Netgate SG-1000 microFirewall

Author Topic: Delegation and NPt  (Read 122 times)

0 Members and 1 Guest are viewing this topic.

Offline vitaprimo

  • Newbie
  • *
  • Posts: 22
  • Karma: +1/-0
    • View Profile
Delegation and NPt
« on: January 18, 2018, 01:22:55 am »
I was setting up a tunnel to a VPS server I lost while restoring a backup to the wrong firewall --in my defense, they looked exactly the same except for the address bar in the browser-- and I landed in the wrong page by accident and noticed my DSL links have a /64 mask on their IPv6 addresses. I'm not using them at all, in fact, IPv6 traffic is block and goes out instead through Hurricane Electric that was kind enough to give me a /48 address space.

In the IPv6 addresses from my ISP each is a full address, the whole eight parts of it--I don't remember if they're also called octets. Anyway, am I really getting a /64 range or a single address in a /64 range along with some other customers from the ISP. The other VDSL2 links from the same ISP don't have the prefix, it is consistent up to the /48 range or "2806:101e:1::". Oh, and my IPv6 gateway on all of the VDSL2 lines is a link-local address.

If I'm really getting full /64 ranges, even though my DSL lines wouldn't cover all of my subnets I could just split a /64 even if it breaks auto-config or some other thing, there's still functional IPv4 after all what I don't have clear is if I use NPt to do so, would pfSense waits to see what address is given to a selected interface to translate from, changes the prefix and then assigns that or is it just like in IPv4 where clients get a always gets non-routable address and NAT translates on the fly with the client keeping said internal address? All the documents I've found aren't clear on this.

The pfSense book lacks a lot of content; I thought the reason it's not on PDF is because it's updated constantly.

Here's what the interface looks like: