From my ISP I get public NATd IPv4 address on my openwrt wan interface and every device get unique public IPv6 address.
By placing correct firewall rules, I can reach any device using its IPv6 address from outside internet.
Where as to reach the reach device from outside using our IPv4 address. I have to use port forwarding. This is because my IPv4 address is NATd. And firewall rules wont help here.
Is this correct understanding?
You're correct, but by default your IPv6 enabled devices are still protected by firewall. You can ping them only because there is a rule for that in default settings. Even more, there is a problem when you want to open some port on your IPv6 device (for outside World) which is blocked by default settings of OpenWrt firewall. But there is such thing as IPv6 pinholes... but you need additional software to enable those.
For IPv6 I was able to successfully reach the device using a specific port from outside after placing a traffic rule as below,
For IPv4, I placed a port forwarding rule as below and was able to reach via IPv4,
You're right, that's the general idea.
But you can automate this process (and potentially reduce security as a result) by using UPnP/NAT-PMP...
Any reading material around setting this up?
Not many consumer grade softwares support UPnP/NAT traversal services on IPv6, so even if you have your router with such services running, you still need software at the client side to interface with them.
With that being said, you can install theminiupnppackage, which supports UPnP, PMP, PCP and STUN, both for IPv4 and IPv6. The package including a LuCI service page isluci-app-upnp.
