NPt Why can I not open ports?

Bob.Dig

I am using NPt with private IP-space and a tunnel from HE with SMTP permitted. If I open a port to my email server, it is unreachable. What am I missing?
Tunnelinterface:

Outbound it is working fine.

Bob.Dig

Any help with this would be appreciated.

Gertjan

@bob-dig

I've been using the IPv6 from tunnel.he.net myself for years.
I was using a "port 22 TCP" firewall rule on the HENETv6 interface (not the classic IPv4 only WAN interface) so my dedicated servers could rsync to my NASn, living on one of my LAN's, using IPv6.

I used the IPv6 rsync as a silly reason the mystify this TCP SSH access. My firewall rule was of course 'source' (IPv6s of dedicated servers) limited.

Hosting a port 25 (IPv6) service @home : I'm to old for that ;) That's why I have these dedicated servers (OVH).

Try if you can open a port '22' over IPv6 to one of your devices, as I know that works.

Bob.Dig

@gertjan I had run it before for some time, then stopped using it. Now I want to use it again, but it is not working, most probably related to NPt!

JKnott

@bob-dig

Why are you using NPT, if you have he.net? You have a gazillion addresses to use for the server. Of course, you can still use private addresses, in addition to the global addresses.

Bob.Dig

@jknott The question is why NPt is not working for incoming connections.

Bob.Dig

Found something, it is related to which rule is on top. So sadly it is only working for one of my LAN interfaces, here it is :181::

I thought I had read that you can do "everything" with just one /64 but that isn't the case for me.

Bob.Dig

Thinking about it, it makes sense, that it is only working for the first entry because no router will make many connections from one.
So to get this working better it would need a dialog like for port forwarding where the router can be instructed what to do for what port.