Is there a way to force pfSense to do NAT for IPv6? If so then we could make it work. I understand that's not the point of IPv6 but...
-- Steve Yates ITS, Inc. -----Original Message----- From: List [mailto:[email protected]] On Behalf Of Moshe Katz Sent: Thursday, May 19, 2016 2:13 PM To: pfSense Support and Discussion Mailing List <[email protected]> Subject: Re: [pfSense] IPv6 with Comcast and two pfSense - invalid prefix length, XID mismatch I'm going to have to guess that you are out of luck for IPv6 then. If you find anyone at Comcast who is 1) capable of understanding technical feedback, 2) receptive to such feedback, and 3) high enough up the chain of command to make things happen, I'd be happy to join a campaign to convince that person to get this fixed. Moshe P. S. Something tells me that we will have moved on to IPv6 or IPv8 (or maybe even abandoned IP entirely for something else) by the time anything happens to get this fixed. This is Comcast we're talking about after all, a multi-year winner and runner-up of Consumerist's "Golden Poo Award" for worst company in America. -- Moshe Katz -- [email protected] -- +1(301)867-3732 On Thu, May 19, 2016 at 2:49 PM, Steve Yates <[email protected]> wrote: > I neglected to mention it but I did find and read many > articles on Comcast modem support. As a whole the posts were rather > conflicting and confused so it seemed that it may or may not > work...older posts were more likely to say it wasn't working. > > We do have a static IPv4 block. Sadly a few years ago when we > tried to increase speeds we were down for a time because their other > non-SMC modem couldn't handle static IPs reliably and they had to > scrounge for an SMC box for us. I inferred the techs knew this but > Comcast was switching modems anyway. So, I'm hesitant to ask for a different > one. > :-/ Maybe it is different now. > > I don't see anything in the SMC interface about a firmware > update. It's Comcast branded so I assume their firmware. Maybe we'd > have to call. It has v 3.1.6.57 now. > > The SMC does show an IPv6 address, LAN DHCPv6 enabled with a > range, and has an "External Router Delegated Prefix" section that is > empty. The building router gets its IP from that range. The SMC has > a different WAN IPv6 address in 2001:558:...::/64. At the bottom of > its Gateway Summary/Network tab I see: > > LAN IPv6 Prefixs Delegations 2601:249:xxxx:yyyy::/64 > > ...with the LAN IP range. (yes, it is spelled "prefixs") > > -- > > Steve Yates > ITS, Inc. > > -----Original Message----- > From: List [mailto:[email protected]] On Behalf Of Moshe > Katz > Sent: Wednesday, May 18, 2016 10:10 PM > To: pfSense Support and Discussion Mailing List > <[email protected]> > Subject: Re: [pfSense] IPv6 with Comcast and two pfSense - invalid > prefix length, XID mismatch > > On Wed, May 18, 2016 at 7:14 PM, Steve Yates <[email protected]> wrote: > > > We have an application with a Comcast-provided SMC router and two > > pfSense routers (Comcast <- building <- tenant). The building > > router > > (v2.3.0) gets an IPv6 address and can ping out. However in its DHCP > logs I see: > > > > dhcp6c invalid prefix length 64 + 4 + 64 > > dhcp6c XID mismatch (several of these) > > > > Am I correct that "invalid prefix length" means the Comcast router > > isn't delegating a /60 properly? I have it set: > > > > DHCPv6 Prefix Delegation size 60 > > Send IPv6 prefix hint checked > > > > If I as for a /56 I get "invalid prefix length 64 + 8 + 64." > > > > My second question was going to be about getting IPv6 to the PCs > > inside the tenant router but unless I'm mistaken I need a couple > > more > > /64 networks for that (what a waste of IPs...I know there's a lot > > but > still...). > > > > Thanks, > > > > Steve Yates > > ITS, Inc. > > > > > > Comcast's support documents claim that "Business IP Gateway" devices > (a.k.a. your SMC modem/router) are allocated a /56. However, there > seem to be indications on Comcast's forums and other networking forums > that they aren't doing that properly on certain models with certain > firmware. (One example is > > http://forums.businesshelp.comcast.com/t5/IPV6/Dual-Stack-on-SMC-D3GCC > R-and-Cisco-DPC3939B/td-p/20504/page/2 > is from over a year ago, but that could still be an issue now given > the speed which these companies release firmware updates.) > > Can you check if there is a firmware update for the SMC box? > > Is there any way to check in the settings of the SMC box to see what > it got from Comcast? None of my customers are using that model at the > moment, so I can't tell you where to look. > > If you do not have static IPs from Comcast, your best option is > probably to replace the Comcast-provided router with a Motorola/Arris > Surfboard modem and have the building pfSense talk directly to Comcast > through that. > However, for some reason that defies all logical explanation, Comcast > will not let you BYOM if you use static IPs. > > Some people (also mentioned in the forum link above) have gotten > prefix delegation to work by asking Comcast to switch their SMC router > for a Netgear one. > > -- > Moshe Katz > -- [email protected] > -- +1(301)867-3732 > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
