![]() ![]() If you are also using eth2 for a second LAN port, you’ll need to use the prefix-id :1 for that interface. In short, we’re telling eth1 (WAN) to provide prefix-delegation to eth0 (LAN). Set dhcpv6-pd pd 0 interface eth0 service slaacĮth0 and eth1 are both referenced above, be sure to note the correct interface. Set dhcpv6-pd pd 0 interface eth0 prefix-id :0 Set dhcpv6-pd pd 0 interface eth0 host-address ::1 Note: We’ll be using SLAAC (Stateless Address Autoconfiguration) instead of stateful DHCP (which is how IPv4 DHCP works). The two most common lengths appear to /56 and /64 (WebPass uses the latter). You may need to manually discover the prefix length that your ISP provides. Now we’ll request IPv6 addresses from our ISP. Set interfaces ethernet eth1 firewall local ipv6-name WAN6_LOCALĪgain, it’s important to note that we had to explicitly allow ICMP and DHCPv6. Now attach the policies to your WAN interface: set interfaces ethernet eth1 firewall in ipv6-name WAN6_IN Set rule 40 description "allow DHCPv6 client/server" Set rule 30 protocol icmpv6set rule 40 action accept Now create a policy for WAN->Router (aka local): edit firewall ipv6-name WAN6_LOCAL Set rule 20 state invalid enableset rule 30 action accept Set rule 20 description "drop invalid packets" ![]() Set rule 10 state related enableset rule 20 action drop Set rule 10 description "allow established" Set default-action dropset rule 10 action accept Unlike IPv4, there will be no NAT’ing.Ĭompared to our IPv4 firewall rules, there is one important difference: we need to permit ICMPv6 and DHCP in order for DHCPv6-PD to function.Ĭreate a policy for WAN->LAN Clients: edit firewall ipv6-name WAN6_IN But, there is a new wizard as of this release which may work for the most basic case.ĮdgeMax software version: 1.9.0 (works for 1.7.0 and above)įirst, it’s important that we setup the firewall as the default policy is “accept” and your LAN clients will have routable IPs. Note: As of EdgeMax v1.9.0, most IPv6 functionality is not available via the GUI. Were one to follow this as a guide, the results should be functioning IPv6 on the WAN and LAN side. Without further ado (or a whole lot of ado below) here is Bradley Heilbrun’s explanation.īelow are the commands and my thoughts on setting up IPv6 on a Ubiquiti Networks EdgeRouter Lite (ERLite-3). This was extremely helpful in getting AT&T’s allotted IPv6 subnet(?) (properly called: delegated prefix) setup in my EdgeRouter 4, although I wound up having to use the web interface and configuring the same settings within the Config section. I’m archiving this information for future reference because I (or others) may need it. Update: for a newer version of this information set within the Config Tree portion of the web interface of the EdgeRouter 4, read this post, with pictures and all! □ ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |