Menu
What's new
By:
Filters Better Search

IPv6 passthrough disadvantages?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Matthew Patrick

Matthew Patrick

Senior Member
Hey guys so I'm currently using AC86U with the latest Merlin firmware. So I used to have an ISP which allows me to bridge the modem so that I can do PPPoE directly and do DHCP-PD for IPv6 native. Now, my new ISP doesn't allow bridging. So I'm stuck with a double NAT situation. Now IPv4 is fine like usual but with IPv6 I need to use passthrough mode . Now are there any disadvantages on using passthrough mode? I've searched for ages but it's inconclusive. Does it just disable NAT for IPv6 directly? Does it get processed by Merlin's IPv6 firewall, DoT, SkyNet, etc? Is it safe at all? Because the last thing I want is for me to just rely on the ONT's firewall etc for IPv6 and having the ISP to be able to directly see requests coming out from each of my local devices instead of looking like it coming out from just one device. Which is my router.

Thank you :)
 
Unless your ISP is doing something weird there shouldn't be any NATing with IPv6. The whole point of IPv6 is to no longer require NATing. You may be double NATing with IPv4 but there shouldn't be any NATing with IPv6. Also, don't confuse NAT with a firewall. They are not the same. Unless you have turned off the IPv6 firewall, yes there is an IPv6 firewall even with connection type set to Passthrough. With IPv6, each of your devices will communicate through your router individually. They will not communicate as a single address. Again, thats the whole point of IPv6.
 
Frank Monroe said:
Unless your ISP is doing something weird there shouldn't be any NATing with IPv6. The whole point of IPv6 is to no longer require NATing. You may be double NATing with IPv4 but there shouldn't be any NATing with IPv6. Also, don't confuse NAT with a firewall. They are not the same. Unless you have turned off the IPv6 firewall, yes there is an IPv6 firewall even with connection type set to Passthrough. With IPv6, each of your devices will communicate through your router individually. They will not communicate as a single address. Again, thats the whole point of IPv6.
Click to expand...
Yes that's the thing. I've seen some say that Asus Passthrough mode just pass it thru to the ONT or ISP provided modem to handle. AKA it bypasses Asus' IPv6 firewall apparently. That's why I'm wondering if that's true and if it is or isn't. Does DoT, scripts etc still work on IPv6 or not? And the last question was. Is it safe? Because I used to use native mode and everything was handled by the Asus. So every device gets an IPv6 address just fine and it's all processed by the Asus router first before going out
 
Matthew Patrick said:
Yes that's the thing. I've seen some say that Asus Passthrough mode just pass it thru to the ONT or ISP provided modem to handle. AKA it bypasses Asus' IPv6 firewall apparently. That's why I'm wondering if that's true and if it is or isn't. Does DoT, scripts etc still work on IPv6 or not? And the last question was. Is it safe? Because I used to use native mode and everything was handled by the Asus. So every device gets an IPv6 address just fine and it's all processed by the Asus router first before going out
Click to expand...
It does not bypass the firewall. I am currently running in that configuration. Your scripts and DoT settings will still work. And yes, its safe. BTW, even under your prior configuration under Native connection type, each device had a separate IPv6 address that passes through the firewall as separate addresses. Like I said, there isn't NATing with IPv6 regardless of the IPv6 connection type. The main difference between Passthrough and Native connection types is how your devices receive the IPv6 configuration. The difference isn't security or how the traffic is processed.
 
Frank Monroe said:
It does not bypass the firewall. I am currently running in that configuration. Your scripts and DoT settings will still work. And yes, its safe. BTW, even under your prior configuration under Native connection type, each device had a separate IPv6 address that passes through the firewall as separate addresses. Like I said, there isn't NATing with IPv6. The main difference between Passthrough and Native connection types is how your devices receive the IPv6 configuration. The difference isn't security or how the traffic is processed.
Click to expand...
Yeah I know there isn't really a NAT on IPv6 since every devices have a unique IPv6 address that change overtime.

Oh i see so it does just pass through the IPv6 addresses from the ONT/ISP Modem DHCP to our devices huh? Welp. As long as it doesn't bypass anything like Asus' IPv6 firewall and scripts etc. I'll enable it then. Thanks for the info! I appreciate it!!
 
Passthrough is just that. There will be no firewall on the asus router for IPv6 its just letting it pass through. However your isp provided router may do the firewalling for you and then send it along to the asus router not 100% sure of this but it's possible.
 
Matthew Patrick said:
Hey guys so I'm currently using AC86U with the latest Merlin firmware. So I used to have an ISP which allows me to bridge the modem so that I can do PPPoE directly and do DHCP-PD for IPv6 native. Now, my new ISP doesn't allow bridging. So I'm stuck with a double NAT situation. Now IPv4 is fine like usual but with IPv6 I need to use passthrough mode . Now are there any disadvantages on using passthrough mode? I've searched for ages but it's inconclusive. Does it just disable NAT for IPv6 directly? Does it get processed by Merlin's IPv6 firewall, DoT, SkyNet, etc? Is it safe at all? Because the last thing I want is for me to just rely on the ONT's firewall etc for IPv6 and having the ISP to be able to directly see requests coming out from each of my local devices instead of looking like it coming out from just one device. Which is my router.

Thank you :)
Click to expand...
Skynet watches for IPv4 IP’s only.
 
det721 said:
Passthrough is just that. There will be no firewall on the asus router for IPv6 its just letting it pass through. However your isp provided router may do the firewalling for you and then send it along to the asus router not 100% sure of this but it's possible.
Click to expand...
I''m sorry. Respectfully, thats not true. The IPv6 firewall is enabled whether you use passthrough or not. I can prove that with my own AC5300. I am running in passthrough mode, inbound IPv6 traffic is blocked (by default). Once I turn off the IPv6 firewall or allow exceptions through it, inbound traffic will flow. Really, the only difference I have seen between native and passthrough are the command line switches on 6relayd when it is launched which is how IPv6 configuration information is passed between the outside network and the inside network. If the router behaved as you are saying, that wouldn't even need to run at all.
 
Last edited:
det721 said:
Passthrough is just that. There will be no firewall on the asus router for IPv6 its just letting it pass through. However your isp provided router may do the firewalling for you and then send it along to the asus router not 100% sure of this but it's possible.
Click to expand...
Not according to: https://www.asus.com/uk/support/FAQ/1013638/

That page suggests that unless you allow specific connections then there would be a basic firewall that filters none-originated connections!
 
Matthew Patrick said:
So I'm stuck with a double NAT situation. Now IPv4 is fine like usual but with IPv6 I need to use passthrough mode
Click to expand...

What IPv6 advantages you expect to get is the more important question. Read the thread below and decide what to do.

www.snbforums.com

IPv6 question

I enabled IPv6 under Advanced Setting/IPv6 as passthrough (and on my modem as well). Confirmed I have ipv6 connections using broswer test. However, under Advanced Setting/System Log/IPv6 it says IPv6 Connection Type as Disabled. Trying to find out why that is.
www.snbforums.com www.snbforums.com
 
You must log in or register to reply here.

Similar threads

H
Got some IPV6 question on Asus Merlin
Replies
3
Views
1K
heysoundude
heysoundude
K
Have global ipv6 address but unable to access internet over ipv6
2
Replies
39
Views
815
klunk
K
Loukios
IPv4 over IPv6?
2
Replies
23
Views
1K
sfx2000
sfx2000
John Tetreault
How to open ipv6 firewall to a port on the router?
Replies
4
Views
623
sfx2000
sfx2000
L
Advise on some issues with IPv6
Replies
5
Views
504
Analog-1
A
Similar threads
Thread starter Title Forum Replies Date
V IPv6 Passthrough failure on USB WAN Asuswrt-Merlin 4
T Wireguard VPN Disable IPV6 Asuswrt-Merlin 0
K Have global ipv6 address but unable to access internet over ipv6 Asuswrt-Merlin 39
J Help - duckdns has started returning an IPv6 IP address Asuswrt-Merlin 1
M IPv6 and Router Advertisement adding route to delegated /56 via WAN interface Asuswrt-Merlin 0
A DNS/TLS IPv6. Asuswrt-Merlin 4
L When I access the System Log --> IPv6 tab the web server crashes Asuswrt-Merlin 0
icanfly custom domains report NXDOMAIN for IPv6 DNS and fail to resolve in Alpine OS Asuswrt-Merlin 2
B How to setup IPV6 static route for Docker IPVLAN Asuswrt-Merlin 0
John Tetreault How to open ipv6 firewall to a port on the router? Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 818 (members: 32, guests: 786)
Top