I'm expanding my knowledge and wanting to learn more about IPv6 in general and enable it's use in the home network.
I'm awfully confused on how it will work with my present network setup.
Keep in mind this is on a home network with a residential ISP. I am able to get a /59 of IPv6 addresses from DHCP6.
IPv4 only setup:
I got this far in enabling IPv6....
The questions I have (more to come!):
I'm really having trouble understanding taking IPv4 NAT practices and converting them to good IPv6 practices and keeping things protected (firewalled) and maintaining wire-speed performance.
I'm awfully confused on how it will work with my present network setup.
Keep in mind this is on a home network with a residential ISP. I am able to get a /59 of IPv6 addresses from DHCP6.
IPv4 only setup:
- pfSense NAT router + DHCP + DNS + NTP
- 4 VLANs with WAN access
- iot - 10.1.3.0/24 - very limited access to WAN (cameras, smart thermostat,
- app -10.1.26.0/24 - Physical and VM server "applications" access
- mgmt - 10.1.1.0/24 - Management VLAN for switch and BMC/DRAC access
- cli - 10.1.10.0/24 - Standard end-device access (laptops, cell phones, ipads, desktops
- ICX 6610-48P switch as each VLAN's primary gateway for L3 routing on the switch
- access-lists on each ve interface as firewall rules (VLAN to VLAN, VLAN/host to WAN, etc.)
I got this far in enabling IPv6....
- Acquired /59 subnet from ISP.
- Set each pfSense VLAN interfaces to "Track Interface", selected the WAN interface to track, and assigned each VLAN a different IPv6 Prefix ID (1-4) (TOTALLY NOT SURE THIS IS RIGHT)
- Only devices on one cli VLAN are getting IPv6 internet addresses
- Enabled IPv6 rules to allow all outbound traffic on the cli VLAN.
The questions I have (more to come!):
- How do I know what IPv6 address to give the ICX6610 interfaces?
- How do I ensure the ICX 6610 will be the L3 router for the LAN/VLAN traffic?
- Should I/how do I configure DHCP6 server on pfSense (currently hosts are getting IPv6 addresses without DHCP6 server enabled) for the above issues?
I'm really having trouble understanding taking IPv4 NAT practices and converting them to good IPv6 practices and keeping things protected (firewalled) and maintaining wire-speed performance.
Last edited: