Feature request: IPv6 PD to downstream router
Hi all,
I'm not sure how much call there is for such a feature, but in my case, it would be really useful.
My main goal is to use my FWP in router mode, BUT I'm stuck with my ISP router because it has a built-in VoIP ATA for our landline phone.
I have proven that I can use an OpenWrt router (which offers downstream IPv6 PD) with my ISP router behind it, successfully providing our phone line. My ISP router simply requires an IPv4 address (with a specific DHCP option 43) and an IPv6 PD from the upstream router.
My current setup is:
Modem -> OpenWrt router (port 2) -> FWP (bridge mode) -> Switches, Omada EAPs etc.
(port 5) -> ISP router
I believe I could also swap out the OpenWrt router for pfsense, opnsense etc. as they also offer an IPv6 PD server.
The above all works fine, but ideally, I would like my FWP to be connected directly to the Modem and be in router mode (my FWP works fine in router mode, but I lose my phone line).
I understand that several ISPs operate in a similar way (I'm with Sky in the UK). The UK landline phone network is progressively moving over to VoIP as fiber is rolled-out.
Many thanks,
Dean
-
Thanks for coming back. I agree, the effort might outweigh the benefits if there isn’t much call for it.
Sadly, my ISP router requires the prefix delegation before it will download the SIP configuration and connect to the VoIP servers (using IPv6). I believe it then uses IPv6 ICMP messages as some type of keep-alive.
My ISP delegates me a /56 and I am then delegating a /60 to the ISP router.
My ISP router doesn’t support VLANs, SQM etc., so whilst my FWP works great in bridge mode, I was hoping to use the more advanced features in router mode (I’m now using OpenWrt for VLANs and SQM).
I have thought about running the FWP as my router and then using the OpenWrt router downstream as an IPv6 PD server (manually configuring the PD addresses from the prefix assigned to my FWP). I think this would work, but it would require me to manually adjust the configuration each time my prefix changed - and I’m not sure how I’d set up the IPv6 static route on my FWP.
Anyway - thanks for looking at it. I was so pleased to finally get this setup working. I just thought I’d send a request in case this was something that was a regularly requested feature, but I don’t want to waste your time if it’s not.
Thanks again for a great product.
-
Thanks for the info. You may try out this setup.
Modem -> OpenWrt Router -> FWP (router mode) -> Switches, Omada EAPs etc.
-> ISP router -> VoIPYou may login OpenWrt Router, and put FWP in DMZ. This way, all inbound connections will by default go to FWP, so that you don't have to setup port forwarding manually. (Example VPN to home from mobile phone)
-
Quick couple of queries.
As suggested, I put the FWP (in router mode) into the DMZ on my OpenWrt router (basically forwarded all ports to my FWP).
This works as expected, but I then have Double NAT.
To get around this, I tried doing the following:
- disable SNAT on my FWP
- create a static route on OpenWrt to forward traffic addressed to 10.12.0.0/24 (FWP network) to 192.168.0.210 (IP address of FWP on OpenWrt network)
This doesn't work though - I lose internet access on my FWP network, and also can't access the OpenWrt router any more (192.168.0.1). Am I missing something obvious, or am I perhaps misunderstanding how the SNAT setting works?
Thanks again.
-
Handling double NAT for Xbox is a little complicated. The main challenge is how to open port on both routers.
- Usually if the second router is put in DMZ of the first router, the port on public IP should be forwarded to the exact same port on the second router. And when Xbox uses UPnP to open port on the second router, the same port on the first router should be able to reach Xbox.
- And in this case, UPnP will report back to Xbox that "external IP is a private IP", since the WAN port of the second router is a private IP. It really depends on how Xbox handles this reply message. It may discard the UPnP packet if the "external IP is a private IP". If this is the case, Xbox won't be able to open the port successfully.
- The best option is always manually set up port forwarding on Firewalla, and do not rely on UPnP.
Disable SNAT may not work, because OpenWrt router needs to enable NAT for Firewalla networks, otherwise no internet access. Even if this works, the port mapping issue still exists: how to tell the Openwrt to open port for Xbox. The UPnP request is only valid with the same broadcast network, can't reach the upper network. So OpenWrt won't be able to receive UPnP requests from Xbox.
Thanks,
Please sign in to leave a comment.
Comments
8 comments