Using NPt seems to have a strange interaction with some LAN devices
-
My internal network(s) (main LAN, Guest network and DMZ) are all dual stack as is my Internet service. Originally devices on the LAN/Guest/DMZ side had global IPv6 addresses, within the ISP assigned prefix(es), assigned either statically or via DHCP6/SLAAC. This worked fine, but of course has a dependency on the ISP assigned prefix(es).
A few weeks ago I switched to a new ISP (totally different IPv6 prefixes) so in the run up to that I decided to investigate NPt as a way to isolate the internal network from any dependency on the ISP assigned IPv6 prefixes (other than via the single point of admin - the NetGate 6100). I established a suitable NPt setup and it seemed to be working fine except in the case of my two Synology NAS units. They were experiencing some issues...
Before NPt, each NAS unit had:
-
A private IPv6 addresses (let's say for simplicity fd00::N) on the same interface as it's (private) IPv4 address (10.0.200.N). This interface had an IPv6 gateway of fd00::1 (the LAN address of the Netgate.
-
A global IPv6 address assigned within the delegated ISP prefix (2123:4567:891b::N/64) on a separate interface. This interface had a gateway of 2123:4567:891b::1 (a Virtual IP on the netGate LAN interface).
The second interface / address (global) was assigned as the default gateway for IPv6.
This worked just fine (for years in fact).
I then set up NPt on the NetGate to map my local IPv6 prefix (fd00::/64 in this example) to a different ISP delegated prefix (2987:6543:2100::/64). I also added additional firewall rules, alias addresses etc. to allow the required inbound IPv6 connectivity. This worked fine for all my other systems (macOS, Windows, Linux) but when I re-configured the Synology units as follows:
-
Set the local IPv6 interface / address (fd00::N/64 with gw fd00::1) as the default gateway.
-
Disabled IPv6 entirely on the original default interface.
Then the NAS unit lost all public IPv6 connectivity (local still worked of course). If I switched the unit back to the original config then it regained public IPv6 connectivity and all was fine.
This was completely reproducible and I actually opened a ticket with Synology about it but they were at a bit of a loss.
As part of the testing process, while the NAS unit was in the NPt based (non-functional) state I happened to reboot the NetGate unit. After the reboot the NAS units connectivity (via NPt) worked just fine and the issue was solved.
Synology of course say 'it is the fault of the NetGate system', and that might well be the case, but I am not totally convinced and I'd like to understand what might have been going on here.
Anyone have any ideas?
-