[Tutorial] How to Secure and Implement Internal IPv6 NAT66/NPt

Started by millerwissen, June 17, 2025, 03:11:13 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
November 03, 2025, 07:28:52 PM #15 Last Edit: November 03, 2025, 07:58:25 PM by Kets_One
Thanks. I didnt express myself clearly which is important with these complicated matters ;)
So far the following is updated and working:

- Created virtual IPv6 address f777::1 instead of fd07::1 to prevent IPv4 preference as described in your first post.
- Setup of NAT66 to translate all routable addresses of LAN devices (other than the servers) to a virtual IPv6 routable address based on /64 prefix from ISP. Suffix is not based on a MAC address. Does it matter what suffix i choose? Just the first address in the range (::1) or last or aything?
I think it would be good to regularly rotate the address. Is there a way to do this automatically?
- Setup of floating FW block rules for the f000/4 address space as well as allow rules for the ff and fe ranges (as in your example).

I plan to see how this works for a while.
Deciso dec3840: EPYC Embedded 3101, 16GB RAM, 512GB NVMe
Print
Go Up Pages 1 2
User actions