view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
I'll try this when I get a chance. Off the top of my head, why did you set the prefix to 0x1? I was under the impression that it only needs to be set if there are multiple vlans and what are your rules for the WAN side of the firewall? My LAN interface is only getting an LLA so maybe it's being blocked from communicating with the ISP router.
Prefix ID of 0x1 means "Use the first prefix available in the block as a /64 for the LAN". Essentially your ISP probably gave you a /48, /56, or /60. The firewall is giving prefix IDs to all of the /64s you can fit inside of one of these and allocating them numbers 1 through whatever. Each LAN you have can have its own prefix ID. A /60 has 16 /64 networks that you can subnet it into.
I have multiple VLANs, 0x1 is my LAN and 0x10 is my DMZ for example. I then get IP addresses abcd:abcd:a01::abcd in my LAN and abcd:abcd:a10::bcdf in my DMZ.
However, I get a /56 from my ISP wich gets subnetted into /64. I heard it's not ideal to subnet a /64 but you might want to double check what you really got.
Only IPv4 + IPv6 ICMP, the normal NAT rules for IPv4 and the same rules for IPv6 but as regular rule instead of NAT rule.
If you enable DHCPv6 in your network your firewall should be the one to hand out IP addresses, your ISP assigns your OPNsense the prefix and your OPNsense then subnets them into smaller chunks for your internal networks.
It is possible to do it without DHCPv6 but I didn't read into it yet since DHCPv6 does exactly what I want it to do.