1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IPv6 and tomato-behind-a-router

Discussion in 'Tomato Firmware' started by ruggerof, Jan 4, 2018.

  1. ruggerof

    ruggerof Network Guru Member

    First of all I have no practical experience with IPv6 but as I have to change ISP by the end of this month, I was given by the new ISP the choice of having a fixed /64 IPv6 or to monthly pay for a fixed IPv4 so I am trying to decide.


    I read this post http://www.linksysinfo.org/index.ph...om-router-works-ping-from-lan-does-not.72347/ that helped me to understand in theory how IPv6 works and the differences in NAT.


    As @Jacky444 in the aforementioned post, I also use NGINX as a reverse proxy to access from the public internet several clients of my LAN or services running on my server, in fact to make things a little bit more complicated I run a TUN OpenVPN server at port 443 that redirects non OpenVPN packets to NGINX. I also use CloudFlare for a trusted https access whenever needed.


    A few questions to the IPv6 & Tomato experts.


    In my specific case I have to run the Tomato router behind another router (a Fritzbox 7360). For the ones who don’t know, the Fritzbox is a xDSL modem, router, DECT base, VoIP and WLAN combo. Its xDSL modem, DECT base and VoIP are good but all the rest is a piece of junk, that is the reason for me to run an AC68U with Tomato in Double NAT. How would IPv6 run in this situation (tomato router behind a router)? Can DHCP be handled by Tomato only or I have to NAT the IPv6?


    Does the access restrictions of Tomato work with IPv6 as it does with private IPv4?
     
  2. Sean B.

    Sean B. LI Guru Member

    Unless the Fritzbox can be configured to transparently bridge IPv6, and only IPv6 ( as transparently bridging IPv4 would nullify any reasons for having it there other than being a modem in your case ) you won't be able to have the Tomato router manage IPv6 for your network. As with IPv4, ISP's will only lease/delegate an IPv6 address and/or address block to one MAC address. And unless transparently bridged, that will be the Fritzbox. Unlike with IPv4 where you can double-nat.. IPv6 doesn't work that way sense all the addresses are global. IE: you can't make fake ( local only ) networks with them.
     
    Last edited: Jan 5, 2018
  3. ruggerof

    ruggerof Network Guru Member

    Thanks for the answer @Sean B.

    I forgot to mention that the (crappy) Fritzbox does not accept bridge mode that is another reason for me to be stuck with a double NAT setup.

    Meanwhile I had my problem solved. After some technical discussion with my new ISP, they will provide me (for free :D) a dual-stack with a fixed public IPv4 and a fixed IPv6 /64 block.
     
    Sean B. likes this.

Share This Page