I've been using a Gentoo PC with iptables as firewall and router for my LAN since 2011.
https://techfix.me/imgs/LAN_01.png is a crude little network diagram.
The Gentoo PC, hostname router, is in the storm shelter under the house, serving as a little DC. It has one NIC (wan0) connected to the Spectrum cable modem, the second NIC (vlan54) connected to a switch then a WAP, and the third NIC (vlan100) connected to the switch and from there 3 cables to 3 servers, and another cable to a switch in my home office for wired computers there.
On 2023-12-13 I got a public /64 for each of the VLAN interfaces, and a /128 for the WAN.
Code:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: vlan54: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2603:9004:703:e87e::1/64 scope global dynamic noprefixroute
valid_lft 1696sec preferred_lft 1696sec
inet6 fe80::6e62:6dff:fef3:27a8/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
3: vlan100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2603:9004:701:ba81::1/64 scope global dynamic noprefixroute
valid_lft 424284sec preferred_lft 424284sec
inet6 fe80::6a05:caff:fe03:55d/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
4: wan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2603:9004:ff00:7:c168:eeaa:1757:1662/128 scope global dynamic noprefixroute
valid_lft 604696sec preferred_lft 604696sec
inet6 fe80::e49f:9ecd:84c2:38a6/64 scope link
valid_lft forever preferred_lft forever
However, I made some change after that and can not figure out how to get a public /64 for more than one of the VLAN interfaces.
Right now this is what I have for the interfaces:
Code:
mingdao@router ~ $ ip -6 a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: vlan54: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2603:9004:800:38a6::1/64 scope global dynamic noprefixroute
valid_lft 369825sec preferred_lft 369825sec
inet6 fe80::6e62:6dff:fef3:27a8/64 scope link
valid_lft forever preferred_lft forever
3: vlan100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::6a05:caff:fe03:55d/64 scope link
valid_lft forever preferred_lft forever
4: wan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2603:9004:ff00:8:a0f9:4cb7:c7f4:a7e2/128 scope global dynamic noprefixroute
valid_lft 585257sec preferred_lft 585257sec
inet6 fe80::6a05:caff:fe03:550/64 scope link
valid_lft forever preferred_lft forever
mingdao@router ~ $ ip -6 r s
2603:9004:800:38a6::/64 dev vlan54 proto dhcp metric 1002 pref medium
fe80::/64 dev wan0 proto kernel metric 256 pref medium
fe80::/64 dev vlan54 proto kernel metric 256 pref medium
fe80::/64 dev vlan100 proto kernel metric 256 pref medium
default via fe80::7201:b5ff:fecd:9c19 dev wan0 proto ra metric 4 mtu 1500 pref high
mingdao@router ~ $ ip -6 neigh
fe80::1c42:dc51:5ea6:2c59 dev vlan54 lladdr 46:70:41:8f:27:f7 STALE
2603:9004:800:38a6:8111:e55f:69cd:a0fa dev vlan54 FAILED
fe80::1438:a06c:70d8:806b dev vlan54 lladdr ce:23:2e:79:ed:6c STALE
fe80::264b:feff:fe93:3f4e dev vlan100 lladdr 24:4b:fe:93:3f:4e STALE
fe80::87e:5116:1e49:6441 dev vlan54 lladdr ae:30:d9:c8:93:8f STALE
fe80::6a05:caff:fe03:550 dev wan0 lladdr 68:05:ca:03:05:50 STALE
fe80::42a8:f0ff:fe21:b55c dev vlan100 lladdr 40:a8:f0:21:b5:5c STALE
fe80::821:4421:e84f:2b50 dev vlan54 lladdr 42:8c:c4:5b:17:d7 STALE
fe80::b273:9cff:feae:9f0a dev vlan54 lladdr b0:73:9c:ae:9f:0a STALE
fe80::7201:b5ff:fecd:9c19 dev wan0 lladdr 70:01:b5:cd:9c:19 router REACHABLE
The present files /etc/dhcdcd.conf and /etc/radvd.conf attached.
This is in /etc/sysctl.conf
Code:
router # grep net.ipv6 /etc/sysctl.conf
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.wan0.accept_ra = 2
#####net.ipv6.conf.all.use_tempaddr = 0
#####net.ipv6.conf.default.use_tempaddr = 0
