Sunday, November 09, 2025

Configuring IPv6 on pfSense Behind an AT&T BGW210 Gateway

 

How I Configured IPv6 on My Home Network Using pfSense and an AT&T BGW210 Gateway

Introduction

IPv6 adoption has been steadily growing, and configuring it correctly in a home network can improve gaming, streaming, and overall connectivity. In this post, I’ll walk through how I set up IPv6 on a pfSense router behind an AT&T BGW210 gateway. This setup provides fully functional IPv6 for all devices on the LAN while keeping the network secure.

Network Overview

  • ISP: AT&T U-verse

  • Gateway/Modem: AT&T BGW210 (model 700 series)

  • Router: pfSense 2.7.2-RELEASE

  • LAN Devices: Mix of macOS, Windows, and smart home devices

  • IPv6 Goal: Enable full IPv6 connectivity for LAN devices, including gaming and VoIP, with minimal configuration and proper inbound/outbound traffic control.

Key IPv6 Challenges with BGW210

The BGW210 is a typical AT&T gateway, which presents a few unique challenges:

  1. It provides only a single /64 IPv6 subnet to downstream routers in IP Passthrough mode.

  2. It does not support full prefix delegation to multiple LAN subnets.

  3. The WAN interface of pfSense receives a single IPv6 address, and the delegated prefix is “virtual” — pfSense cannot track it automatically.

As a result, a standard Track Interface setup won’t work. Instead, we assign a static IPv6 to the pfSense LAN interface and use Router Advertisements (RA) to let clients auto-configure their own addresses.

pfSense IPv6 Configuration

WAN Interface

  • IPv6 Configuration Type: DHCP6

  • Do Not Wait for RA: Checked (required for AT&T)

  • Prefix Delegation Size: 60 (ignored by AT&T, still recommended)

  • Send IPv6 Prefix Hint: Checked

  • IPv4 as Parent: Checked

  • Firewall Consideration: Allow ICMPv6 inbound (all types recommended for proper connectivity)

LAN Interface

  • IPv6 Configuration Type: Static IPv6

  • IPv6 Address: 2600:xxxx:xxxx::1/64 (redacted example)

  • Router Advertisements (RA) Mode: Assisted

  • DNS via RA: Enabled, mirrored from DHCPv6

Notes:

  • Prefix length /64 is required.

  • Clients receive addresses automatically via SLAAC.

  • Temporary privacy addresses are generated automatically by macOS, Windows, etc.

Firewall Rules

LAN (Outbound)

  • Rule Type: Pass

  • Address Family: IPv4 + IPv6 (combined)

  • Protocol: Any

  • Source: LAN net

  • Destination: Any

WAN (Inbound)

  • Allow ICMPv6: Protocol ICMP, Type: any (ensures RA, NDP, and PMTU work)

  • Optional: Specific TCP/UDP ports for gaming or VoIP

NAT is not required for IPv6; firewall rules handle inbound/outbound traffic.

Client Verification (macOS Example)

  1. Open Terminal and run:

ifconfig en0 | grep inet6

  1. Expected output:

inet6 2600:xxxx:xxxx::abcd prefixlen 64 autoconf
inet6 2600:xxxx:xxxx::ef12 prefixlen 64 autoconf temporary
inet6 fe80::xxxx prefixlen 64 scopeid 0xf

  • Global IPv6 addresses (2600:…) are assigned via RA/SLAAC.

  • Temporary addresses are for privacy.

  • fe80:: is the link-local address.

  1. Test connectivity:

ping6 google.com

Additional Settings

I found out also through this page that the AT&T gateway has limited states so we should limit the number of states on pfSense to not go over it.

Set the pfSense state limit in Advanced -> Firewall & NAT -> Firewall Maximum States
 to 7500 as suggested

Why This Setup Works

  • All LAN devices automatically receive a global IPv6 address from the pfSense LAN /64.

  • ICMPv6 rules ensure proper Neighbor Discovery, Path MTU, and RA messages.

  • Games and VoIP apps that support IPv6 can connect directly without NAT.

  • Minimal configuration is required — no manual IP assignment on each device.

Conclusion

Even with AT&T’s BGW210 gateway, which only provides a single /64 and limited prefix delegation, it is possible to configure a fully functional IPv6 LAN using pfSense. The key is to assign a static IPv6 on the LAN interface, enable RA in Assisted mode, and allow ICMPv6 traffic on the WAN.

This setup ensures modern devices get the benefits of IPv6 automatically while keeping your network secure and accessible for gaming and VoIP.

Posted by at No comments:

Sunday, March 10, 2024

How to download photos from an Amazon Photos Album



Option 1: To download all the photos in the album

Click on the vertical 3 dots icon on the top right. A menu should open allowing you to download all of them.




Option 2: To download a single photo

Open the photo you want to download so you can see the big version of it. Then click on the horizontal 3 dots icon on the top right to expand the menu with the download option.



Posted by at No comments:

Saturday, November 19, 2022

Getting my old Logitech Quickcam Pro 4000 to work on Octoprint

 The library that Octoprint uses to connect to a webcam and stream images to the octoprint window is called mjpg-streamer. It works for many webcams, but of course not my trusty Logitech Quickcam Pro 4000. Upon further investigation it turns out my camera only supports the Y12 format but that library can support just the YUV version of that format (there's even a pull request to add support for it). Luckily someone has made their own service called PICS which can read that format and it works pretty well. I forked the project and added some helpful code to allow you to automatically run PICS at boot. Clone the repo, follow the steps to build and run in the Readme, then scroll to the end and follow the steps to "Creating a service to start PICS on boot". This creates a stream that can be viewed at http://octopi.local:8080/dev/video0 which is the URL you can use in the Octoprint WebCam config.




Posted by at No comments:
Subscribe to: Comments (Atom)