Running an AX3000 on my StarLink based LAN (Starlink router in passthru).

StarLink does not supply stable/static IPv4 addresses unless you pay for Business Class service. They use GCNAT which is unusable for hosting a server on the LAN using IPv4.

So, I use IPv6 for my simple server. The IPv6 address StarLink does supply isn't guaranteed to be stable either, but at least it is routeable. So I also use the NO-IP service and a local tool (Dynamic DNS Upldate Client aka DUC) that keeps the possibly changing IPv6 address in sync with my domain name. THis works just fine, but I do have a question on how the AX3000 does firewall rules using IPv6 based devices

When yout configure the router to allow certian services to pass thru using IPv6 the screen allows you to pick the targer device and set which ports to pass thru.

When you click the "Select from Clients" button you're presented with the MAC and IPv6 address of devices you can select from. When you pick a device it then does the mapping and you see the devices IPv6 address and the Port that is mapped.

Question...does the router actually map using the MAC address or the selected IPv6 address. If it used the IPv6 address, and the router reboots, and StarLink supplies a different IPv6 addess to the router, then the devices on the LAN side of the router will also get assigned new IPv6 public address, and that would break the firewall rule.

So, I assume the router is actually mapping to the IPv6 address associated with the MAC address (which will not change) of the target device. And therefore, if a new IPv6 address is assigned, the router firewall rule will still work. But, I hate to assume anything on a server set up.

So, can anyone from TP-Link or this commuity please confirm what is actually happening? Thanks...