[TriLUG] OpenWRT, IPv6 and Firewall

Igor Partola igor at igorpartola.com
Sun Feb 2 23:55:46 EST 2014


Brian,

I believe this is what you are looking for. At least this form works for me
for OpenVPN and a few other services.

config rule
option target 'ACCEPT'
option src 'wan'
option dest 'lan'
option name 'Mail-v6-tcp'
option family 'ipv6'
option proto 'tcp'
option dest_port '25'
option dest_ip '2001:470:xxxx:xxxx::133'

(I am sure there is some way to specify both TCP and UDP in one rule by
either listing both as the value for "proto" or by omitting that line, but
you can always break up both. Sorry, it's too late for me too look it up in
the docs.)

Note that here you do not need to target DNAT since you are not doing any
address translation. You are simply allowing packets to reach your dest_ip.
That's the whole beauty of IPv6: every device on any network gets a
globally unique address.

Hope that resolves the issue for you.

Igor


More information about the TriLUG mailing list