I have managed to open port 22 for ssh connection remotely to the router and it is working. I would like to open a specific port (for example port: 5201) on a specific client on the local network. I have tried setting up differente Traffic Rule in the firewall.
First of all i see that i have multiple global ipv6 address for each client (i don't know why this happens and if it is something that has to be fixed).
If i set: from WAN to LAN port 5201 without specifying any dest_ip. I can access the server remotely using any of ipv6 address.
If i set: from WAN to LAN port 5201 and i specify the last two ip work, but if i specify the first ip it doens't work. Why?
The other problem is that my LTE ISP force disconnection and new ipv6 address every 4 hours. I get a new /64 prefix every 4 hours. How can i generalized this to work with every new ipv6 i get?
Maybe can i force the last 64 bit for the ipv6 address to be always the same? So i can set the firewall to open port for that specific last 64 bit of ipv6 address?
I have this working for my WG server.
I have set a static IPv6 IP for this WG server.
To deal with dynamic prefix OpenWrt can work with a negative mask to mask the prefix.
My traffic rule for my WG server which has a static IPv6 IP of ::6
config rule
option name 'wg-server6-6'
list proto 'udp'
option family 'ipv6'
option src 'wan'
option dest 'lan'
option dest_port '51810'
option target 'ACCEPT'
list src_ip '::6/-64'
You can see the -64 negative mask which masks my prefix so if the prefix changes the rule should still work.
For completeness my static IP address (from /etc/dhcp):
config host
option dns '1'
option name 'EA8500'
option mac 'C0:56:91:41:AA:BB'
option ip '192.168.0.6'
option leasetime '6h'
option duid '00030001c0562723456d'
option hostid '06'
How can i set a static ipv6 address for a client? I mean the last 64bit of the ipv6, because the first 64bit are assigned by the ISP and they change every 4 hours
).