Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus)[Snap] multiple ipv6 on fritz box
BinaryLimited

796 posts

Ultimate Geek
+1 received by user: 80

Trusted

#175758 10-Jul-2015 19:10
Send private message

Hi Everyone!

Currently setting up servers and trying to figure out how to setup multiple public static ipv6 address on the fritzbox 7490.
Not sure where to start, iv had alook around the fritzbox gui but cant seem to figure it out.

Anyone done this before?

Thanks!




Binary Limited - Safe. Secure. Simple. ™
www.binarylimited.co.nz

Create new topic
fe31nz
1294 posts

Uber Geek
+1 received by user: 423


  #1340821 10-Jul-2015 19:41
Send private message

The IPv6 setup is in Internet => Account Information => IPv6 tab on my 7390.  But with IPv6, you do not set up multiple external IPv6 addresses, as all global unicast IPv6 addreses are "external" and unless your firewall prevents it, all your IPv6 devices on your network will be externally accessible as soon as the FritzBox has connected to IPv6.  Check on a box and see if it has an IPv6 address starting with 2 instead of f.  If so, then it has a global unicast IPv6 address and you had better check your firewall rules if you do not want it to be externally accessible.



BinaryLimited

796 posts

Ultimate Geek
+1 received by user: 80

Trusted

  #1340828 10-Jul-2015 19:53
Send private message

fe31nz: The IPv6 setup is in Internet => Account Information => IPv6 tab on my 7390.  But with IPv6, you do not set up multiple external IPv6 addresses, as all global unicast IPv6 addreses are "external" and unless your firewall prevents it, all your IPv6 devices on your network will be externally accessible as soon as the FritzBox has connected to IPv6.  Check on a box and see if it has an IPv6 address starting with 2 instead of f.  If so, then it has a global unicast IPv6 address and you had better check your firewall rules if you do not want it to be externally accessible.


awesome thanks, will double check that all now. still quite new to this whole ipv6 thing.




Binary Limited - Safe. Secure. Simple. ™
www.binarylimited.co.nz

fe31nz
1294 posts

Uber Geek
+1 received by user: 423


  #1340866 10-Jul-2015 20:53
Send private message

Recommended reading if you want to understand IPv6 addreses:

  https://en.wikipedia.org/wiki/IPv6_address



Zeon
3926 posts

Uber Geek
+1 received by user: 759

Trusted

  #1340898 10-Jul-2015 22:41
Send private message

Yes remember no more NAT with IPv6 - its how the internet should run. You have billions of uniquelly, globally routed IP addresses. As has been pointed out, its thus really important to check your firewall is enabled as NAT is no longer limiting direct connection to your devices.

Also look into SLAAC - easiest way of addressing.




Speedtest 2019-10-14

sbiddle
30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1340987 11-Jul-2015 09:24
Send private message

And if you don't understand firewalls IPV6 suddenly becomes incredibly insecure with NAT no longer providing automatic protection.

fe31nz
1294 posts

Uber Geek
+1 received by user: 423


  #1341199 11-Jul-2015 17:05
Send private message

Except that I believe the FritzBoxes default to having sensible IPv6 firewall settings that do not allow in anything dangerous.  But since I only use my FritzBox for VOIP, not for my connection to Snap, I can not talk from experience.  So please make sure you check for yourself if you have IPv6 enabled.

 
 
 
 

Shop now for Dell laptops and other devices (affiliate link).
BinaryLimited

796 posts

Ultimate Geek
+1 received by user: 80

Trusted

  #1341908 13-Jul-2015 08:30
Send private message

Thanks guys!
Going to get a UTM / Firewall setup today.
Been looking at untangle UTM, SOPHOS UTM and pfsense...




Binary Limited - Safe. Secure. Simple. ™
www.binarylimited.co.nz

aumouth
73 posts

Master Geek
+1 received by user: 11


  #1343364 14-Jul-2015 21:29
Send private message

http://fritz.box/system/security.lua
... to see what opened ports for both IPv4 and IPv6 you have.

BinaryLimited

796 posts

Ultimate Geek
+1 received by user: 80

Trusted

  #1343371 14-Jul-2015 21:35
Send private message

aumouth: http://fritz.box/system/security.lua
... to see what opened ports for both IPv4 and IPv6 you have.


awesome thanks.
made an ipv6 n00b error today...did port forwards and couldn't understand why i didn't have public access...then realized (thanks to fe31nz) that i needed to do port forward for ipv6 and not the default ipv4




Binary Limited - Safe. Secure. Simple. ™
www.binarylimited.co.nz

splodge
23 posts

Geek
+1 received by user: 2


  #1345741 16-Jul-2015 20:03
Send private message

It's absolute rubbish that your devices are exposed to the internet by default using IPv6.

The way the Frtizbox works does not allow anything inside your network unless you specifically allow the port through in the fritz box user interface. It's done by interface address so you at least have to have a very basic understanding of IPv6 to even know what the interface address of a device is. Someone completed clueless in IPv6 is not likely to accidentally open up their network then.

NAT and firewalling are not the same thing.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright