Wouldn't that open up 23 as well though...? That sounds a lot like port-triggering.
21 = FTP
22 = SSH
23 = Telnet
We understand how to open the firewall, but thank you : )
The problem is the dynamically assigned ipv6 prefixes (They shouldn't be dynamic per ipv6 conventions which is why there is very limited support for DDNS in ipv6). It sounds like maybe your engineers understand this and are working on a fix (fingers crossed).
Yes, engineering is still working on allowing inbound IPv6 pings, this will be addressed in a future update. No ETA, but it's on our roadmap.
Liz, to be clear, there are two issues here:
-The HT2000W inbound IPv6 firewall implementation is buggy and requires the above posted workaround to disable the firewall entirely. Using the firewall as intended does not seem to be possible. The inability to ping downstream devices is a symptom of this problem.
-The IPv6 prefix assigned to a downstream device via DHCP-PD is dynamic and indeed changes often. This is undesirable because it prevents IP-based firewall rules from being implemented for downstream devices and prevents remote access to those devices.
Thanks for the clarification, I'll pass this up.
Got a quick turnaround from engineering on your concerns:
Regarding your first point about the firewall being buggy, this will be escalated to our modem team.
Regarding the IPv6 prefix assignments, that is how our modems operate and is unlikely to change anytime soon.
In reference to tracerrx's concern with routable IPv6 addresses, a user always gets a public IPv6 prefix as long as it's associated with an IP gateway. If the user isn't seeing this public IPv6 prefix and it's associated with a gateway, then we'd troubleshoot.
@Liz If the situation of having dynamic IPv6 prefixes is not expected to change anytime soon, then HughesNet sales and support staff should be trained to tell customers and prospects that using remote access devices such as security camera systems is not possible with the service offering. CGN prevents it on IPv4 and dynamic addressing prevents it via IPv6. That's very unfortunate since this seems to be requested quite often here in the forums.
Are you residential subscribers or business subscribers? Sales agents are not to say that IPv6 is static on these systems, static isn't offered normally by Hughesnet.
Good morning folks,
Thank you for your input, I think this is a topic worth bringing up to management. I'll send it up, thank you for your feedback!