How to configurate NAT6 port forwarding?

Since I can only get an /128 prefix, I followed the guide NAT6 and IPv6 masquerading and set up NAT6 on my router. How can I set up IPv6 port forwarding or convert IPv4 settings to IPv6?
Another question: Does miniupnpd work on nat6?

1 Like

Hello @Journalist,

I am interested to know which ISP you are using. It makes me wonder who can give these days only 1 IPv6 address. Would it be possible to share it with us?

1 Like

I would suggest you to switch your pseudo service provider to some real ISP. Can you please share the name of your ISP?

Perhaps your OpenWrt router is connected to your ISP router, which only gives you a /128 address?
Can you configure the ISP router?

I am in a school and I use dhcp and dhcpv6. NAT6 is the last but only choice.

Not work. The follow rule is already added automatically.

ip6tables -t filter -A forwarding_wan_rule \
-m conntrack --ctstate DNAT -j ACCEPT

But I fixed it by comparing the rules in ip(4)tables generated by luci port forward settings.

# /etc/firewall.user
address=$(ip -6 addr list scope global dev $(uci get "network.wan6.ifname") | grep -v " fd" | sed -n 's/.*inet6 \([0-9a-f:]\+\).*/\1/p' | head -n 1)

ip6tables -t filter -I forwarding_lan_rule -m conntrack --ctstate DNAT -j ACCEPT
ip6tables -t filter -I input_lan_rule -m conntrack --ctstate DNAT -j ACCEPT

ip6tables -t nat -A postrouting_lan_rule \
-p tcp -m tcp -s ddf9:6931:c9ae::/60 -d ddf9:6931:c9ae::100 --dport 3389 -j SNAT \
--to ddf9:6931:c9ae::1

ip6tables -t nat -A prerouting_lan_rule \
-p tcp -m tcp -s ddf9:6931:c9ae::/60 -d $address --dport 3388 -j DNAT \
--to-destination [ddf9:6931:c9ae::100]:3389

ip6tables -t nat -A prerouting_wan_rule \
-p tcp -m tcp --dport 3388 -j DNAT \
--to-destination [ddf9:6931:c9ae::100]:3389

Are there unnecessary rules? Or is there any way to simplify it?

(tested on OpenWrt 21.02.0-rc1 with kernel 5.4.111)

Can you request multiple /128 addresses? This should allow some kind of relaying.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.