Closed bastien-roucaries closed 5 months ago
I believe this is a limitation of the underlying firewall tool OpenWrt/LEDE uses and is not a LuCI issue. @jow- is that true?
Typically you do not need "port forward" with ipv6. As there is typically no NAT, you simply need a traffic rule accepting packets to ipv6 addr XXX / port YYY.
Or are you really talking about IPv6 NAT?
Le 22 janvier 2017 12:02:28 GMT+01:00, Hannu Nyman notifications@github.com a écrit :
Typically you do not need "port forward" with ipv6. As there is typically no NAT, you simply need a traffic rule accepting packets to ipv6 addr XXX / port YYY.
Or are you really talking about IPv6 NAT?
No i am talking to both: redirection of port 80 to another host and ipv6 nat (nat 1:1) un order to to redirect some port to ula network -- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
@cshoredaniel - yes, you're correct. Firewall3 currently does not support config redirect
for IPv6. This is something I target for LEDE 17.01.1
@jow- If you need someone (because of time) to do the LuCI part (if any is necessary) once you've got the firewall update, I'm happy to help.
| luci-app-firewall | git-17.267.26012-a2ea9fd-1
Tried this version today, got an online game with IPv6 support. I can use my IPv6 suffix for the related computer if switched to 'other', but after it is added, luci assign it to ipv4-nat chain. Ready for beta testing:-)
+1
IPv6 has permanent local addresses which can be used to statically address an IPv6 host in a local network. With dynamic DNS I would have to get one domain for each host I want to have external inbound connections to, and have each host update its DNS entry on its own.
Instead I can have the router update its external IPv6 address in dynamic DNS and forward the packets based on dport to the appropriate internal hosts, so externally all services appears to be from the same host.
This also has the advantages of not revealing the real destination host IPv6 addresses.
Although IPv6 NAT is not recommend, I use it. Because relay on odhcpd is unstable. In fact, some ISPs subnetting /128. I think port forward for IPv6 NAT is required.
Might be related, as SNAT with v6 does not work either, even after installing ip6tables-mod-nat
Yes, I'm trying to run a transparent squid proxy for HTTP/HTTPS traffic for some hosts on my network. I see the DNAT rules for the host in ipv4 tables but not ipv6 tables. Transparent proxy configuration doesn't even have to have a concept of what IP protocol you are running. I should be able to say, "all traffic from vlan XXX going to wan where destination port is HTTP should DNAT to squid:3129" (https respectively).
Has the issue been abandoned since lingering for 2 years? Or is there some development in master/branch?
maybe the overlap between users that care for portforwarding on ipv6 and users that need a helper for it is easily overestimated.
users that need a helper for it
That would question of LuCI as helper in general. Sure everything could be done via cli solely but hen why bother with UCI/LuCI in the first place.
I have the same thinking as well - even my scripts which control firewall through cli use UCI, and that for multiple reason:
It definitely does now - 9c55500fe8efa309d55f34c21d5ae2bf69fabf06
Hi,
The port forward does not support ipv6