DMZ und IPv6

    • Hello everyone,

    I have recently been using the Internet Box (V2).

    Now I have a question about [Expert Settings, Network, DMZ]:

    Almost as a preliminary question:

    If I later connect a device to the router that can have an IPv6 address - will this device then get a dynamic (temporary) IPv6 address via 6rd (later possibly native) (the same as the public one on the router) or become one non-routable local subnet address assigned?

    And can I make such a device accessible directly from the extranet (Internet) by activating DMZ?

    Or is DMZ irrelevant for IPv6 because it is visible/accessible from the Internet (no NAT) anyway (with the appropriate IPv6 firewall setting?

    Unfortunately, I can’t test it myself because I don’t have such a device (yet). Nevertheless, I would be very interested in this question!

    According to the Swisscom hotline, it should work the same way as with IPv4. Despite asking the supporter whether he was completely sure - which he said yes, I was still not convinced - because he seemed somehow unsure during the conversation. If he’s reading this and I’m wrong about my feeling, SORRY!

    It may also be that I still don’t understand something. IPv6 is not an easy thing with all the technologies like native, tunneling/transition mechanisms like 6rd, Teredo, 6to4 or ISATAP and so on…

    Please help and thank you in advance for any answers!

    Have a good and lovely weekend!

    Alpine old man

    Show original language (German)

    • @Alpengreis wrote:

      Hello everyone,

      I have recently been using the Internet Box (V2).

      Now I have a question about [Expert Settings, Network, DMZ]:

      Almost as a preliminary question:

      If I later connect a device to the router that can have an IPv6 address - this device will then receive a dynamic (temporary) IPv6 address via 6rd (possibly native later) (the same as the public one on the router). assigned a non-routable local subnet address?

      This device will receive a dynamic, temporary IPv6 address. This is derived from the 6th prefix of the router, which is not that important in the LAN. This address is globally routable and is a full, “public” IPv6.

      A little more technical: The Internet box calculates an IPv6 prefix for the LAN from the IPv4 assigned via DHCP and the 6th parameters. Router advertisements are then sent to all network participants in the segment on the LAN interface (so-called broadcast), from which each connected device can choose a globally routable IPv6.

      The IPv6 addresses remain valid as long as the public IPv4 of the Internet box is the same (i.e. with a bit of luck it can stay the same for months).

      And can I make such a device accessible directly from the extranet (Internet) by activating DMZ?

      Yes, but in relation to IPv6 not because of the DMZ function. This refers exclusively to IPv4.

      Or is DMZ irrelevant for IPv6 because it is visible/accessible from the Internet (no NAT) anyway (with the appropriate IPv6 firewall setting?

      That’s exactly how it is.

      Unfortunately I can’t test it myself because I don’t have such a device (yet). Nevertheless, I would be very interested in this question!

      Ahem… you wrote above that you have recently started using IBv2?

      […]

      It may also be that I still don’t understand something. IPv6 is not an easy thing with all the technologies like native, tunneling/transition mechanisms like 6rd, Teredo, 6to4 or ISATAP and so on…

      Well, there is actually a whole bunch of new technology related to IPv6. Unfortunately, most of this is to get the old IPv4 wine into the new IPv6 hoses. Instead of just using native IPv6 right from the start.

      I also don’t find the whole 6th hack particularly elegant. But at least the IPv6 function of the Swisscom routers has made the thing really suitable for DAU. Not least because of this, Switzerland has become an IPv6 pioneering country.

    You get IpPv6 natively.
    Is a simple session drop machine.
    Max. all sessions out ok. Building from outside is not possible.
    Can you test pinging the machine from the outside, e.g. But even with the barn door open, have fun with simple port scanning with 2128 possibilities… Our entire universe has between 266 and 280 atoms. Just as a big indication.

    Show original language (German)
    17 days later

    @Alpengreis wrote:

    Hello everyone,

    I have recently been using the Internet Box (V2).

