@pswired interesting... will try again but my Sonicwall is set to dhcpv6 for the port connected directly to the lan of the HW2000W and it doesnt seem to be getting anything other then an FDxxxx ... Will play around with my settings and see what happens.. But totaly agree we need a tech to weigh in here on how this works. I'm not trying to sream video out our anything, just net access to my home network to send commands to my crestron system etc.
Yup, looks like you're well on your way to getting that block assigned to the Sonicwall LAN. Let me know if you have any results different than mine as far as accessibility to those addresses from the Internet.
Unfortunately I have a feeling we'll need to wait for a future software version of the HT2000W for this to work. All of my testing shows that the "disable firewall" checkbox option doesn't work for IPv6.
Thank you for your patience, I was just informed that we have two engineers working on addressing outside IPv6 requests on the HT2000w. I'll let you know once I get any updates from them.
@Liz Thanks for the update
@pswired Im not an IPv6 expert, but I think you want your router to assume one of the ipv6's instead of handing our ipv6 from your router to internal devices. Unless of course your running full IPv6 internally. I have the sonic grabbing the /62, then using a /128 itself (see below). Then I "should" be able to map IPv6 port incoming on the WAN interface to any ipv4 port on the LAN (6:4 routing). Unfortunately i'm seeing exactly what you are... either the Hughes routers are not disabling firewall for ipv6, or they are filtering somewhere else.
@Liz Thank you for the update and we appreciate the effort to resolve this. If there's anything I can do to help, let me know.
@tracerrx The "proper" way to implement IPv6 in this case is to indeed attach that /62 to your LAN and hand out public addresses to your LAN devices directly. Your devices will then run dual stack and requests to IPv6 enabled hosts will use one network stack, IPv4 another. Then add firewall rules to your router so that services on your LAN are not exposed to the Internet except as desired. However, if the LAN devices you want to be publicly accessible do not support IPv6 natively, then yes, you'll need to do as you describe and 6to4 at the Sonicwall.
It looks to me like everything is good to go in the Hughes network itself and the problem lies in the HT2000W- when I run traceroutes to the IPv6 address of a device behind the HT2000W, I see the 600ms latency jump at the last hop before the traces die. That tells me the packets are making their way all the way to my CPE and dying there. Hopefully the engineers working on this will get it sorted and release a new firmware soon. And hopefully that firmware will allow the firewall to be completely disabled instead of needing to add individual rules for each service allowed through.
Hey! It looks like it's working now! Last night I noticed that my IPv6 DHCP allocation changed (maybe the modem rebooted, I haven't checked yet). Now I can ping my downstream router's IPv6 address and access its HTTP interface from the Internet via IPv6!
Thank you for getting this in front of the right people, @Liz, and please relay my thanks to the engineers who got this resolved quickly. Impressive to have a firmware fix rolled out and functional in about a week.
This is somewhat light testing so far, but I'll continue to verify everything is working.
Everything was working well. I had my security cameras set up for IPv6 access from the Internet and I was able to view them from my smartphone via cellular, etc...
Then I got the bright idea to log in to the HT2000W and see if anything had changed in the IPv6 firewall settings options. I had the firewall enabled and a single IPv6 rule added to allow remote admin access to my downstream router. I decided to try disabling the firewall and removing that rule. Well, that made all the IPv6 inbound stop working. So I reverted my changes, and guess what- doesn't work now. Same symptoms as when I started.
After some additional experimenting, here's what I think needs to be done, and I can reproduce, to get inbound IPv6 working:
-Enable the firewall with the "firewall features" checkbox in advanced setup
-Add an IPv6 firewall rule. It doesn't matter what the rule does, but one must be present. Mine allows TCP port 1 to a null address (:
-Reboot the rotuer and don't maky any further firewall changes. This is important--inbound stops working if you make any further firewall changes after the reboot.
So, my conclusion is that there's a bug that is worked around with the above process. Last night's change must have been something unrelated done by Hughes that caused a modem reboot which triggered the last step of the above workaround.
Good detective work.
Now that I think of it, I think I had a Cisco router that had a "feature" like that in it's firmware, but for IPv4 port forwarding. Ineresting.