Could merlin firmware support nat6?

[Steam123]

For some reason, My isp gives me ipv6 address with no prefix. The only way to use ipv6 for all my devices connected to my ax86u is to use nat6, However neither the original firmware nor merlin firmware supports nat6. Is there possibility that merlin could support nat6 or there are other ways to use nat6 in my asus router?

 

[Jeffrey Young]

I have never used ipv6 as my ISP does not use it. That said, something like this in the nat-start script should work

ip6tables -t nat -I POSTROUTING -o $WAN_IF -j MASQUERADE

Where WAN_IF is your wan interface.

 

[ZebMcKayhan]

For some reason, My isp gives me ipv6 address with no prefix. The only way to use ipv6 for all my devices connected to my ax86u is to use nat6, However neither the original firmware nor merlin firmware supports nat6. Is there possibility that merlin could support nat6 or there are other ways to use nat6 in my asus router?

Both Asus and Merlin support NAT6 since 386.4 in the form of MASQUARADE (snat). But its not supported via gui, you need to enter the firewall rules manually. Oops, @Jeffrey Young beat me to it.

 

[heysoundude]

For some reason, My isp gives me ipv6 address with no prefix. The only way to use ipv6 for all my devices connected to my ax86u is to use nat6, However neither the original firmware nor merlin firmware supports nat6. Is there possibility that merlin could support nat6 or there are other ways to use nat6 in my asus router?

I believe factory firmware supports NPT, so Merlin should as well:

IPv6-to-IPv6 Network Prefix Translation - Wikipedia

en.wikipedia.org

You'll definitely want to read the article referenced on that wiki page and act accordingly if you decide to go that way, assuming my initial recollection is correct

 

[ZebMcKayhan]

I believe factory firmware supports NPT, so Merlin should as well:

IPv6-to-IPv6 Network Prefix Translation - Wikipedia

en.wikipedia.org

You'll definitely want to read the article referenced on that wiki page and act accordingly if you decide to go that way, assuming my initial recollection is correct

As far as I know NPT is not compatible with our routers stateful firewall. Or did you find a way?

 

[ColinTaylor]

I believe factory firmware supports NPT, so Merlin should as well:

IPv6-to-IPv6 Network Prefix Translation - Wikipedia

en.wikipedia.org

You'll definitely want to read the article referenced on that wiki page and act accordingly if you decide to go that way, assuming my initial recollection is correct

How would this help the OP as his problem is the lack of a prefix? <confused>

 

[heysoundude]

How would this help the OP as his problem is the lack of a prefix? <confused>

In case the OP is mistaken/misunderstanding their ISP/mis-configured, their own hardware is capable once they're certain/sorted.

As far as I know NPT is not compatible with our routers stateful firewall. Or did you find a way?

I'm just trying to open doors to explore behind. It's difficult for me to believe a major manufacturer would formulate their own non-standard approach in defiance (?) of what standards seem to be.

 

[ZebMcKayhan]

It's difficult for me to believe a major manufacturer would formulate their own non-standard approach in defiance (?) of what standards seem to be.

This incompability between conntrack and npt6 is well known. We tried it quite abit @archiel and I, whithout luck: https://www.snbforums.com/threads/session-manager-discussion-2nd-thread.75129/post-753280

Ofcource conntrack/netfilter may be updated to resolve this but its unlikely to find itself backported into our routers.

NETMAP is the NPT6 alternative that is conntrack compatible and it works on our routers if you dare to install Entware iptables. But NETMAP is not checksum neutral like NPT6 so there are no efficiency gains. I would really love to see NPT6 working on our routers, but realisticly, I dont think its going to happen.

 

[heysoundude]

This incompability between conntrack and npt6 is well known. We tried it quite abit @archiel and I, whithout luck: https://www.snbforums.com/threads/session-manager-discussion-2nd-thread.75129/post-753280

Ofcource conntrack/netfilter may be updated to resolve this but its unlikely to find itself backported into our routers.

NETMAP is the NPT6 alternative that is conntrack compatible and it works on our routers if you dare to install Entware iptables. But NETMAP is not checksum neutral like NPT6 so there are no efficiency gains. I would really love to see NPT6 working on our routers, but realisticly, I dont think its going to happen.

which almost makes perfect sense, since the hardware is intended to be used by basic home users; around here, people get the impression we're on par with enterprise-class hardware, but the facts are quite different.

 

[Tech9]

around here, people get the impression we're on par with enterprise-class hardware

And software. The reason my usual advice is to disable features not needed. IPv6 is often one of them with rare exceptions.

 

[heysoundude]

And software. The reason my usual advice is to disable features not needed. IPv6 is often one of them with rare exceptions.

yes, we're both skipping like broken records, you and I.
Can we table it between ourselves til we meet in the afterlife?