    Now I have a question about [Expert Settings, Network, DMZ]:

    Almost as a preliminary question:

    If I later connect a device to the router that can have an IPv6 address - this device will then receive a dynamic (temporary) IPv6 address via 6rd (possibly native later) (the same as the public one on the router). assigned a non-routable local subnet address?

    This device will receive a dynamic, temporary IPv6 address. This is derived from the 6th prefix of the router, which is not that important in the LAN. This address is globally routable and is a full, “public” IPv6.

    A little more technical: The Internet box calculates an IPv6 prefix for the LAN from the IPv4 assigned via DHCP and the 6th parameters. Router advertisements are then sent to all network participants in the segment on the LAN interface (so-called broadcast), from which each connected device can choose a globally routable IPv6.

    The IPv6 addresses remain valid as long as the public IPv4 of the Internet box is the same (i.e. with a bit of luck it can stay the same for months).

    And can I make such a device accessible directly from the extranet (Internet) by activating DMZ?

    Yes, but in relation to IPv6 not because of the DMZ function. This refers exclusively to IPv4.

    Or is DMZ irrelevant for IPv6 because it is visible/accessible from the Internet (no NAT) anyway (with the appropriate IPv6 firewall setting?

    That’s exactly how it is.

    Unfortunately I can’t test it myself because I don’t have such a device (yet). Nevertheless, I would be very interested in this question!

    Ahem… you wrote above that you have recently started using IBv2?

    […]

    It may also be that I still don’t understand something. IPv6 is not an easy thing with all the technologies like native, tunneling/transition mechanisms like 6rd, Teredo, 6to4 or ISATAP and so on…

    Well, there is actually a whole bunch of new technology related to IPv6. Unfortunately, most of this is to get the old IPv4 wine into the new IPv6 hoses. Instead of just using native IPv6 right from the start.

    I also don’t find the whole 6th hack particularly elegant. But at least the IPv6 function of the Swisscom routers has made the thing really suitable for DAU. Not least because of this, Switzerland has become an IPv6 pioneering country.

    Show original language (German)

    Have you tried turning it off and on again?

    @PowerMac wrote:

    @Alpengreis wrote:

    Hello everyone,

    I have recently been using the Internet Box (V2).

    Now I have a question about [Expert Settings, Network, DMZ]:

    Almost as a preliminary question:

    If I later connect a device to the router that can have an IPv6 address - will this device then get a dynamic (temporary) IPv6 address via 6rd (possibly native later) (the same as the public one on the router) or is a non-routable local subnet address allocated?

    This device will receive a dynamic, temporary IPv6 address. This is derived from the 6th prefix of the router, which is not that important in the LAN. This address is globally routable and is a full, “public” IPv6.

    A little more technical: The Internet box calculates an IPv6 prefix for the LAN from the IPv4 assigned via DHCP and the 6th parameters. Router advertisements are then sent to all network participants in the segment on the LAN interface (so-called broadcast), from which each connected device can choose a globally routable IPv6.

    The IPv6 addresses remain valid as long as the public IPv4 of the Internet box is the same (i.e. with a bit of luck it can stay the same for months).

    Thanks for the detailed explanation!

    And can I make such a device accessible directly from the extranet (Internet) by activating DMZ?

    Yes, but in relation to IPv6 not because of the DMZ function. This refers exclusively to IPv4.

    That’s exactly what I wanted to know - the hotline told me that this also applies to IPv6 (“otherwise they would hardly install such a function at this point if it didn’t also apply to IPv6” or something like that Expression)!

    Unfortunately I can’t test it myself because I don’t have such a device (yet). Nevertheless, I would be very interested in this question!

    Ahem… you wrote above that you have recently started using IBv2?

    What I meant here is that I don’t yet have an IPv6-capable device that I could test for accessibility from the Internet behind the router.

    In any case, thank you very much for your contribution - it really helped me!

    Wish you a good time!

    Kind regards

    Alpine old man

    Show original language (German)