Allowing full routing of IPv6 in, while using NAT for IPv4

roysk · November 2, 2024, 2:48pm

Hi all

I had an older router, I don't remember the model atm, but it was also running OpenWRT. Now that that died, I got a new one, an RT-AX53U, and installed the latest (23.05.5) OpenWRT on it. This works well, but on my old setup, I had IPv6 open into my old network, with local firewalls on the different machines. The IoT devices do not use IPv6 (thus far) and I'm planning on putting them on a separate VLAN for better control. However, when I try t configure this on this new router, when I get to the point of IPv6 working, as in routing straight in, this clips off IPv4, so I guess I'm doing something wrong there and at the same time, turning off NAT, which obviously won't work.

Can anyone help me out with this? I've been using openwrt for quite some time, but I am by no means a qualified openwrt hacker.

Best regards

roy

egc · November 2, 2024, 2:53pm

NAT is necessary for IPv4.
Turning on NAT does not turn on NAT for IPv6.

IPv6 NAT is on the Firewall wan Advanced page (and should be turned off if you have full IPv6)

roysk · November 2, 2024, 3:09pm

I can't find the advanced settings tab here

mk24 · November 2, 2024, 3:23pm

The default firewall only allows outbound connections on IPv6 since there is only a lan->wan forwarding rule. If you add a wan->lan forwarding rule, all your lan IPv6 devices will be reachable from outside on their GUA addresses. Direct wan->lan forwarding is inherently not possible on v4 since it is NATd, but as noted the default setup does not NAT IPv6.

It's also possible to write rules allowing incoming connections only to certain addresses and/or ports.

egc · November 2, 2024, 3:29pm

Edit the WAN zone