Tuesday, August 11, 2015

pfsense ipv6 router preferences

With the opensource pfsense firewall solution and with ipv6 , you have the luxury to set the  router preferencia in the ICMPv6-RAs. This can help when you have multiple routers available for an lan subnet.

When you have the ipv6 address enabled on a local interface, the  higher preference is used for the network next-hop



In the ICMPv6 RA you can validate the preference. Here's a few examples of a pfSense firewall RT-ADV settings and validations



tcpdump output

router preference  set high  prf

router preference normal prf plus other goodies to include search list and DNS servers






You can not adjust  basic items such as inteval default lifetines, min/max lifetimes, from the webGUI 


You can use the  online pfSense KB for more information & the differences in the mode ( managed,  unmanged, router-only ). Also the tcpdump/tshark output will reflex the bits that are changed and raised in the Router-Advertisements.

https://doc.pfsense.org/index.php/Router_Advertisements

https://en.wikipedia.org/wiki/PfSense


It best to understand the differences of managed , unmanaged, & stateless DHCP,etc.....




Pfsense is one of the coolest opensource network firewall out.



Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
       o 
      /  \

No comments:

Post a Comment