Description:

This document describes how to set up IPv6 firewall rules in a LANCOM router in order to access a device on the LAN over the Internet (WAN) that has a static IPv6 address.



Requirements:
  • Functional IPv6 Internet connection, as well as functional IPv6 in the LAN.



Scenario:
  • A Web server (HTTPS) on port 443 in the LAN with the fixed IPv6 address 2001:db8::1.
  • Since there is no NAT for IPv6, devices receive a globally unique address, only the firewall access needs to be configured.
  • The corresponding IPv6 firewall entry replaces the known port forwarding entry from IPv4.




Procedure:

1. Open the configuration of the LANCOM router and change to the menu Firewall/QoS -> IPv6 Rules -> Station objects.

2. Create a new entry with Add.
  • Assign a descriptive name for the new station object.
  • Select the type IP address.
  • In the Address field, enter the static LAN IPv6 address of the web server (here 2001:db8::1).



3. Optionally, you can create another station object for your IPv6 Internet connection.



4. Open the Firewall/QoS -> IPv6 Rules -> IPv6 forwarding rules dialog.

5. Create a new entry with Add.
  • Assign a descriptive name for the new forwarding rule.
  • Select the action ACCEPT.
  • As a service, you need to set HTTPS.
  • For the source station, select the station object created in step 3 for your IPv6 Internet connection. If you did not create this optional object, you can alternatively select the ANYHOST setting.
  • As the target station, select the station object created in step 2 for your local web server.



6. Write the configuration back to the LANCOM router. The configuration steps are completed.