1. Forum
  2. FidoNet
  3. IPV6

  • Down Temporarily

    From Jay Harris@1:229/664 to Michiel van der Vlist on Sat Jan 30 20:20:25 2021
    Hi Michiel,

    My IPv6 will be down for a little bit. I decided to replace my aging router setup with this fancy Orbi WiFi 6 mesh system. I was doing a lot of research, and of course one the boxes to tick was "IPv6 Support".

    While this Orbi DOES support IPv6, what it DOESN'T support is IPv6 port opening/forwarding like my old OnHub did.

    I'm impressed with the router otherwise, so this was kind of disappointing to find out after getting everything all setup. I'm still deciding whether to take this back and maybe try the Eero Pro 6 instead.


    Jay

    --- Mystic BBS v1.12 A47 2021/01/26 (Raspberry Pi/32)
    * Origin: Northern Realms (1:229/664)
  • From Victor Sudakov@2:5005/49 to Jay Harris on Sun Jan 31 11:53:44 2021
    Dear Jay,

    30 Jan 21 20:20, you wrote to Michiel van der Vlist:

    My IPv6 will be down for a little bit. I decided to replace my aging router setup with this fancy Orbi WiFi 6 mesh system. I was doing a
    lot of research, and of course one the boxes to tick was "IPv6
    Support".

    While this Orbi DOES support IPv6, what it DOESN'T support is IPv6
    port opening/forwarding like my old OnHub did.

    I have been always of the opinion that port forwarding is never needed in IPv6 because no NAT is ever involved (and port forwarding is part of the destination NAT technology). If you had IPv6 port forwarding (in the IPv4 way) on some device, please surprise me!

    It is also difficult to believe that a fancy router does not have a built-in IPv6 firewall (if a firewall is meant by "port opening").


    I'm impressed with the router otherwise, so this was kind of
    disappointing to find out after getting everything all setup. I'm
    still deciding whether to take this back and maybe try the Eero Pro 6 instead.

    My home MikroTik hAP ac3 does not support NAT or port forwarding in IPv6 (which is expected) but has a nice IPv6 stateful firewall with connection tracking (in fact it's iptables inside). I have eventually moved all my IPv6 tunneling to MikroTik and I'm very happy about it's performance.

    Victor Sudakov, VAS4-RIPE, VAS47-RIPN
    --- GoldED+/BSD 1.1.5-b20170303-b20170303
    * Origin: Ulthar (2:5005/49)
  • From Tony Langdon@3:633/410 to Victor Sudakov on Sun Jan 31 19:01:00 2021
    On 01-31-21 11:53, Victor Sudakov wrote to Jay Harris <=-

    I have been always of the opinion that port forwarding is never needed
    in IPv6 because no NAT is ever involved (and port forwarding is part of the destination NAT technology). If you had IPv6 port forwarding (in
    the IPv4 way) on some device, please surprise me!

    Some consumer routers mislabel IPb6 firewall opening as "port forwarding", mine included. Mine came with all inblund IPv6 traffic blocked by default (good!), but to open a port to a specific host, I have to go into "IPv6 port forwarding" (sic) and specify the port(s) that I want to open and the interface host ID (last 64 bits of the IPv6 address) to allow traffic for. Or I can specify that host as an "exposed host", which of course, disables the firewall for that specific IPv6 address.

    It is also difficult to believe that a fancy router does not have a built-in IPv6 firewall (if a firewall is meant by "port opening").

    One would hope it does, and that there's a mechanism to open ports to specific hosts in the firewal config.

    My home MikroTik hAP ac3 does not support NAT or port forwarding in
    IPv6 (which is expected) but has a nice IPv6 stateful firewall with connection tracking (in fact it's iptables inside). I have eventually moved all my IPv6 tunneling to MikroTik and I'm very happy about it's performance.

    My router does speak of IPv6 port forwarding, but it's actually controlling the firewall's packet filter.


    ... Is fire supposed to shoot out of it like that!?
    === MultiMail/Win v0.52
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
  • From Victor Sudakov@2:5005/49 to Tony Langdon on Sun Jan 31 18:05:08 2021
    Dear Tony,

    31 Jan 21 19:01, you wrote to me:

    [dd]

    My router does speak of IPv6 port forwarding, but it's actually controlling the firewall's packet filter.

    Funny!

    Victor Sudakov, VAS4-RIPE, VAS47-RIPN
    --- GoldED+/BSD 1.1.5-b20170303-b20170303
    * Origin: Ulthar (2:5005/49)
  • From Jay Harris@1:229/664 to Victor Sudakov on Sun Jan 31 08:52:43 2021
    On 31 Jan 2021, Victor Sudakov said the following...

    I have been always of the opinion that port forwarding is never needed
    in IPv6 because no NAT is ever involved (and port forwarding is part of the destination NAT technology). If you had IPv6 port forwarding (in the VS> IPv4 way) on some device, please surprise me!

    That's how the settings were worded on my old Google OnHubs. It was port "port forwarding" for IPv4 and "port opening" for IPv6. Everything unsolicited for incoming IPv6 is blocked unless you "opened" the port.

    It is also difficult to believe that a fancy router does not have a built-in IPv6 firewall (if a firewall is meant by "port opening").

    I agree! There are no firewall rules to be found on this interface and any "port forwarding" or "port triggering" settings are for IPv4 only. It would appear that the router is blocking all unsolicited incoming IPv6 traffic, which is actually a good thing, but I'm surprised there's no way to allow certain ports on this router yet.


    Jay

    --- Mystic BBS v1.12 A47 2021/01/30 (Raspberry Pi/32)
    * Origin: Northern Realms (1:229/664)
  • From Jay Harris@1:229/664 to Michiel van der Vlist on Sun Jan 31 19:58:53 2021
    On 01 Feb 2021, Michiel van der Vlist said the following...

    Blocking all incoming IPv6 /by default/ is indeed good. But...

    but I'm surprised there's no way to allow certain ports on this route yet.

    ... if there really is no way to open ports for incoming IPv6 that
    would be a show stopper for me. I'd want my money back...

    Yup, for $499 plus tax (on sale) it just doesn't seem to be worth the money.

    Of course Best Buy is not taking returns (in store) right now due to covid, so I'll have to call and figure out how to return this via mail.

    P.S: IPV6 is working otherwise, so I can indeed still poll for mail via IPv6 just not accept incoming connections.


    Jay

    --- Mystic BBS v1.12 A47 2021/01/30 (Raspberry Pi/32)
    * Origin: Northern Realms (1:229/664)
  • From Tony Langdon@3:633/410 to Victor Sudakov on Mon Feb 1 18:37:00 2021
    On 01-31-21 18:05, Victor Sudakov wrote to Tony Langdon <=-

    Dear Tony,

    31 Jan 21 19:01, you wrote to me:

    [dd]

    My router does speak of IPv6 port forwarding, but it's actually controlling the firewall's packet filter.

    Funny!

    Yeah the dumhing down of consumer gear. :)


    ... You're from the planet Earth, aren't you?
    === MultiMail/Win v0.52
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)