IPv6 has multiple configuration protocols and I'm not sure I have my
head around them all either. Generally speaking, addressing is handled by a
router because it's supposed to be handing out an address assigned by an
upstream router, so IPs are assigned geographically making large router tables
unnecessary. IPv6 doesn't have NAT so every PC gets a public IP and the
firewall blocks traffic to/from the outside world. So in your case pfSense
should be getting an IPv6 from Comcast, and requesting a subnet from Comcast to
assign to PCs on your LAN.
So if your goal is to have a private IPv6 range on your LAN you should
probably give up on that and just disable IPv6 on pfSense and you're done.
That way PCs can use the Windows domain controller for DNS.
Windows has DHCP for IPv6 but the short version is it won't work...as I
vaguely recall, the spec is something like: because it's not a router, it can
only assign a /128 address and mask, so no PC can talk to other PCs on the LAN.
IPv6s would have to be entered on the PCs manually, or let them get IPv6 from
pfSense...but then you're back to needing DNS to point to the Windows server.
--
Steve Yates
ITS, Inc.
-----Original Message-----
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Michael Munger
Sent: Wednesday, September 20, 2017 11:48 AM
To: list <list@lists.pfsense.org>
Subject: [pfSense] IPv6?
TL;DR - I think pfSense should be blocking DHCP6 requests (or responding
directly), but I am still getting my ISPs IPv6 address for DNS on
machines behind the pfSense firewall. This causes lookup problems since
their DNS server is not reliable. I suspect I have a bad config in my
pfSense firewall (user error), and need guidance on how to resolve this.
Background:
I have severe problems with IPv6. Most of the IPv6 requests time out,
forcing anything that is IPv6 enabled to fall back to IPv4. There's
nothing wrong with IPv4, but, the timeout is supremely annoying.
NOTE: I understand there is a difference between pfSense and DHCP
requests from a client machine. My IPv6 skills are not as strong as my
IPv4 skills, so my solution has been to disable IPv6 on any machine that
has a problem. But that's a bandaid, and not a good solution.
Symptoms:
I seem to be getting a DNS server of
2603:3001:3805:10f0:223:7dff:fe3b:73ac, which is my ISP's DNS Server
(Comcast). I cannot figure out where this is coming from. It appears to
be coming from Comcast, THROUGH pfSense. How is this DHCP request
traversing pfSense to the WAN? I have a local Windows server, with an
fe80:: address, which is a DNS server also. Not sure why this is not
being set as DNS via DHCP6 (different issue).
What I want:
I need to stop the timeouts by controlling where the lookups go (which
servers are getting served in the DHCP6 requests), which cause the
network to bottleneck and request to take forever.
Is there an IPv6 guide / tutorial that I have been unable to find with
Google? I would like to be able to configure pfSense to ignore / block
any upstream DNS servers when DHCP6 requests go out. Or, in the
alternative, control where they go so I can point them at wither my
Windows DNS or a bind9 server (or even the resolver in pfSense).
Perhaps pfSense is forwarding the requests upstream instead of
responding itself?
--
Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certified Small Business Specialist
Digium Certified Asterisk Professional
mich...@highpoweredhelp.com <mailto:mich...@highpoweredhelp.com>
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
