Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


PFSense IPv6 Passthrough?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

PFSense IPv6 Passthrough?

I have a server that is running proxmox. This server I setup a small pfsense nat for a few servers, but the rest connect directly to the internet via proxmox.

Is there anyways I can simply pass IPv6 traffic from the LAN to WAN and vice versa?

Comments

  • I chose to add another nic for VMs and plug them into the wan bridge.

  • @msg7086 said:
    I chose to add another nic for VMs and plug them into the wan bridge.

    I have done that before, wanted something simpler.

  • freerangecloudfreerangecloud Member, Patron Provider

    Look into Proxy NDP (I believe pfSense supports it). Essentially what it will do is have your pfSense WAN interface re-advertise neighbor discovery packets received on the LAN interface.

  • @freerangecloud said:
    Look into Proxy NDP (I believe pfSense supports it). Essentially what it will do is have your pfSense WAN interface re-advertise neighbor discovery packets received on the LAN interface.

    Looking and can't find much.

  • freerangecloudfreerangecloud Member, Patron Provider

    @AlyssaD said:

    @freerangecloud said:
    Look into Proxy NDP (I believe pfSense supports it). Essentially what it will do is have your pfSense WAN interface re-advertise neighbor discovery packets received on the LAN interface.

    Looking and can't find much.

    Did a quick search and found this: https://forum.pfsense.org/index.php?topic=98020.30 looks like pfsense doesn't support proxy NDP. Your best bet is probably a bridge in this case, or see if your provider can route your IPv6 subnet to your pfsense VM.

  • I think I just need to use shorewall instead: http://shorewall.net/manpages6/shorewall6-proxyndp.html

  • msg7086msg7086 Member
    edited February 2018

    With Kimsufi I'm running some IPv6 and NATv4 inside Proxmox, and I'm using npd6 to work with neighbor solicitation requests. I've written down the procedures for my own record, but it may not directly apply to your situation. Try with caution.

  • Did anyone get this working?

  • I use ndppd sometimes on proxmox at kimsufi. The other option if you can live with fewer ipv6 is to use systemd-networkd's built in way of doing this

    $ cat /etc/systemd/network/50-default.network
    [Match]
    MACAddress=Provided-by-ovh-installer
    
    [Network]
    Description=network interface on public network, with default route
    # Omitted
    IPv6ProxyNDPAddress=2001:db8:1200:3400:f::1
    # Repeat for the whole range
    IPv6ProxyNDPAddress=2001:db8:1200:3400:f::f
    
    $ cat /etc/network/interfaces
    # Omitted
    iface vmbr0 inet6 static
        address  2001:db8:1200:3400:f::1
        netmask  122
    

    So above works fine, but when you need a bigger subnet use ndppd. I found auto to not work always, but static works "fine". It will warn you about the subnet size being to big but /shrug .

    $ cat /etc/ndppd.conf
    route-ttl 30000
    address-ttl 30000
    proxy eth0 {
      router yes
      timeout 500
      keepalive yes
      retries 3
      promiscuous no
      ttl 30000
      rule 2001:db8:1200:3400:f::/80 {
        static
    #    auto
      }
    }
    
  • I got it working with PFSense. I forgot the specific configs I used to get it working, but it was eventually possible.

Sign In or Register to comment.