Important

Netgate is offering COVID-19 aid for pfSense software users, learn more.

IPv6 and NAT

Though IPv6 removes most any need for NAT, there are rare situations that call for the use of NAT with IPv6 such as Multi-WAN for IPv6 on residential or small business networks.

Gone is the traditional type of ugly port translated NAT (PAT) where internal addresses are translated using ports on a single external IP address. It is replaced by a straight network address translation called Network Prefix Translation (NPt). This is available in the pfSense® web configurator under Firewall > NAT on the NPt tab. NPt translates one prefix to another. So 2001:db8:1111:2222::/64 translates to * 2001:db8:3333:4444::/64. Though the prefix changes, the remainder of the address will be identical for a given host on that subnet. For more on NPt, see IPv6 Network Prefix Translation (NPt).

There is a mechanism built into IPv6 to access IPv4 hosts using a special address notation, such as ::ffff:192.168.1.1. The behavior of these addresses can vary between OS and application and is unreliable.