Project

General

Profile

Feature #2358

NAT64 Support

Added by Seth Mos over 7 years ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
04/08/2012
Due date:
% Done:

0%

Estimated time:

Description

History

#1 Updated by Mathieu Mourez about 6 years ago

UPVOTE. It would be really nice to have these capabilities built into pfSense. The Viagenie implementation is nice and stateful and apparently already works on pf under OpenBSD 4.6.

#2 Updated by Andreas Peetz almost 6 years ago

UPVOTE. I really like to be able to run my network with IPv6 only and make legacy IPv4 site available through NAT64.

#3 Updated by Chris Buechler over 5 years ago

  • Subject changed from NAT64 gateway Support to NAT64 Support
  • Category changed from Interfaces to Rules / NAT
  • Priority changed from Low to Normal
  • Target version deleted (2.2)
  • Affected Version changed from 2.2 to 2.1-IPv6

#4 Updated by Rodrigo Ferraz over 4 years ago

UPVOTE. Since most ISPs are already turning IPv6 into reality on many homes and work places around the world, this feature has become a must for pfSense. I would like to kindly ask for the priority of this feature to be raised.

#5 Updated by Acacio Cruz over 4 years ago

UPVOTE
UPC Cablecom in Switzerland just became a "IPv6 only" ISP last month. (IPv6 Dual Stack Lite)
https://support-en.upc-cablecom.ch/app/answers/detail/a_id/1251/~/information-on-ipv6-ds-lite

#6 Updated by Alex Kolesnik over 3 years ago

UPVOTE

#7 Updated by Tom . over 3 years ago

UPVOTE. I'd love to be able to set up an IPv6-only network and just use NAT64 to redirect old requests.

#8 Updated by Nicolas Vollmar about 3 years ago

UPVOTE
My new ISP provides native IPv6 and I would prefere not to have configuring my hole network with IPv4 if I could just setup my pf sense to do the NAT64 instead.

#9 Updated by Martin Hansen about 3 years ago

UPVOTE, word up on this. It should be prioritized significantly.

#10 Updated by Greg M about 3 years ago

UPVOTE

#11 Updated by Luiz Souza about 3 years ago

  • Assignee set to Luiz Souza
  • Target version set to Future

#12 Updated by Luiz Souza about 3 years ago

Too late for 2.4.0...

#13 Updated by DB Tsai almost 3 years ago

UPVOTE!

First of all, thank you for the great open source firewall product. As Apple starts to require all the new apps have to work under NAT64, pfSense will be a good experimenting platform if pfSense supports it natively. As far as I know, NAT64 feature was merged into the FreeBSD upstream, so it's possible that pfSense can support it without too much effort. I wonder if there is any plan that pfSense can support DNS64/NAT64 in the nearly future?

This will be a very important feature for many frustrated ios app developers who can not easily reproduce NAT64 environment in house. Thanks.

#14 Updated by Joel Whitehouse almost 3 years ago

Would like to see support for NAT64/DNS64 in pfsense. Deployment of DNS64 outside of the gateway is somewhat convoluted, requiring additional hardware, and adds latency to DDNS lookups (since the DNS requests would have to go through a separate host before going to pfsense.) It would be ideal for pfsense to integrate these services.

#15 Updated by Arthur Wiebe almost 3 years ago

Google offers a public DNS64 resolver https://developers.google.com/speed/public-dns/docs/dns64 so if we could get NAT64 working in pfSense that would already be a workable start.

#16 Updated by Scott Rosenberg over 2 years ago

Joel Whitehouse wrote:

Would like to see support for NAT64/DNS64 in pfsense. Deployment of DNS64 outside of the gateway is somewhat convoluted, requiring additional hardware, and adds latency to DDNS lookups (since the DNS requests would have to go through a separate host before going to pfsense.) It would be ideal for pfsense to integrate these services.

