How to open IPV6 firewall ports on GL-AR150?

kkl · May 15, 2022, 9:51pm

When the GL-AR150 is in router mode and configured for IPV6, what is the procedure to open firewall ports so that IPV6 devices on the LAN are accessible from the WAN? Thank you.

FW 3.212, OpenWrt 19.07.8 r11364-ef56c85848 / LuCI openwrt-19.07 branch git-21.189.23240-7b931da

wcs2228 · May 17, 2022, 2:19am

Here is some related information:

I do not work for and I do not have formal association with GL.iNet

kkl · May 17, 2022, 4:17am

Yes, that’s what I’m trying to understand how to do with the GL-AR150.

alzhao · May 17, 2022, 8:46am

If IPV6 is native, which means it can be accessed from the world.

Now the UI does not do port forward on ipv6. Even luci does not have that.

kkl · May 17, 2022, 2:12pm

I’m not asking how to forward (i.e. redirect) a port, I’m asking how to open a port in the firewall.

wcs2228 · May 17, 2022, 5:05pm

You should be able to add traffic rules via LuCI → Network → Firewall → Traffic Rules, or by directly editing the /etc/config/firewall file in SSH.

I do not work for and I do not have formal association with GL.iNet

kkl · May 17, 2022, 6:21pm

Thank you wcs2228. I think that’s the right answer, I just haven’t been able to get it to work. I know that my path to the GL-AR150 is IPV6 compatible because if I can browse to its address, although it opens in LuCI, not the GUI. I can also tracert to it. However, when I tracert to the address behind its firewall it dies at the address just before the GL-AR150 with a “Destination host unreachable.” My traffic rule is pretty generic with everything allowed to the IPV6 destination address and port with the action of Accept. The IPV6 address is valid and works on the LAN in web browser. On the GL-AR150, I’ve tried NAT6 and Native for IPV6 mode.

kkl · May 17, 2022, 6:50pm

Just got it working using one of the temporary IPV6 addresses so it might just be a matter of figuring out which of the dozen addresses is routable and stable. Thanks wcs2228.

kkl · May 18, 2022, 2:40am

There seems to be a problem in that the only IPv6 address works is a temporary one that is in the list of choices for “Destination address” in the firewall traffic rules. The permanent address isn’t in the list and if I add it manually, routing to it doesn’t work.

ICAKaBLO · August 8, 2022, 4:30pm

I guess, in the Web interface of your GL.iNet, you are using not the LAN mode ‘Native’ but ‘NAT6’. And I guess, ‘Native’ did not work for you at all. This is because …