Portforwarding with IPV6

[Cor]

Hello ,

I used to have setup a portforwarding in this router with IPV4 , which worked fine. The provider gave a new modem and the only option I have is to do portforwarding with IPV6 , but I can not get it to work. Anyone has an idea what could be wrong?



And after saving it looks like this:

The IPV6 adress I get from the blue iris computer by a command prompt >ipconfig and :


But checking with canyouseeme.org , it isn't working.


Anyone has an idea what I am doing wrong?
(Blue iris is setup for port 84)

Thanks.

 

[bslow47]

First let me be clear that I am not a expert. I had similar situation and finally figured it out that I had a incorrect IP address entered. It was my LAN that had changed. The more knowledgeable people on this board
informed me that it would be better to go VPN which I am looking in to and also think its a good thing to do.

 

[Cor]

@bslow47 , my own house I recently changed from portforwarding to wireguard which was easy.
This other setup is not mine and no money to be spend on a new computer or extra hardware. I even tried to setup zero-tier , but it doesn't like windows7.





I am new with IPV6 as well, the IPV6 number which I get with IPconfig on the blue iris computer is setup in the modem , as shown on the screenshot above. I have double checked that it is the same.

Any other suggetions?

Thanks.

 

[bslow47]

I found this If it helps

To configure external access for IPv6, you do not use port forwarding because Network Address Translation (NAT) is not necessary. In IPv6, every device can have its own public IP address, so there is no need for a router to translate a single public IP to many internal, private IPs. Instead, you must create an inbound firewall rule on your router to allow traffic to pass through to a specific device and port.

The steps and interface for creating firewall rules will differ depending on your router's manufacturer. The following is a general guide:

1. Find your device's IPv6 address
You will need the IPv6 address of the device you want to expose to the internet.

• On Windows, open Command Prompt and run ipconfig. Look for the "IPv6 Address" associated with your network adapter.
• On macOS, go to System Settings > Network, select your connection, click "Details," and then go to the "TCP/IP" tab.
• On Linux, open a terminal and run ip -6 address or ifconfig.

For a server-like device, it is recommended to configure a static IPv6 address to ensure it does not change. If your ISP assigns a dynamic prefix, you may need to use a Dynamic DNS (DDNS) service to keep a domain name pointed to your server.

2. Access your router's administration page

• Open a web browser and enter your router's local IP address (e.g., 192.168.1.1). You can find this address in your device's network settings or manual.
• Log in with your administrator username and password.

3. Create a new IPv6 firewall rule

• Navigate to your router's firewall or security settings, and find the "IPv6 Firewall Rules" or "Inbound Firewall" section.
• Create a new rule with the following settings:
  • Action: Set the action to "Allow" or "Accept".
  • Source Zone: Select "WAN" (or "Internet") to allow external access.
  • Source IP/CIDR (optional): Leave this blank to allow connections from any remote IP address. You can also specify an IP address or range to restrict access.
  • Destination Zone: Select "LAN".
  • Destination IP: Enter the static IPv6 address of your device that you found in Step 1.
  • Destination Port Range: Enter the port or port range you want to open (e.g., 80 for HTTP, 443 for HTTPS).
  • Protocol: Select the protocol, such as TCP, UDP, or TCP/UDP.
• Save and apply the new rule.

4. Test the connection
After saving the rule, test the port to confirm it is open:

• From an external network: Use an IPv6 port scanner website. These tools can check if a specific port is accessible from the internet.
• From an internal network: Test the connection locally to confirm the service on your device is running correctly.

Important security considerations
Since your device will have a publicly routable IPv6 address, it is more directly exposed to the internet. While a router's firewall provides some protection, you should also:

• Enable a host-based firewall on the device itself (e.g., Windows Firewall, iptables).
• Limit access by only opening ports required for specific services.
• Keep your system and applications up-to-date with the latest security patches.

 

[danweber1]

Ah, port forwarding, just dont. You are way better off using a client based VPN for remote access than with the added risk of port forwarding.

 

[bp2008]

In Blue Iris web server settings, make sure the "Bind exclusively" checkbox is NOT CHECKED.

Make sure the Windows Firewall settings allow the connection. I like to go into Windows Defender Firewall > Advanced settings > Inbound Rules, and manually create a rule that allows TCP traffic on the Blue Iris webserver port number, for all network types (public, private, domain). This helps prevent you from losing remote access when Windows decides to spontaneously change your network to public.

Some other tips:

• Some IPv6 addresses are dynamic (and change periodically). If your router supports DHCPv6 (DHCP for IPv6) then use that and set a reserved address for your Blue Iris machine, and use that.
• IPv6 addresses beginning with fe80 are private LAN IPs, not routed to the internet, so don't use that.
• When you build a URL with an ipv6 address, you need to wrap the IPv6 address in square brackets. This is necessary because IPv6 address segments are separated by colon characters and they needed a way to differentiate between the address and the port number, which is also separated by colon. EXAMPLE: `http://[2001:0001:0002:1b3::1]:84/

 

[bp2008]

Also the devices on both ends need to support IPv6 otherwise you won't be able to connect with it.

Test your IPv6.

This will test your browser and connection for IPv6 readiness, as well as show you your current IPv4 and IPv6 address.

test-ipv6.com