I'd also like to voice my support for this integration

#17 Updated by Scott Rosenberg over 2 years ago

UPVOTE!
I'd also like to voice my support for this integration

#18 Updated by EDUARDO CERQUEIRA DA SILVA over 2 years ago

I would like to see this important functionality

#19 Updated by Dmitri Toubelis over 2 years ago

UPVOTE!!!
We are switching several of our subnets from dual-stack to pure IPv6 and NAT64/DNS64 is not optional for us any longer. Having this feature on the gateway would hep us immensely.

#20 Updated by Landon Wubbels over 2 years ago

Upvote

#21 Updated by Arthur Wiebe over 2 years ago

For those who'd like to do something now, I've finished testing a setup using TAYGA on a separate virtual machine with pfSense on the gateway. Detailed instructions are available here https://blog.artooro.com/2017/05/02/nat64-how-to-with-pfsense-and-tayga/ it seems to be working very well in my environment.

#22 Updated by Brandon Jackson over 2 years ago

Upvote. Even if just NAT64, as other have said Google has DNS64 and also BIND can be installed and it is pretty simple to setup DNS64 on it too.

#24 Updated by Marco Vaschetto almost 2 years ago

UPVOTE!!

at the moment I have to use an external router to do this!

#25 Updated by Isaac McDonald over 1 year ago

I would like to see this added as well. Large companies such as Microsoft are using NAT64 and going IPv6 only because they've run out of RFC 1918 addresses.

T-Mobile in America is another one. Phones on TMO's network only get an IPV6 address with all IPv4 traffic going through NAT64.

Here's an interesting article regarding Microsofts efforts to implement a pure IPv6 network using NAT64: [[https://blog.apnic.net/2017/01/19/ipv6-only-at-microsoft/]]

#26 Updated by Peek Around over 1 year ago

Bump + UpVote !

#27 Updated by Talyrius Bekhesh over 1 year ago

UPVOTE

#28 Updated by Dmitriy K over 1 year ago

TRIPLE UPVOTE!

#29 Updated by Sean Harlow over 1 year ago

Another upvote. At some point in the future we're going to start having needs for v6-only networks. For some of the larger networks that time may already be here. It'd be really nice to be able to start testing these things before we actually need them.

#30 Updated by Brandon Jackson 12 months ago

Just noticed, it looks like Unbound (DNS Resolver) supports DNS64 as well (plus BIND/named if you want to use that), so that plus FreeBSD's ipfw_nat64 kernel module should mean everything that is needed is there.

#31 Updated by Rick Coats 7 months ago

I was disappointed that this has not been at least added to the roadmap for 2.5. It seems as though Netgate didn't catch the news about software developers for Apple have to be verified to work in a NAT64.

#32 Updated by Martin GrĂ¼ning 4 months ago

Another upvote. Would ease migration to IPv6-only LAN tremendously.

#33 Updated by Chris Collins about 1 month ago

UPVOTE here, put politics aside please, regardless if you hate NAT or not, this feature should at least be added.

Its now supported in baseline FreeBSD using ipfw. For PF it may never come tho due to the decision to not follow openbsd code on that.

Its two clear use cases are to prevent outgoing ipv6 dns/ntp leaks gracefully and also for single stacked ipv6 clients able to translate to outgoing ipv4.

#34 Updated by Bipin Chandra about 1 month ago

UPVOTE - we need this feature desperately and if this isnt coming then it will be a deciding point for us to move to a different firewall that supports this after being with pfsense for so long and having installed it on n number of systems

#35 Updated by Dmitri Toubelis about 1 month ago

Bipin Chandra wrote:

UPVOTE - we need this feature desperately and if this isn't coming then it will be a deciding point for us to move to a different firewall that supports this after being with pfsense for so long and having installed it on n number of systems

Just move on to a different platform, this is what we did. This issue is open for 7 years now and I voted for it 2 years ago, so it is obvious that maintainers either have no idea how important this feature is or don't have anyone with enough understanding to implement it. pfSense is a decent product but people have businesses to run.

Also available in: Atom PDF