Description:

This document describes how to set up IPv6 firewall rules on a LANCOM router in order to provide access from the Internet (WAN) to a device in a LAN with a dynamic IPv6 prefix.


Requirements:

  • LANtools as of version 10.20 (download)
  • LCOS as of version 10.20 (download)
  • Working IPv6 Internet connection and working IPv6 in the LAN.


Scenario:

  • The local network features a web server (HTTPS) operating on port 443 with an IPv6 interface identifier 20c:29ff:fe12:e519 as derived from the MAC address. With the prefix 2001:db8::/64, the server then forms the address 2001:db8::20c:29ff:fe12:e519.
  • Since IPv6 does not use NAT, devices receive an IPv6 address that is globally unique. All that needs to be configured is firewall access.
  • The corresponding IPv6 firewall entry replaces the IPv4 port forwarding entry.


Procedure:

1) In LANconfig, open the configuration dialog for the LANCOM router and switch to the menu item Firewall/QoS → IPv6 Rules → Station objects.

2) Create a new entry with Add.

  • Give the new station object a descriptive name.
  • Select the type Host identifier.
  • In the Address field, enter the interface identifier of the web server (including two leading colons, i.e. ::20c:29ff:fe12:e519).
  • Under Network name, enter the name of the local network where the web server is located.

3) Navigate to the menu Firewall/QoS → IPv6 Rules → IPv6 forwarding rules.

4) Create a new entry with Add.

  • Enter a name for the new rule.
  • Set the action to ACCEPT.
  • Set the service to HTTPS.
  • Set the field Source stations to the option ANYHOST
  • The Target stations option has to be set to the station object WEBSERVER.

5) Write the configuration back to the LANCOM router.

6) Then configure the device as described in the article Assigning IPv6 addresses via DHCPv6 server on the local network.