This is a feature of IPv6. IPv4 NAT is a poor-man's firewall that many blissfully hide behind. Any device with a publicly routable IPv6 address is publicly accessible unless explicitly firewalled.
This is one of the reasons there are link-local and ULA IPv6 addresses.
For all practical purposes, there is intentionally no such thing as "IPv6 NAT". (There are some specific use cases for temporary "prefix translation" but they apply mainly to enterprise users during short periods of change-over of upstream transport providers.)
Yes, in germany, Kabel BW customers with DS lite connection do share an IPv4 address. Don't ask me how, I only know there are lots of disadvantages besides of online registrations and the no-chance to be reachable from the internet via IPv4.
I must admit that with Jeffs words things are much more clearer and brought me to the following test:
WAN6 is now deactivated.
This results in fdd3 and fe80 addresses on the intranet only. My servers (and router B LAN) are still available on IPv6 which might not even be necessary anymore.
Since my cable modem is deactivated as DHCPv4 server and acting as stateless DHCPv6 server, I have a static IPv4 on Router B and no IPv6 address anymore on router B WAN.
The overall goal was to have internal devices as well as the router B reachable via IPv6 because for some weird reason, after some weeks & days the IPv4 interfaces and connections get lost on some servers. There are analysis scripts and startup scripts running for a an analysis, but so far, IPv6 on intranet was the solution. Maybe IPv4 interfaces felt asleep after not being "used" and this is changing now ...
Running the current setup, the topic of the thread could turn into "how to get rid of IPv6 and prefix delegation". But I have even less ideas if this setup now makes sense and what the disadvantages are.
But it seems to be very nice. I cut IPv6 off between the Modem and the router but still have IPv6 on the internet and internally.
There is what is often termed "carrier-grade NAT" where the exhausted IPv4 space is re-used internally. They are not publicly routable, even though they may have (unwisely) been taken from the public IPv4 space. With carrier-grade NAT, your "local" IPv4 address is NAT-ed when it leaves the local (internal) network, before being sent over the public Internet.
For most users, no. The one thing to be aware of is that some programs will fail if the loopback interface is not configured for IPv6 (on the host running the program). Other than that, IPv6 isn't magically faster than IPv4 or anything like that. I don't know of any generally useful services that are only available on IPv6, at least as far as "surfers" go.
If, and only if, your ISP provides you IPv6 transport (they may be using it to/from your modem, but not providing it for your use), and if you want to be able to connect to services on your network, then IPv6 might be a way to enable that, given that your IPv4 address is not accessible from the outside. If you find out that you can get a PD from your ISP and want to selectively enable IPv6 access, then there are ways to enable that for a host or two with appropriate addressing and firewalling.
I strongly recommend you don't disable ipv6. what you want is to prefix delegate a prefix to your LAN and then have a firewall that prevents inbound connections unless explicitly allowed. In other words, the default settings for WAN6 on OpenWRT.
DSLite means your ISP is internally running an ipv6 native system, and just giving you access to a shared public IP4 address through the translation between ipv6 and ipv4, very similar to carrier grade nat (CGN). This is probably why ipv4 breaks every so often. If you enable ipv6 you will get native services for all sites that have ipv6 and this is going to be an increasing number of sites as evidenced by statistics collected by Google and others: https://www.google.com/intl/en/ipv6/statistics.html
Just get ahead of the game and figure out how to make ipv6 work for you. But please go read about it, it's clear that you have many misconceptions about how it works (and you are not alone, so there are plenty of resources explaining it online).
" The CPE distributes private IPv4 addresses for the LAN clients, according to the networking requirement in the local area network. The CPE encapsulates IPv4 packets within IPv6 packets. The CPE uses its global IPv6 connection to deliver the packet to the ISP's Carrier-grade NAT (CGN), which has a global IPv4 address. The original IPv4 packet is recovered and NAT is performed upon the IPv4 packet and is routed to the public IPv4 Internet"
So in this case you will get better performance by using native ipv6 for sites that support it already, and you wont drop out so often like you do with ipv4.
Your ISP has moved into the future and ipv4 is now a legacy technology that they're supporting through a hack... time for you to follow suit by dropping ipv4 as quickly as possible
I'm surprised they haven't started putting in NAT64 which puts the entire public internet into a small corner of the ipv6 address space and then does translation for you. This is how T-Mobile deploys mobile data for example. They have a pure ipv6 only deployment and they alter DNS to hand out "translated" ipv6 addressess for sites that only support ipv4.
The possibility of the existence of this information was within the range of my understanding and my expectations. But I was afraid and successfully repressed it for at least some time.
The good news is that IPv6 is actually way better than ipv4 and once you understand it you'll be hammering at the door to get everyone to switch... damn it if we could just get rid of ipv4 NAT hacks entirely the world would be a vastly better place.
Now I am facing the "connect to my network on VPN" challenge and I do not enjoy the fact that I really need to do some detailed learning like at https://ipv6.he.net/certification/
The problem is: KabelBW / Unitymedia IPv6 is even more weird for me. There is a point in the tutorial where a browser check is done and it tells me that it failed. Indeed, it seems like I don't have IPv6 from my provider anymore.
Kabel modem -> stateful DHCPv6
R7800 with 18.06.0 -> DHCPv6 client
(mostly like hnymans build)
There is IPv6 support, I have link local and ULA for devices on the network, but the overview section does not show any IPv6 upstream information nor is the WAN6 IPv6 information complete.
I see a lot of config missing, like CONFIG_IPV6=y, CONFIG_KERNEL_IPV6=y etc...
Is it that the community build(s) (for ar71xx) are without IPv6 support?
Before get I too much irritated because of the changing IPv6 behaviour I wanted to try a "standard" build which is knowingly supporting IPv6.
This is nice, thanks. I prefer learning by doing. Listening 5 hours is technically not possible for my CPU.
But if I don't get this running on my network I will take an old router, paint IPv6 on it and burn it.
