[quote author=shamrock link=topic=32591.msg168328#msg168328 date=1295912580
I have for my home network:
- 8 external, globally routable, static IPv4 addresses. I do not have my own subnet. I am assigned eight
addresses out of a /24 via an ADSL bridge to my ISP.
No idea how that works. Sounds a bit odd. I assume I can skip the ipv4 parts of this config.
- all of the above, plus:
- ability for my external boxes to connect out to the Internet and be
connected to from the Internet using static IPv6 in addition to the
static IPv4 addresses they already have.
If your isp hands you a v6 /64 netblock for the wan interface and routes you a /56 or /48 v6 networkr for behind pfSense you are good to go. This is more dependent on what the ISP will give you. If they are scrooges you get a /64 for behind pfSense.
- ability for my internal boxes to connect out to the Internet from
behind the NAT using both IPv4 and IPv6.
Didn't you get the memo that IPv6 has no NAT?
- prevent any connections from the Internet to the internal boxes, be
that via IPv4 (a function of the NAT) or IPv6.
Same as it always is, unless you create rules on the WAN to allow traffic in, LAN hosts wouldn't be reachable.
- local DNS for both IPv4 and IPv6 provided by pfSense.
Dnsmasq already works fine on v4 and v6 just fine?
- must work with Hurricane Electric IPv6 tunnels. Should work with similar IPv6 tunnels from other providers.
Currently only works with Hurrican Electric tunnels. See my howto at http://iserv.nl/files/pfsense/ipv6/
- 4GB flash image that does ALL of the above.
- submission of your patches to the pfSense maintainers.
Although I don't build any images, there is no reason why gitsyncing my v6 branch over an existing install wouldn't work. Changes have been made so that you can gitsync on NanoBSD images now as well.
At some point the code tree will be folded and part of the snapshots as usual.