I am very frustrated by AT&T’s support of IPv6. First, they don’t even support native IPv6, they run tunrd on the gateway (router). I can see from the gateway’s webpage that the tunrd process is allocated an entire /60 network (16 subnets), which would be plenty for me, and it only uses the first one on the LAN interface. But there is no way to define an IPv6 static route on the gateway, so that I can use any of the other 15 subnets. On top of that, the firewall in the gateway only allows you to poke holes through the IPv4 firewall. It always blocks all incoming IPv6 traffic. Boo.
The only configurations that work when using AT&T’s IPv6, are if you only have a single LAN (wasting the other 15 subnets they allocate everyone), and rely on their gateway to be your sole firewall, or if you setup a transparent, bridging firewall, instead of a routing firewall. The latter is much harder, and while I had it working, I was not happy with the complexity, and just a single lan.
I ended up shutting off AT&T’s IPv6, and setting up my own 6to4 tunnel to Hurricane Electric, who allocated me an enormous /48 network (65k subnets). They also let me setup my own reverse DNS server. Works like a champ. And since the tunnel terminates at my own firewall, I get to control what is allowed in.
The more I use IPv6, the more I like it. I wonder how long before we stop running dual-stack systems?