this post was submitted on 08 Jun 2024
1 points (100.0% liked)

Memes

45724 readers
55 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Blaster_M@lemmy.world 0 points 5 months ago (1 children)

You shouldn't be forwarding anything - lan devices are directly accessible from the internet with ipv6. The router's job now is to firewall inbound ipv6 packets. You should be able to simply open the inbound port for that device in particular.

[–] henfredemars@infosec.pub 0 points 5 months ago* (last edited 5 months ago) (1 children)

Right, that’s how it should work. Unfortunately that’s not how it actually works most of the time in consumer.

Many devices don’t provide an option in the UI to open an inbound port on IPv6. For example, the latest and most expensive Linksys gaming router blocks all inbound connections and there are no options for different behavior. It doesn’t support opening any ports for v6.

The most recent TP link device I tested for my dad doesn’t even have a firewall. If you know the global IP, you can connect to any port you want.

[–] Blaster_M@lemmy.world 0 points 5 months ago

And that's why I abandoned cheap consumer routers many years ago... closest devices to implement ipv6 port management firewalling even half good was/is the ASUS devices. I got fed up and went pfsense and/or unifi one day and never looked back.

UDM handles ipv6 real good, and pfsense can even get /64 subs from an ATT router for all its lan interfaces.