RT-AX86U, turning on firewall breaks IPv6

[Trippie123]

Hey,
The fix for this is probably simple but I can't figure it out. I've hooked up the Asus router to my ISP modem with DMZ enabled towards the router.
When I turn off the IPv6 firewall in the Asus settings, IPv6 works fine. When it's turned on it stops working. I tried opening port 546 UDP which doesn't really help.
Anyone knows the solution? Do I even need the Asus firewall or does the modem have one anyway? If so, can I test it. If I understand DMZ correctly it would bypass the firewall right?

Thanks in advance.

Edit: I just figured out that I can disable the DMZ IPv6 on the modem so then I can also disable the firewall on the router. It would be nice though if anyone knows a way to let the Asus router handle the firewall?

 

[Tech9]

Your IPv6 configuration on the Asus router in double NAT has to be Passthrough.

 

[Trippie123]

Your IPv6 configuration on the Asus router in double NAT has to be Passthrough.

Alright, I didn't know that but when I put it in Passthrough IPv6 stops working entirely.

Edit: I think passthrough started working after turning IPv6 off and on and rebooting the modem. Idk, I was just trying some random things and noticed IPv6 clients were connected. So I checked my settings and it was still configured as passthrough. Hopefully it stays working. Thanks for the help

 

[Trippie123]

Your IPv6 configuration on the Asus router in double NAT has to be Passthrough.

Oh one more question: Do I need to enable DMZ or firewall with passthrough?

 

[Tech9]

Oh one more question: Do I need to enable DMZ or firewall with passthrough?

Honestly, based on questions you ask better leave IPv6 at default Disabled and don't play with options you don't need or understand how they work. Not trying to be rude. Trying to protect you. You're opening one more door to your network without clear idea how to keep it secured. You're not ready yet. Not sure why you're doing it, but if you have public IPv4 available the Internet experience benefits from IPv6 for you will be zero.

 

[Trippie123]

Honestly, based on questions you ask better leave IPv6 at default Disabled and don't play with options you don't need or understand how they work. Not trying to be rude. Trying to protect you. You're opening one more door to your network without clear idea how to keep it secured. You're not ready yet. Not sure why you're doing it, but if you have public IPv4 available the Internet experience benefits from IPv6 for you will be zero.

I'm just trying to have full functionality and now I have the time to figure these things out. My PC has it's own firewall too. Anyway, I enabled IPv6 DMZ towards the router and turned the Asus firewall on. I think it should be good now.

 

[Tech9]

There is not NAT with IPv6, but you still need port forwarding for your IPv4 services open to Internet. DMZ saves you some work on the ISP modem/router. With dual stack you have 2x in/out ways and you have to make sure you secure both. Asuswrt is not free of bugs. Some QoS options are broken with IPv6 enabled and DDNS with IPv6 enabled is still unreliable. You have to trust your IoT devices with direct access to Internet now. You have to watch for common IPv6 leaks when using VPN. Your ISP receives traffic from multiple devices now and some may be identifiable. Behind NAT they used to see your router only as single device. If you use DNS filtering service with custom categories like OpenDNS - it doesn't work anymore with IPv6. If you use ad-blockers you have to re-configure them. This full functionality is not just flipping a switch. You had full functionality before turning IPv6 on as well.