You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, opening a port on fw3 to allow a local server to be reached from the Internet via IPv6, requires the hardcoding of the destination IPv6 address in the dest_ip option. Here's the example on the [[https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_ipv6_examples|fw3 IPv6 Configuration Examples]] wiki page: config rule
option src wan
option proto tcp
option dest lan
option dest_ip 2001:db8:42::1337
option dest_port 80
option family ipv6
option target ACCEPT
Having an hardcoded IPv6 address becomes troublesome when the public IPv6 prefix changes. This can happen regularly with some ISPs, forcing users to edit the rule.
It would much helpful if one could specify a destination hostname instead of an IP address. fw3 would then have to check the current leases and translate the hostname.
An hardcoded IP address in the firewall rules was no issue with IPv4, since on most scenarios all destination addresses were local and could be statically attributed on /etc/config/dhcp. IPv6 public prefix delegation changes this and IMO requires more flexible rules on fw3.
This feature request follows the [[https://superuser.com/questions/1090691/how-to-set-up-openwrt-traffic-rule-for-port-forwarding-ipv6-server-on-my-lan|How to set up OpenWrt traffic rule for port forwarding IPv6 server on my LAN?]] question on SuperUser by James Johnston.
The text was updated successfully, but these errors were encountered:
dllud:
Currently, opening a port on fw3 to allow a local server to be reached from the Internet via IPv6, requires the hardcoding of the destination IPv6 address in the
dest_ip
option. Here's the example on the [[https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_ipv6_examples|fw3 IPv6 Configuration Examples]] wiki page:config rule
option src wan
option proto tcp
option dest lan
option dest_ip 2001:db8:42::1337
option dest_port 80
option family ipv6
option target ACCEPT
Having an hardcoded IPv6 address becomes troublesome when the public IPv6 prefix changes. This can happen regularly with some ISPs, forcing users to edit the rule.
It would much helpful if one could specify a destination hostname instead of an IP address. fw3 would then have to check the current leases and translate the hostname.
An hardcoded IP address in the firewall rules was no issue with IPv4, since on most scenarios all destination addresses were local and could be statically attributed on
/etc/config/dhcp
. IPv6 public prefix delegation changes this and IMO requires more flexible rules on fw3.This feature request follows the [[https://superuser.com/questions/1090691/how-to-set-up-openwrt-traffic-rule-for-port-forwarding-ipv6-server-on-my-lan|How to set up OpenWrt traffic rule for port forwarding IPv6 server on my LAN?]] question on SuperUser by James Johnston.
The text was updated successfully, but these errors were encountered: