> Le 2 août 2017 à 14:50, Adam Thompson <[email protected]> a écrit : > > Before I dive into details, can anyone confirm that they have 1:1 NAT working > for IPv6 in production?
I have Adam. Configure your WAN using the first /57 from the /56 they give you. For instance: xxxx:xxxx:xxxx:yy00::1/56 for WAN with xxxx:xxxx:xxxx:xxxx:yy00:ffff:ffff:ffff:ffff as gateway. Now use /64 slices of the second /57 slice for your multiple LANs interfaces. For instance: xxxx.xxxx.xxxx.yy81::1/64 for LAN1 xxxx.xxxx.xxxx.yy82::1/64 for LAN2 and so on. ... Then setup NPt as such: On WAN: external xxxx:xxxx:xxxx:yy01::/64 internal xxxx:xxxx:xxxx:yy81::/64 On WAN: external xxxx:xxxx:xxxx:yy01::/64 internal xxxx:xxxx:xxxx:yy81::/64 ... Finally for each single IP to expose to the world, add an IP Alias on WAN as such: xxxx:xxxx:xxxx:yy01::1234/57 The /57 is important in this matter, to get it right. Your xxxx:xxxx:xxxx:yy81::1234 IP (in the xxxx:xxxx:xxxx:yy81::/64 subnet) used internally will properly be reachable (and appear on outgoing connections) as xxxx:xxxx:xxxx:yy01::1234. -- Best Regards, Meilleures salutations, Met vriendelijke groeten, Olivier Mascia, http://integral.software _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
