Hey fellow self-hosting lemmoids
Disclaimer: not at all a network specialist
I’m currently setting up a new home server in a network where I’m given GUA IPv6 addresses in a 64 bit subnet (which means, if I understand correctly, that I can set up many devices in my network that are accessible via a fixed IP to the oustide world). Everything works so far, my services are reachable.
Now my problem is, that I need to use the router provided by my ISP, and it’s - big surprise here - crap. The biggest concern for me is that I don’t have fine-grained control over firewall rules. I can only open ports in groups (e.g. “Web”, “All other ports”) and I can only do this network-wide and not for specific IPs.
I’m thinking about getting a second router with a better IPv6 firewall and only use the ISP router as a “modem”. Now I’m not sure how things would play out regarding my GUA addresses. Could a potential second router also assign addresses to devices in that globally routable space directly? Or would I need some sort of NAT? I’ve seen some modern routers with the capability of “pass-through” IPv6 address allocation, but I’m unsure if the firewall of the router would still work in such a configuration.
In IPv4 I used to have a similar setup, where router 1 would just forward all packets for some ports to router 2, which then would decide which device should receive them.
Has any of you experience with a similar setup? And if so, could you even recommend a router?
Many thanks!
Edit: I was able to achieve what I wanted by using OpenWrt and their IPv6 relay mode. Now my ISP router handles all IPv6 addresses directly, but I’m still able to filter the packets using the OpenWrt firewall. For IPv4 I didn’t figure out how to, at the same time, use the ISP’s DHCP server, so I just went with double NAT. Everything works like a charm. Thank you guys for pointing me in the right direction.
Depends on the version you’re running.
https://forgejo.org/docs/latest/admin/upgrade/from-gitea/