IPv6 and NAT

Though IPv6 removes most any need for NAT, there are rare situations that call for the use of NAT with IPv6 such as Multi-WAN for IPv6 on residential or small business networks.

Gone is the traditional type of ugly port translated NAT (PAT) where internal addresses are translated using ports on a single external IP address. It is replaced by a straight network address translation called Network Prefix Translation (NPt). This is available in the pfSense® web configurator under Firewall > NAT on the NPt tab. NPt translates one prefix to another. So 2001:db8:1111:2222::/64 translates to 2001:db8:3333:4444::/64. Though the prefix changes, the remainder of the address will be identical for a given host on that subnet. For more on NPt, see IPv6 Network Prefix Translation (NPt).

There is a mechanism built into IPv6 to access IPv4 hosts using a special address notation, such as ::ffff:192.168.1.1. The behavior of these addresses can vary between OS and application and is unreliable.