Host Specific IPV6 Rules

robertn · Jul 1, 2014, 6:14 PM

I have IPV6 set up and working, my ISP is Comcast and I'm using DHCP6 to get the WAN address and Track Interface WAN on the LAN interface.

How do I create rules to allow traffic on some ports to reach LAN hosts? I haven't found any way to make the IPV6 address assigned be deterministic.

Cino · Jul 1, 2014, 6:43 PM

@robertn:

I haven't found any way to make the IPV6 address assigned be deterministic.

There is a way using DHCPv6 if you already know your PD addresses but may cause issues down the road if your ISP changes your PD range.

I haven't try in a while but add rules to your LAN interface, nothing is needed is on your WAN interface if i remember correctly.
try something like this:

src - any
dst - ipv6 of your host
dst port - 80

robertn · Jul 1, 2014, 7:10 PM

I know I can do this, but I'm looking for something that works properly even if a different prefix is assigned by the ISP.

Cino · Jul 1, 2014, 7:26 PM

There isn't anyway to configure it via the gui the I know of.

razzfazz · Jul 14, 2014, 1:56 AM

Can you just put them on different LANs or VLANs? Comcast will give you up to 16 /64 prefixes, so you could just put the "open" hosts in one (basically, a DMZ) and the locked down ones in another.