Community discussions

MikroTik App
 
EileK
just joined
Topic Author
Posts: 10
Joined: Sun Jun 27, 2021 7:24 pm

Setting up secure IPv6 and port forwarding?

Fri Nov 19, 2021 7:47 pm

Hi,
I run numerous servers on my home network and I have native IPv6 access from my ISP, so I was wondering how I would go about setting up IPv6. I cannot understand how it works at all (what prefixes are, etc) so I was wondering how one would not only set it up, but secure it and port forward. As I understand it IPv6 NAT's are not a thing, at least in ROS, so how would one port forward? Thanks for any help!
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: Setting up secure IPv6 and port forwarding?

Fri Nov 19, 2021 8:51 pm

Basic idea is to have globally-routable addresses on all LAN hosts. Ideally ISPs would hand out a few /64 prefixes (in a block, so handing out a /60 oor /56 prefix to one ISP client) and router receiving such prefix can then use one prefix per LAN.
When it comes to traffic, router in IPv6 simply routes traffic between interfaces, it doesn't do any NAT (neither src-nat nor dst-nat). Which means it is not possible to alter port used by service.
It is extremely important to have decent IPv6 firewall configured (in IPv4 NAT does function as a sort of firewall, not a very good one though). Beware that if one installs ipv6 package to an already configured ROSv6 device, default ipv6 config is not applied. One pissible way out is to export (not backup) running config, reset router to defaults and re-implement previous settings (possibly in different way, adhearing to MT's defaults which evolved with time and setup based on ancient defaults might be unoptimal).

Who is online

Users browsing this forum: aarntesla, gigabyte091, phascogale and 51 guests