I recently moved to a new apartment and had to switch my internet connection from cable to fiber. With my old cable connection, I had a public IPv4 address, which made port forwarding easy. Now, I have DS-Lite, and things are a bit more complicated. I set up a DDNS service (no-ip.com) with an AAAA record, and the DDNS service is active on my router with an IP address. The problem is, if it change I have to manually update it in the port forwarding settings. Maybe I’m missing something, but I haven’t found a solution yet because making the ipv6 static like ipv4 is not possible.
Once this is sorted, I want to place my Nextcloud in a separate network (e.g., 192.168.2.1) so that this network is isolated. I tried adding a device (LAN 1) and then creating an interface, and also with VLANs on br-lan, but Nextcloud can’t get an IP address. Maybe I’m thinking about this the wrong way. I hope you can help!
I only can speak from my site, but when I want to set it static nothing happens and over dhcp static leashes I only can choose ipv4, uuid and ipv6 prefix. what i did, i used the uuid and a prefix, then that means its static its my fault
inet6 fd9d:xxxx:xxxx::adef/128
inet6 fd9d:xxxx:xxxx:x:xxxx:xxxx:xxxx:eb52/64
inet6 2a00:xx:xxxx:xxxx:xxxx:xxxx:xxxx:bcd8/64 <-- here it has to be adef
inet6 fe80::xxxx:xxx:xxxx:68c9/64
Firewallrules (the second is disable, but I tried it)
config rule
option name 'HTTPS via IPv6'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option dest_port '443'
option dest_ip '::adef'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Nextcloud'
list proto 'tcp'
option src 'wan'
option src_dport '443'
option dest_port '443'
option enabled '0'
option dest_ip '::adef'
When I look under status I see this: Odroid 2a00:xx:xxxx:xxxx::adef/128
But when I want to choose it in the firewall, its not that ip; its 2a00:xx:xxxx:xxxx:xxxx:xxxx:xxxx:bcd8/64
You do not port forward but simply have a traffic rule to allow the IPv6 address.
As the prefix is often dynamic you use a negative netmask
I have set a static IPv6 address for my servers in my home net like this:
config host
option dns '1'
option name 'EA8500'
option ip '192.168.0.6'
option leasetime '6h'
option duid '00030001c6349616445c'
option hostid '06'
list mac 'C0:56:27:AA:AA:AA'
This gives my EA8500 which is my VPN server the prefix::06 address (and also an IPv4 address I have full dual stack )
In the firewall I make this traffic rule note the negative netmask of /-64, which will mask the prefix:
config rule
option name 'wg-server6-6'
list proto 'udp'
option src 'wan'
option dest 'lan'
option dest_port '51810'
option target 'ACCEPT'
option family 'ipv6'
list dest_ip '::6/-64' <<<< prefix::06
I found a configuration that is working but, thats not a real solution:
config redirect
option dest 'lan'
option target 'DNAT'
option name 'nextcloud'
list proto 'tcp'
option src 'wan'
option src_dport '443'
option dest_ip '2a00:xx:xxxx:xxxx::adef'
option dest_port '443'
This is not working:
config redirect
option dest 'lan'
option target 'DNAT'
option name 'nextcloud'
list proto 'tcp'
option src 'wan'
option src_dport '443'
option dest_ip '::adef/-64'
option dest_port '443'
Maybe you have another idea?
Its working now. it was a problem of the ddns service. it allways uses ::1 instead of ::adef. I have to look how I can configure it! Maybe you have an idea how a can configure that, or use another service?
)