hexaitos/hexaitos.com
hexaitos
/
hexaitos.com
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
hexaitos.com/_drafts/hosting_at_home_p1.md

39 lines
5.8 KiB
Markdown
Raw Normal View History

add blog post
2024-10-29 14:13:38 +00:00
---
layout: post
author: hexaitos
title: Hosting my websites at home Delegating an IPv6 prefix from my FRITZ!Box to my OPNsense
---
A few months ago, I built my own home server which I have mostly been using as a NAS and for running a couple of other services like Immich which Ive been accessing via a Tailscale VPN connection. However, I also have a bunch of websites that I have been hosting on a VPS; and while that works quite well, I wanted to find out if it was possible to host them on my own server as a sort of fallback / backup. The main problem here is that I am behind CGNAT which means that I do not have a publically accessible IPv4 address (not even a dynamic one); I do, however, get my own and apparently static /59 IPv6 prefix.
This post is the first in a series of posts I will (hopefully) be writing. This one will focus on how I delegated an IPv6 prefix to my OPNsense installation. The other parts will focus mainly on how I made my IPv6-only server accessible even from IPv4-only networks. I am _not_ saying that anything I will be describing is necessarily the best way of going about it (I dont really have all that much experience with IPv6 yet) but its whats been working for me. If you have any ideas, comments or critique, feel free to [contact me](/contact).
## My network
I should probably start off by explaining my network setup. I get cable (coax) internet from a German ISP called Vodafone. I used to have their provided router, but since it was absolutely terrible, I decided to buy my own, namely a FRITZ!Box 6660 Cable.
**The IPv4 setup is relatively simple to explain**: My server is running Proxmox and its connected to my FRITZ!Box router. The Proxmox host itself gets an IP in my routers LAN network (192.168.178.0/24). Running on Proxmox as a virtual machine is my OPNsense installation with two network interfaces, WAN and LAN. The WAN interface is connected to my router and I assigned it a static IP in the 192.168.178.0/24 network mentioned earlier. The LAN interface of my OPNsense installation is in the 10.10.10.0/24 network and all other VMs running on Proxmox are connected to that interface. Thus, all the traffic of all my VMs goes through my OPNsense installation and all my VMs have a private IPv4 address in aforementioned network.
**The IPv6 setup is going to be a bit more complicated**. This is mostly because I dont really have that much experience with IPv6 yet. Even at work we dont really use IPv6 (even though I would *really* like to). As mentioned earlier, my ISP has assigned an IPv6 prefix with a subnet mask of /59 to me. This allows me to make 32 /64 subnets which is, apparently, the recommended subnet size for IPv6 (from what I have read so far at any rate). Two of these /64 subnets are already taken up by my FRITZ!Box (one for the LAN network and one for the guest LAN network) which still leaves me with *plenty* of subnets I could use for my webserver. Now I just needed to figure out how to assign a subnet to my OPNsense installation.
## FRITZ!Box settings
The first thing I had to do was change a couple of settings in the FRITZ!Box itself. By default, even prefixes delegated to a device behind the FRITZ!Box would still go through the FRITZ!Box own firewall and, thus, actually accessing the devices in the delegated prefix from the Internet would not be possible. To change that, I had to go into the FRITZ!Box settings under <q>Internet</q> and then <q>Freigaben</q> and add a new entry, select my OPNsense and then toggle the button that reads <q>Firewall für delegierte IPv6-Präfixe dieses Gerätes öffnen.</q> (Open the firewall for prefixes delegated to this device). This should look as follows in the routers web inteface:
![A screenshot from the webinterface of my router showing how to enable opening the firewall for delegated prefixes of this device](/assets/images/blog_posts/hosting_at_home_p1/delegated_prefix_fritz.png)
## OPNsense settings
After changing the settings in the FRITZ!Box, I logged in to my OPNsense installation and had to change a couple of things there. This part will probably be a bit longer as there are several steps involved. I had to change the settings of both my WAN and LAN inteface and also enable a few other things.
### WAN interface
The first thing I had to do was go into <q>Interfaces</q> and then <q>WAN</q> and change the <q>IPv6 Configuration Type</q> to DHCPv6. Additionally, I had to set the <q>Prefix delegation size</q> (which I, in this case, just set to 60) and I also had to tick the box that said <q>Send prefix hint</q>. This should look as follows:
![](/assets/images/blog_posts/hosting_at_home_p1/wan_interface.png)
Afterwards, OPNsense should have received an IPv6 address in the already existing LAN network of the FRITZ!Box (which it did in my case) and we should now have the ability to delegate prefixes (16 of them in this case because of the /60 subnet) to our interfaces. To be honest, choosing such a large subnet delegation was probably a bit overkill as I will only be needing _one_ /64 subnet for my LAN interface so Ill probably change that to something smaller at some point.
### LAN interface
The next step involved actually assigning a prefix to the LAN interface. To do this, I had to go into <q>Interfaces</q> and then <q>LAN</q> this time. Here I set the <q>IPv6 Configuration Type</q> to <q>Track Interface</q> and once I did that, some more settings appeared at the bottom of the page titled <q>Track IPv6 Interface</q>. Here I selected a parent interface (which is the WAN interface) and assigned a prefix ID under <q>Assign prefix ID</q>. I just entered <q>1</q> here. Last but not least, I enabled the setting to allow manual configuration of DHCPv6 and Router Advertisements. This should look like this.
![](/assets/images/blog_posts/hosting_at_home_p1/lan_interface.png)