart...
ember1205:
--- Quote from: bartjsmit on April 18, 2023, 08:07:05 am ---NAT the IPv4 and allow the IPv6. There is no need for IPv6 NAT. Concentrate on routing the IPv6 internally. You'll likely need RADVD.
You could run a reverse proxy if your ISP doesn't give you static IPv6 delegation but that's just dumb and you should complain. Apply the KISS principle.
Bart...
--- End quote ---
I already have NAT in place for IPv4 from my internal LAN to the WAN (using the WAN IPv4 address) and I'm using private IP Address space on my LAN so NAT is required.
It sounds like you're saying that I need to contact the ISP to find out what they are providing to me for IPv6 use on my LAN, and I fully expect they aren't providing anything at all but are only allocating an IPv6 address to the modem because that's something that all of the cable ISP's seem to be doing.
meyergru:
I severely doubt that. Usually, ISPs hand out two IPv6 adress(es):
1. An IPv6 for the router itself (IA_NA)
2. An IPv6 range for the devices behind the router (IA_PD)
Normally, you would request both and on your LAN, you would use "track interface" in the IPv6 configuration. Also, you would use RADVD with a prefix ID for each local subnet / interface.
That way, your LAN devices would pick up IPv6 adresses with the ISP-assigned prefix (plus prefix ID) and could then use native IPv6.
If you do not get a prefix or if you do not want to have IPv6 in your local networks, you could install a squid proxy on your OpnSense and configure your browsers through it, if only the OpnSense itself was IPv6-capable.
ember1205:
--- Quote from: meyergru on April 18, 2023, 03:55:28 pm ---I severely doubt that. Usually, ISPs hand out two IPv6 adress(es):
1. An IPv6 for the router itself (IA_NA)
2. An IPv6 range for the devices behind the router (IA_PD)
Normally, you would request both and on your LAN, you would use "track interface" in the IPv6 configuration. Also, you would use RADVD with a prefix ID for each local subnet / interface.
That way, your LAN devices would pick up IPv6 adresses with the ISP-assigned prefix (plus prefix ID) and could then use native IPv6.
If you do not get a prefix or if you do not want to have IPv6 in your local networks, you could install a squid proxy on your OpnSense and configure your browsers through it, if only the OpnSense itself was IPv6-capable.
--- End quote ---
How does an ISP "hand out" the IP range?
It also sounds like I would need to be running DHCP services on the OpnSense box. If that's the case, then I'm going to wait until we move to invest -any- effort into that at all since the ISP is likely to change anyhow.
Navigation
[0] Message Index
[#] Next page
Go to full version