IPV6 incoming Firewall Rules - where are they

IPV6 incoming Firewall Rules - where are they

IPV6 incoming Firewall Rules - where are they
IPV6 incoming Firewall Rules - where are they
2024-11-03 21:18:23
Model: Archer BE230  
Hardware Version: V1
Firmware Version: 1.1.1 Build 20240912 rel.12553(4555)

I have recently 'upgraded' to this router, advertised as supporting IPV6. My LAN is behind CGNAT so IPV4 port forwarding is not available.  As far as I can see, there is no option on the device to allow access from the WAN (internet) to a device on my LAN using the available IPV6 address provided by this router.  There do not appear to be any configureable IPV6 firewall forwarding rules for this purpose.  If I have failed to understand how I can address this I would be extremely grateful for advice.

I do not want the additional inefficiency and cost of a VPN to a commercial service solely to be able to access their configureable firewall, when this should be achievable on my local router using IPV6.

If this is truly not possible on the device then any claim that it is IPV6 'ready' or 'compatible' would seem to be at best exaggeration but also rather misleading without additional caveats.

I would prefer a TP-Link device as I have several MESH devices connected, but if this device cannot provide a configureable IPV6 firewall, is anyone aware of a router that will, By any provider.

Thanks

  0      
  0      
#1
Options
7 Reply
Re:IPV6 incoming Firewall Rules - where are they
2024-11-03 22:36:13

IPV6 incoming Firewall Rules - where are they

  @CT99 

 

Hi,

 

Normally they should be where they can be seen in the Emulator for the BE230 https://emulator.tp-link.com/be230v1/index.html#/ipv6 (scroll down all the way to the bottom).

  0  
  0  
#2
Options
Re:IPV6 incoming Firewall Rules - where are they
2024-11-03 23:40:17

  @woozle

Thanks for the response.  Perhaps I am cofised (quite likely) but I interpreted those rules as allowing devices on my internal LAN to access the Wan via a specific port and protocol.  Are they, in fact, allowing incoming traffic to the local IPv6 address from any external address - in which case I would have expected to at least have the option of specifying or limiting the origin ipv6 address?? 

 

  0  
  0  
#3
Options
Re:IPV6 incoming Firewall Rules - where are they
2024-11-04 23:51:26

  @CT99 

 

I have no idea why the description says "... to allow specific devices to access the specified services", but these rules should open the IPv6 firewall to allow for any remote device to access the specified client device on the internal network. 

 

There is no provision to limit who is allowed through the firewall. It's the same as for IPv4 port forwarding.
 

  0  
  0  
#4
Options
Re:IPV6 incoming Firewall Rules - where are they
2024-11-05 02:18:55

  @woozle 

Thanks again.  Will do a bit more experimenting and get my head around it!

  0  
  0  
#5
Options
Re:IPV6 incoming Firewall Rules - where are they
2024-11-05 10:14:31 - last edited 2024-11-21 13:57:39

It sounds like you're dealing with a frustrating issue. You're right to expect that IPv6 should give you the ability to access devices on your LAN from the internet, especially since the router is advertised as supporting IPv6.

To clarify a bit: CGNAT (Carrier-Grade NAT) is often used by ISPs to save IPv4 addresses, but it can block direct port forwarding with IPv4. However, with IPv6, you should have the ability to assign public addresses to your devices, making them accessible from outside your network.

The problem you're describing seems to be that your router doesn't have an easy way to configure IPv6 firewall rules or port forwarding for IPv6 traffic. This could be a limitation of your current router or its firmware.
 

Here are a few things you could try:
 

  1. Check Router Settings: Double-check if there's any mention of "IPv6" or "Firewall Rules" in the advanced settings or manual. Some routers hide these options in more advanced menus.

  2. Firmware Update: Ensure your router’s firmware is up-to-date. Sometimes, newer versions add features like better support for IPv6.

  3. ISP Settings: In some cases, ISPs may have specific settings that impact how IPv6 works. It’s worth reaching out to your ISP to confirm if there are any limitations or specific configuration steps you need to follow.

  4. Alternative Routers: If your current router can't offer the features you need, there are other routers that provide better IPv6 support. Some popular choices with solid IPv6 firewall management include routers from ASUS, Netgear, and Ubiquiti. You may find one with a more flexible IPv6 setup that fits your needs.


You might also want to check out howscribe if you're looking for more detailed guides or troubleshooting tips for configuring IPv6. They have useful resources for home networking setups and might give you the information you need for setting up your router the way you want.

You're also right about the frustration of having to rely on a VPN for something that should be handled natively by the router. I hope this helps point you in the right direction!
 

Let me know if you need more details on any of this!

  0  
  0  
#6
Options
Re:IPV6 incoming Firewall Rules - where are they
2024-11-05 20:24:37

Thanks @QuantunShade

I need to do some more fiddling.  I can IPv6 ping my router from the WAN so need to go back and see if a couple of rather oddly labelled menu options might yet route messsages through it!

  0  
  0  
#7
Options
Re:IPV6 incoming Firewall Rules - where are they
2 weeks ago - last edited a week ago

Hi everyone!

 

I don't know if my question belongs to this topic, but I couldn't find any more related one. 
 

I bought last week a TP LINK AX55 pro router, and I try to set ipv6 firewall rules.

Actually I managed to set,  but after a reboot I get a bit different ipv6 (prefix changes) from my ISP and my firewall rule does not change dynamically so it remains the previous one. Do you have any idea how I could fix this? Or may AX55 pro not support dynamic ipv6 firewall rules at all?

  0  
  0  
#8
Options