On 2017-10-04, lists+m...@ggp2.com <lists+m...@ggp2.com> wrote:
> Hello all!
>
> I'm new to ipv6, and was hoping that someone could check my
> understanding of the af-to option.
>
> My ISP has given me a /64 block - say 1234:1234:1234:5d6f:/64
>
> I have a subnet of servers that are ipv4-only, and want to use the af-to
> option to provide some of these servers with ipv6 addresses. I did not
> have luck with auto-translation, but don't really need it. I just want
> to map 1 ipv6 external ip to 1 ipv4 ip.
>
> The rule I came up with is:
>
> pass in quick on egress inet6 proto { tcp udp } from any to \
> 1234:1234:1234:5d6f::ffff:a65:64 port dns af-to inet \
> from 10.101.0.1 to 10.101.0.100 port dns
>
> Is there anything inherently wrong with doing it this way? I ask,
> because all the examples I've seen so far are dealing with entire
> subnets.
No, that makes sense.
> One more off-topic question... my ISP has given me a /64. It's my
> understanding that rtadvd is unable to work with anything smaller than
> that -- eg if I wanted to split out several /96's on the internal
> interfaces?
SLAAC requires /64 interfaces. Does your ISP *only* give a /64? Many will
give a larger block using DHCPv6-PD (e.g. following Broadband Forum TR-187).
