How to make IPv6 work more like IPv4 NAT on the Huawei DN8245X6-10

✨ Quic broadband | Apple TV | Samsung | AliExpress | Wise | Sharesies

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › One NZ (including Farmside) › How to make IPv6 work more like IPv4 NAT on the Huawei DN8245X6-10

sleemanj

1514 posts

Uber Geek
+1 received by user: 315

#311274 1-Jan-2024 15:59

Send private message

I don't know a whole lot about IPv6.

I was somewhat surprised to find that if I access my current IPv6 address (reported by www.whatismyip.com ) over HTTP from a remote server, it indeed connects directly to my (ethernet connected) workstation behind the One supplied Huawei DN8245X6-10 router and pulls up my local Apache server without any issue.

I do not recall doing anything to explicitly allow this on the router, so I guess it's the default way it works. I don't remember the old Ultrahub behaving that way, but maybe I just never knew.

I had naievly assumed all this time that the IPv6 DHCP would assign a private range IP6 address and NAT it much like IPv4. I would generally rather not allow arbitrary connections from the outside world to machines behind the router, but equally I would still like to use IPv6 to connect outbound, so I don't just want to disable IPv6 entirely.

Also I'd ideally like to have a more stable IPv6 address (or at least some specifically known prefix) presented to those outbound connections, the current one changes quite frequently (more frequently than the IPv4 external address) so for example setting an AWS Security Group rule to permit an inbound connection from only "my" ip requires frequent attention.

Current "DHCPv6 Server" settings from the Huawei below...

---
James Sleeman
I sell lots of stuff for electronic enthusiasts...

This is a filtered page: currently showing replies marked as answers. Click here to see full discussion.

sleemanj

1514 posts

Uber Geek
+1 received by user: 315

#3177224 3-Jan-2024 01:44

Send private message

OMG. I think I might have figured it.

There are two logins for the Huawei router, The one on the label is Username "user" and a password. You can also login with username "admin" and the same password, but this isn't written down anywhere you just have to know.

If you login as "admin" then you get a new section called "IPv6 Firewall", it was disabled, if enabled, then and only then does the "Forwarding > IPv6 Port Mapping" section, and "Security > IPv6 Filtering" actually do anything useful.

I dont' know if it was disabled originally or maybe I'd done it at some point in the past or something and forgotten, I haven't done a factory reset to check I don't want to lose my IPv4 settings unnecessarily. Would be interested if anybody else happens to have one and take a look.

The barmy thing is that "Forwarding > IPv6 Port Mapping" section, and "Security > IPv6 Filtering" are exposed in the user login even if the IPv6 firewall is disabled, and there is no warning that they will not work properly.

Oh yeah, and it's not really a Port Mapping at all for IPv6 despite the name, you can't have a different port number externally, and you connect to the internal hosts's actual IP6 address... it's more "these ports can transit if IPv6 firewall is on".

Anyway, for the future googlers for allowing/disallowing inbound IPv6 connections on the Huawei DN8245X6-10 as shipped by One NZ....

Login as "admin" not "user", with the same password as on the bottom of router.

Security > IPv6 Firewall", ENABLE it, this will stop all inbound ipv6 connections.

Forwarding > IPv6 Port Mapping", select "Application" (User-defined interface seems broken) and pick any suitable application (eg HTTP), be sure to select the correct "WAN Name" for your active connection, for me it's "3_TR069_VOIP_INTERNET_R_GE_VID_10" I suppose it's the same for everybody these days but it gives you no clue as to which is the one you want. At that point you can select/enter your local host's IP6 address, and enter the port range. This will allow that port through the firewall to the internal host.

I think that is it, at least it's working here, so far, touch wood.

---
James Sleeman
I sell lots of stuff for electronic enthusiasts...

News and reviews »

New ECOVACS DEEBOT T80S OMNI Available Now
Posted 9-Apr-2026 11:11

Ring Brings 4K Video to Battery-Powered Doorbells
Posted 9-Apr-2026 11:01

Synology Announces a New Privacy-First Home Monitoring Experience for BeeStation Plus
Posted 9-Apr-2026 10:02

GIGABYTE X870E AERO X3D DARK WOOD Redefines the Motherboard
Posted 7-Apr-2026 14:06

Datacom Acquires Auckland Data Centre from T4
Posted 2-Apr-2026 09:43

Spark Launches Satellite Service with SMS and data options
Posted 2-Apr-2026 09:16

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Support Geekzone »

You can support Geekzone with a one-off or recurring donation via PressPatron.

RSS feeds: Main feed; Forums feed
Copyright: ©2002-2026 Geekzone®

Site features: Geekzone BI dashboard; Geekzone Badges; Geekzone Status Page

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising; Trademark and copyright