What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Unconnected

Occasional Visitor
Topology
Two ASUS routers:
  • 1st plugged into a modem (w/ WAN aggregation)
  • 2nd plugged into the first router
  • both are in router mode and not set up as an AP
One of the reason I opted for this setup is that I liked the idea of having a firewall on the client-router in order to apply some more restrictive rules, since it harbors some media drives and other devices that I don't want as exposed as the other network.

IPv6 Configuration
  • The first router has IPv6 set to Native and is able to obtain an address from the ISP. A test at test-ipv6.com shows confirmation.
  • The second router, w/ the same Native settings does not have a successful test-ipv6.com result and the IPv6 prefix does not appear on the router's settings.
1603862888977.png
  • When I set the connection type on the second router to Passthrough then test-ipv6.com has a successful response.
Question(s)
  1. Is Passthrough a bad idea? For some reason I thought it was discouraged because it might bypass firewalls and present more security concerns, though I'm still reading up on what it does and its implications.
    1. If this does bypass the client-router's firewall, does it still honor the host-router's firewall settings?
  2. Given the router-to-router connection, is Native on the client-router possible and perhaps misconfigured?
    • I've disabled NAT/PPPoE and WAN/UPnP, would either affect this? -- I've attempted variations of enabling either and both, but haven't had much success.
    • Should I disable DHCP-PD on the client-router? (and manually set the IPv6 Address and Prefix length)
  3. What is the general issue here? I don't understand the concept of what is happening. The computer on the sub-LAN has an IPv6 address, but as the traffic is exiting the router, is it dropped? Why does IPv4 step in and route correctly?

Disclaimer: please excuse my ignorance. It's been many years since I've had a networking class and I haven't kept up with any of this -- some of you are true geniuses!
 
I'm bumping this thread because I have exactly the same questions. Hope somebody can enlighten us.
 
From my experience, Pass through has only ever benefited in a double nat scenario, where my ISP modem/router( or a primary router) provided a private network ip such as 192.x.x.x. to my asus router. My asus router (or secondary router) reported its wan address as a private address representing 192.x.x.x. In this case the Primary router is still providing some sort of firewall for IPV6 as is the secondary. Albeit asus has always had a horrible behind the standards IPV6 design. Think of it as a quick in a hurry thrown together implementation of IPV6, but it is still better than some cheaper router variants.
 
Last edited:
ac86u 386.3_2
IPv6 pass through
Firewall on

You can ping6 to all inner LAN devices from outside WAN, but can not access any inner LAN devices' port, except you have specifically added a forward rule such as `ip6table -I FORWARD -s x:x:x:x:x:: -j ACCEPT`.
So leaving firewall on, pass through won't expose you to any threat, and it's rather low rise.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top