OpenWRT and LEDE has its own iptable structure. Rather than inserting your custom rules directly into the main INPUT or FORWARD table, try building them using the UCI configuration. In your case, the first port 80 rule can be added into /etc/config/firewall in the following block:
config rule
option name 'Webv6 forward'
option src 'wan6'
option dest 'lan'
option dest_ip '2001:470:1f1b:5b3:21b:21ff:fea6:ce93'
option dest_port '80'
option proto 'tcp'
option family 'ipv6'
option target 'ACCEPT'
This should get your rule properly added into the "zone_wan6_forward" chain.
how are you?
i think it is not working because with he.net is not native, probably with native, it works, but i added and was not working, it says filtered (not closed, bit still, not working).
i wrote exactly you sent me and even in the lede docs (which is the same).
or maybe i need to install a package?
weird, the rules not working.
bruhuhu.
Hurricane electric tunnel will work fine because it is still considered a public interface, but tunnelled via v4. So you must make sure v4 allows incoming 6in4 tunnelled traffic (protocol 41). You'll have to punch a hole on v4 for HE's tunnel to reach you with this:
config rule
option name 'Allow HE 6in4'
option src 'wan'
option src_ip '80.81.192.172'
option proto '41'
option family 'ipv4'
option target 'ACCEPT'
You exclude source IP line if you change tunnel often, or replace that with the HE tunnel IP that you use.
@phuque99 how are you?
Thanks so much for helping!
It is working now like this
config rule
option enabled '1'
option target 'ACCEPT'
option src 'lan'
option dest 'wan'
option name 'ROUTER HTTP'
option proto 'tcp'
option dest_port '8888'
option dest_ip '2001:470:1f1b:5b3::1'
option family 'ipv6'
But the only problem is that I can use the 8888 port, but actually, on the router I want to forward to the 80 port, given the 80 port is the LUCI. Do you have a setting for it like this:
config rule
option enabled '1'
option target 'ACCEPT'
option src 'lan'
option dest 'wan'
option name 'ROUTER HTTP'
option proto 'tcp'
option dest_port '8888'
option dest_ip '2001:470:1f1b:5b3::1'
option src_port '80'
option family 'ipv6'
But the src_port is not working, isn't that when I want to receive the port 80 from the wan and accept on tha lan 8888 port?
Or is it reverse???
The src_port is the port used by the host on the internet, which means it's an ephemeral port for incoming tcp connections. The dest_port is the port it wants to connect to.
If you want to forward a port, i.e. rewrite the destination IP address and port, then you need to use redirect instead. But I don't understand why you need it since your IPv6 hosts should all have globally routable IPv6 addresses you can use for incoming connections if you want.
(BTW I think you need to install additional packages if you want to use IPv6 redirect, such as ip6tables-mod-nat.)
well, thanks, but it doesn help me at all.
i have a router ip6 address, 8888, but i want to receive it that ip6 on the 80 not the 8888.
besides lede router ipv6 adress i cannot receive any packets,
for example, my server on via the router, i can use the rules and receive and send packets like smtp, http, https etc..
but for the router ipv6 adress for some reason it is i can unable not even 80 but neither 8888.
i know i dont understand what i am doing about the lede, i use with ip6tables, then i tried with config firewall rules, but on the ip6tables it was the same.
what i am saying is that the router is blocked for some release , both on the router 6in4-wan6 and the br-lan RULES, or ip6tables, just not working at all. i dont know why, i guess you dont no either.
besides, if the router could connect via ipv6 (my clients, my server perfect, awesome), then so if my router could connect on the internet via ipv6, then i would want to do something like rewrite as you said.
i am sure in the next 5 months it will work, just asking.
neither 6in4-wan62001:470:1f1a:5b5:0:0:0:2 (they said :: is not good, use 0:0:0:x) nor br-lan2001:470:1f1b:5b5::1 is working with the firewall rule or ip6tables (same exact settings, but on the router, for some weird reason not working).
I will look at this ip6tables-mod-nat , but it still not working on my router, only my clients, that's the first problem...
but thanks for the ip6tables-mod-nat, hopefully i will can use it once i can receive data from the router