WAN and LAN setup for IPv6

henrik242

henrik242

Hi.

We just got a IPv6 /48 range (a gateway and IP address) for our company, but I'm unsure about how to set it up. We use FreeBSD 8.4 (pfSense 2.1) as a router/firewall.

Currently we have IPv4 setup with a WAN towards the internet, and a NAT-ed LAN behind it for office PCs.

We want to keep the LAN network for security, and we want IPv6 addresses from the /48 for all office PCs (without NAT).

The WAN is configured with the IPv6 gateway 1111:2222:3333::1/48 and interface address 1111:2222:3333::2/48. But when it's configured this way, I guess it's impossible to fit the LAN on a /64 within the /48?

I believe I should configure the WAN subnet on 1111:2222:3333:1::/64 and the LAN on a subnet like 1111:2222:3333:2::/64. Is this something I can configure myself, or do I have to ask the ISP to configure that routing for me?
 
henrik242 said:
I believe I should configure the WAN subnet on 1111:2222:3333:1::/64 and the LAN on a subnet like 1111:2222:3333:2::/64. Is this something I can configure myself, or do I have to ask the ISP to configure that routing for me?
Click to expand...
Correct. Yes, and no.
 
This is good to know, thanks, but I'm at loss of how to do it. A couple of hints (using ifconfig and route) would be very helpful.
 
You can try to see if your ISP used DHCP for IPv6 too. Use dhcpc(8) from net/dhcp6 to get an IP address on your WAN interface. Set up rtadvd(8) to supply routing advertisements on your LAN.
 
I think the static setup suits us best, at least if we manage to get it configured correctly.

Current test setup:

WAN gateway 1111:2222:3333::1/48
WAN interface (em3) 1111:2222:3333::2/64
LAN interface (em1) 1111:2222:3333:1::1/64
Test client on LAN 1111:2222:3333:1::abcd/64

netstat -r shows:

Code: 
Destination         Gateway            Flags      Netif Expire
default             1111:2222:3333::1  UGS         em3
localhost           localhost          UH          lo0
1111:2222:3333::    link#4             U           em3
1111:2222:3333::2   link#4             UHS         lo0
1111:2222:3333:1::  link#2             U           em1
1111:2222:3333:1::1 link#2             UHS         lo0

I can ping the WAN gateway from the router. From the test client I can ping the LAN & WAN interfaces, but not the WAN gateway.

If I try to add an explicit route, I get an error:

Code: 
route add -inet6 -net 1111:2222:3333:1::/64 1111:2222:3333::2
route: writing to routing socket: File exists
add net 1111:2222:3333:1::/64: gateway 1111:2222:3333::2: route already in table
 
Make sure routing is turned on for IPv6 too.

Code: 
ipv6_gateway_enable="YES"
 
You must log in or register to reply here.
Back
Top