This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wanted: Make UTM Restrict IPv6 to Selected LAN Hosts - All Other Hosts Use IPv4 Only.

We have added a few internet-connected gadgets and devices to our household over the years. The Sophos UTM Home License is limited to 50 IP addresses. The problem is that both IPv4 and IPv6 addresses count against the 50. It is easy to exceed the limit if we are not careful. So far, the easiest solution is to disable IPv6 at the UTM. 

-> Is there an easy way to configure the UTM so that most devices default to IPv4 only, where I can allow a few selected hosts to run IPv4 and IPv6?

My goal is to reduce the number of total IP address we use, to stay under the Sophos UTM Home License limit.



This thread was automatically locked due to age.
Parents
  • I'd disable it at the client instead.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • By "client" I assume that you mean the various hosts (devices) on the LAN. Most of them are not configurable. The few that are configurable are the computers that I want to have both IPv4 and IPv6. 

    The Question still stands:

    -> How can I configure the UTM so that devices on the LAN default to IPv4 only, other than a few that will be IPv4 and IPv6? I want the solution to work at the UTM, not the individual hosts, most of which are not configurable that way.

Reply
  • By "client" I assume that you mean the various hosts (devices) on the LAN. Most of them are not configurable. The few that are configurable are the computers that I want to have both IPv4 and IPv6. 

    The Question still stands:

    -> How can I configure the UTM so that devices on the LAN default to IPv4 only, other than a few that will be IPv4 and IPv6? I want the solution to work at the UTM, not the individual hosts, most of which are not configurable that way.

Children
  • I can see how this could possibly work with dhcpv6 when you enable the static mappings only option in the dhcp server config.

    You would not have any defined Prefix advertisement in the ipv6 section for that interface - effectively making it dhcpv6 only. The problem with this set up is clients get the same ipv6 each time. With slaac, there's the fixed ipv6 and the temporary one. The temp one is the one that the outside internet sees.  It usually changes every x hours (24 on windows iirc).  If this is not a concern then it should work.

    Also, whois your ISP? What size is the prefix delegation? /48, /56, /60, /64?

  • With respect, this does not seem like a realistic, viable solution. I do want to use the usual temp IPv6 addresses. The few systems that would use IPv6 are the ones that need it the most.

    The ISP is now called Spectrum Internet, which merged with Charter Communications which bought Time Warner Cable which bought RoadRunner. The branch (segment??) here was originally RoadRunner. It is the cable internet.

    I use a single public IPv4 address. The IPv6 prefix here is a /64.