How can I make Host on LAN1 reachable via internet with IPv6-PD

NETWORKING SOLUTIONS
1

Hi,

I have a RUTC50 Router (Firmware RUTC_R_00.07.14). From my SIM Provider in Germany (1&1 Versatel) my router gets a private IPv4 and a public IPv6 with IPv6-PD (Prefix Delegation) configuration.

IPv4
10.199.14.94/32 (private network)

IPv6
2a..:f..:ee..:89..:3cff:3e4a:b575:9078/128 (public network - masked with ..)

IPv6-PD
2a..:f..:ee..:89..::/64 (public network - masked with ..)

My Host on LAN1 connected to the RUTC50 is getting from DHCP, a private IPv4: 192.168.1.100 and a IPv6 coming from the delegated IPv6 Prefix: 2a..:f..:ee..:89..:dd52:536f:bd70:594d

I have also configured dynamic DNS via Cloudflare which will updated the IPv6 of the RUTC50 with its public IPV6 AAAA DNS record. This is working flawlessly.

Question I have now:

  1. How can I publish or access my HOST connected on LAN1 without using VPN via the internet IPv6 address?
  2. Is this possible by using the public IPv6 of the Router with forwarding or by using the delegated IPv6 directly of my LAN Device behind the Router?
  3. Are Firewall Rules WAN → LAN enough to achieve this?

Goal: My intention is to reach the LAN1 Device with its configured High Port like TCP/UDP 9200 from the internet with the IPv6 address.

2

Hello,
To access your LAN1 device over IPv6 without a VPN, you can use its globally assigned IPv6 address from the delegated prefix. Ensure your router’s firewall allows incoming traffic on TCP/UDP 9200 from the WAN. Unlike IPv4, no NAT or port forwarding is needed—just proper firewall rules. Test connectivity using an external IPv6-enabled device.

Hope this helps!

Best regards,
Laura
e-ztag.org

3

Thanks Laura,

Ok you mean I need only a Firewall Rule WAN → LAN with IPv6-PD destination Address of the LAN1 Device?

LAN1 with IPv6 from IPv6-PD
LAN1 with IPv6 from IPv6-PD1729×685 65 KB

With the rules beneath it worked, but how can I automatically update the IPv6 when the address has changed?
BTW: My DDNS Cloudflare has the changed AAAA record. Is there a support for DNS/Name Traffic Rules in the RUTC50 ?

Traffic-Rule
Traffic-Rule1768×420 31.7 KB

Can I use custom_rules or some kind of automation, to amend the forward rule with the changed IPv6 from my DDNS provider?

My Solution is for now changing the ha-gcs-forward WAN → LAN rule to any IPv6, instead of the specific one which will be updated regularly from my mobile provider.

4

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.