We just got a IPv6 /48 range (a gateway and an IP address) for our company, but I'm unsure about how to set it up. We use FreeBSD 8.4 (pfSense 2.1) as a router/firewall.
Currently we have IPv4 setup with a WAN towards the internet, and a NAT-ed LAN behind it for office PCs.
We want to keep the LAN network for security, and we want IPv6 addresses from the /48 for all office PCs (without NAT).
The WAN is configured with the IPv6 gateway 1111:2222:3333::1/48 and interface address 1111:2222:3333::2/48. But when it's configured this way, I guess it's impossible to fit the LAN on a /64 within the /48?
I believe I should configure the WAN subnet on 1111:2222:3333:1::/64 and the LAN on a subnet like 1111:2222:3333:2::/64. Is this something I can configure myself, or do I have to ask the ISP to configure that routing for me?
Current test setup:
- WAN gateway 1111:2222:3333::1/48
- WAN interface (em3) 1111:2222:3333::2/64
- LAN interface (em1) 1111:2222:3333:1::1/64
- Test client on LAN 1111:2222:3333:1::abcd/64
netstat -r shows:
Destination Gateway Flags Netif Expire
default 1111:2222:3333::1 UGS em3
localhost localhost UH lo0
1111:2222:3333:: link#4 U em3
1111:2222:3333::2 link#4 UHS lo0
1111:2222:3333:1:: link#2 U em1
1111:2222:3333:1::1 link#2 UHS lo0
I can ping the WAN gateway from the router. From the test client I can ping the LAN & WAN interfaces, but not the WAN gateway.
If I try to add an explicit route, I get an error:
$ route add -inet6 -net 1111:2222:3333:1::/64 1111:2222:3333::2
route: writing to routing socket: File exists
add net 1111:2222:3333:1::/64: gateway 1111:2222:3333::2: route already in table
No comments:
Post a Comment