I have IPv6 (other provider) on my Cable

Vetal
Vetal Posts: 4 ✭✭
edited January 2 in Internet

I've been setting up my pfSense on the new MiniPC. I noticed on freshly installed pfSense that there is a public IPv6 address assigned from the provider side

So, I enabled IPv6 and everything is working right without a noticeable difference in latency between IPv6 and IPv4

Only thing I set up is a monitor IP IP for the IPv6 Wan gateway to "become green"

2606:4700:4700::1111

Which is a "1.1.1.1" analog for IPv6

On OpenWRT AP I had to set up a LAN6 interface, which was kind of automatic. Now all Ipv6 capable devices are working just fine

I think, it is /56 prefix allocated, yet to confirm this

pfSense comes without ingoing rules allowing ingoing traffic by default, so it is safe from this standpoint. Hence there is no NAT, acting as a "lame protection" for Ipv4.

Make sure your hosts are protected by your personal firewall. Once IPv6 is enabled, every device is on a personal global IP. With a firewall, the only thing protecting you. No, no NAT (farewell hack), no need for IPv6.

I am not sure about Fizz modem, I use it in bridge (dumb) mode without NAT, firewall or WiFi. Use Chat GPT or Perplexity to inquire about your router

Answers

  • elena code xzi4t
    elena code xzi4t Posts: 9,369 ✭✭

    you get a public ipv6 for each device?
    I will check on my router I never did, since my local network still in ipv6

  • Shmutz
    Shmutz Posts: 10 ✭✭

    Awesome,

    Thanks for sharing.

    I was wondering if I should redeploy my pfsense.

  • Vetal
    Vetal Posts: 4 ✭✭

    Yes, each device got public IPs. E.g., Windows has a global public internal IP as well as global temporary IP it is reaching internet with. This is a standard privacy extension

    So, Ubuntu server, cell phone, every PC at home. There is plenty of space under /56 or /64

  • Vetal
    Vetal Posts: 4 ✭✭
    edited December 2024
    https://forum.fizz.ca/en/discussion/comment/6958823#Comment_6958823

    Just enable DHCP6 on WAN with /56 prefix. No need to reinstall.

    And set some reliable IPv6 in routing for a probing (Monitor IP)

    Everything else Perplexity suggested been already there

    I set up a new device via saved config file, renaming my parent VLAN interface if the device has a different network card vendor. Never needed a reinstall from scratch. It is sucks for pfSense, no Terraform or any automated way of doing it as code

  • Bennnnq
    Bennnnq Posts: 562 ✭✭
    https://forum.fizz.ca/en/discussion/comment/6958828#Comment_6958828

    Thanks for the information.

This discussion has been closed.

Categories