Hello! Unfortunately, I still haven't found the right configuration. Is it possible to configure redirects to achieve the same result as ip6tables directly on the Luci interface (in the Traffic Rules section, for example)? Another question: I have a static lease for my machine defined in IPV4 and IPV6 (with the suffix 23). Is it the IPV6 address indicated in the Active DHCPv6 Leases list that I need to use for redirection, or is it still the fdxx: address of the machine?
Luci also does not currently support IPv6 Port Forwarding.
I believe these two should be the same. 
Basically, it is recommended to use fd05:e25:8607::200.
Because once configured as a static DHCP lease, it remains unchanged.
Hello,
I'll try to start from the beginning because I've noticed several problems.
Despite declaring a static IP for my machine in IPV6 with a suffix (I chose 23), it does not have the IP address defined by the static lease but another one. However, on the machine, the IPV6 in fdxxx: format is consistent with what is indicated in the GLinet administration interface of the router. Furthermore, I think it is dynamic, since after a certain amount of time it has 4/5 IPV6 addresses again. This is the first problem for which I have no solution.
Secondly, I realize with online tools that no ports on my public IPV6 are open. Does the procedure you indicated at the very beginning of the thread have a dual role of opening and transferring ports, or is there also a problem at this level?
In parallel with this message, I will post a message to the Yunohost community to find someone who has successfully configured their instance with my router, as we never know if such a configuration exists among users.
I look forward to hearing from you and wish you a great day.
Yes, it will open and forward.
If possible, please share your device with us via GoodCloud so we can directly perform a remote check and see if we can configure the appropriate rules for you.
Technical Support via GoodCloud - GL.iNet Router Docs 4
Afterward, please send us the device’s MAC address and WebUI login password via private message so we can perform a remote check.
Hello,
Thank you for your suggestion, but I'm not really comfortable with the idea of sharing access to my router... I continued my investigations on a new machine where I was able to resolve the random MAC address issues, so the static lease configuration is working. However, when I perform port forwarding in IPV6 via the ip6tables command, my machine hosting Yunohost loses its WAN IPV6 address. It still has a local IPV6 address, and checking with the appropriate tools tells me that the IPV6 connection is still working. Have you ever encountered this type of problem?
Two questions: is it possible to configure the ports via the CLI by editing the /etc/config/firewall file rather than using the ip6tables command? Perhaps this would make any errors during creation more visible and easier to interpret?
Is it possible to find the firewall logs to try to find what is missing between the request entry from the WAN to the Yunohost machine?
Also, I don't know if I already mentioned this, but I am in NAT6 mode LAN for IPV6.
Typically, Linux devices obtain multiple IPv6 addresses, and it is normal for only a few of them to change.
You may just continue using the address assigned by the static lease if it is still available.
As mentioned earlier, the MTK SDK does not appear to support IPv6 port forwarding in Luci. Therefore, the uci and /etc/config methods are also unavailable.
However, if you wish to use Luci to configure IPv6 port forwarding, you could try using the open-source version 4.8.3-op24 instead.
DL Link: GL.iNet download center
Upgrade guide: Upgrade - GL.iNet Router Docs 4
You can enable trace logging for iptables using the following command.
opkg update && opkg install kmod-ipt-debug
ip6tables -t nat -A POSTROUTING -m limit --limit 5000/minute -j LOG --log-level 7 --log-prefix "nat post: "
logread -f
Note: There may be a massive amount of output.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.