Am 20.05.2021 um 13:04 schrieb tha...@letterboxes.org:
So with this I end up with NAT'd IPv6. Which I thought you weren't supposed to do.
yes, this is ugly and something to avoid when ever possible...
But I guess if I'm going to have private internal IPv6 addresses, either static &/or delegated, then I have to do this somehow.
It depends how ipv6 address space is delegated to you. Her in germany our biggest telco delegates dynamically a /56 subnet which is plenty space for almost everything. Because it is dynamically allocated via dhcp on every new connect, for static service allocation in internal nets we are forced to use ULA address space for internal services and delegate derived subnets from the provider global unicast delegation to clients for internet access.
I keep thinking there's a routing solution that solves this, but I can't figure it out. And your NAT suggestion does fix it for now.
When you recieve only a /64 subnet, this gets gets realy complicated and depends on every involved software which has to support subnets smaller than /64. In this situation you may be better off with a NAT solution. Best wishes _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users