Description: This document describes how to set up IPv6 firewall rules in a LANCOM router in order to access a device on the LAN over the Internet (WAN) that has a static IPv6 address.
Requirements: - Functional IPv6 Internet connection, as well as functional IPv6 in the LAN.
Scenario: - A Web server (HTTPS) on port 443 in the LAN with the fixed IPv6 address 2001:db8::1.
- Since there is no NAT for IPv6, devices receive a globally unique address, only the firewall access needs to be configured.
- The corresponding IPv6 firewall entry replaces the known port forwarding entry from IPv4.
Procedure: 1. Open the configuration of the LANCOM router and change to the menu
Firewall/QoS -> IPv6 Rules -> Station objects.
2. Create a new entry with
Add.
- Assign a descriptive name for the new station object.
- Select the type IP address.
- In the Address field, enter the static LAN IPv6 address of the web server (here 2001:db8::1).
3.
Optionally, you can create
another station object for your IPv6 Internet connection. 4. Open the
Firewall/QoS -> IPv6 Rules -> IPv6 forwarding rules dialog.
5. Create a new entry with
Add.
- Assign a descriptive name for the new forwarding rule.
- Select the action ACCEPT.
- As a service, you need to set HTTPS.
- For the source station, select the station object created in step 3 for your IPv6 Internet connection. If you did not create this optional object, you can alternatively select the ANYHOST setting.
- As the target station, select the station object created in step 2 for your local web server.
6. Write the configuration back to the LANCOM router. The configuration steps are completed.