Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Can you "port forward" ipv6 when clients have IPs from SLAAC?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Can you "port forward" ipv6 when clients have IPs from SLAAC? (Read 901 times)
flac_rules
Newbie
Posts: 17
Karma: 0
Can you "port forward" ipv6 when clients have IPs from SLAAC?
«
on:
June 03, 2024, 09:06:13 pm »
I don't know that much about ipv6, but i have setup where i get a /48 network, and i have made a /64 network "internally", and the clients get their IPs "themselves" with SLACC (if i understand correctly). I can make a firewall rule to let through a port to the IP. But can make OPNsense change the port? That is send something from port 2000 on wan to port 1000 on the LAN for instance? With IPv4 i would just use port forward.
Bonus question, is there a way to see the ipv6-adresses on my clients on the LAN?
Logged
meyergru
Hero Member
Posts: 1697
Karma: 167
IT Aficionado
Re: Can you "port forward" ipv6 when clients have IPs from SLAAC?
«
Reply #1 on:
June 03, 2024, 10:25:03 pm »
Read a little bit on IPv6 before you go on. These are very basic questions. With IPv6, you neither want to nor can do port forwarding, much less port translation. And you can "see" your devices either by assigning them IPv6 addresses based on their MAC or DUID via DHCPv6 or even easier, they get an IPv6 based on their EUI-64, which itself contains the MAC.
However, with dynamic IPv6 prefixes, things get a little more problematic, because then you would have to make them addressable by name via dynamic DNS. I wrote something about this
here
.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
flac_rules
Newbie
Posts: 17
Karma: 0
Re: Can you "port forward" ipv6 when clients have IPs from SLAAC?
«
Reply #2 on:
June 04, 2024, 08:12:17 am »
Thanks, but why should I not do port translation? In the info you linked to it says:
"c. You can translate ports, even with IPv6."
"c. can be a security plus, because IPv4 port scanners will find it harder to identify services on non-standard ports."
Wouldn't this apply here?
Logged
meyergru
Hero Member
Posts: 1697
Karma: 167
IT Aficionado
Re: Can you "port forward" ipv6 when clients have IPs from SLAAC?
«
Reply #3 on:
June 04, 2024, 10:18:56 am »
No. The second point refers to IPv4.
While you can do port translation with IPv6, it is useless, because the IPv6 address room is so vast that port-scanning is not feasible anyway. As I said, read more about IPv6 - it differs
a lot
from IPv4.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Greg_E
Sr. Member
Posts: 342
Karma: 19
Re: Can you "port forward" ipv6 when clients have IPs from SLAAC?
«
Reply #4 on:
June 04, 2024, 03:27:35 pm »
Let me add this... I know enough about ipv6 to know that I couldn't offer any help here. I need to study this topic because I obviously need to know more.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Can you "port forward" ipv6 when clients have IPs from SLAAC?