My goal is to forward the traffic from a specific port of the WAN6's IPv6 address (for instance 50022) to a specific port of my known hostname (let's assume 22), for which address I know the suffix (2), but while its prefix is dynamic.
I attempted to add a rule, but I imagine there is no "variable" available in order to reference the obtained IPv6-PD, even if this would logically make sense to me, so something like:
config rule
option target 'DNAT'
option proto 'tcp'
option family 'ipv6'
option src 'wan6'
option src_port '50022'
option src_dport '22'
option dest 'lan'
option dest_ip '{WAN6's IPv6-PD needed variable}::2'
option name 'FORWARD SSH IPv6'
option enabled 1
Thanks, I read about dynamic prefix forwarding, but given my limited knowledge about IPv6 I had the impression that it can't work because of the difference between the 49th to 56th bits:
I assumed that applying a negative mask for the first 56 bits would result in 2axx:xxxx:xxxx:ff::2 instead of the desired 2axx:xxxx:xxxx:66::2, this representing a problem.
The IPv6 address of the router does not matter here. Instead, you should set up an IPv6 DNS record (AAAA) for the LAN host you want to connect to. Together with a firewall forwarding rule, this makes the address and port translation unnecessary.
Actually I realized that my DDNS service was misconfigured. It was sourcing the address from WAN instead of LAN, so that's why all this story. Indeed, after changing the source to LAN it determines and sends the {dynamic prefix}::1 address, which is convenient. Using hostnames and static suffixes on DDNS provider's side I can obtain "semi-predictable" routable addresses and I can then define simple firewall rules, so you are right, I don't need NAT.
