Configuring IPv6 to expose local device(s) to the internet
Most traffic through an IPv6 router has a destination address not on the router's interfaces, but to other hosts in subnets delegated to it. IP forwarding happens as usual. IPv4 used to work this way, but NAT is so pervasive public addresses on every host seems alien to many people.
Say you are delegated 2001:db8:2106::/48
. A service provider should route all of it to you. Via your router, but how will the ISP identify your router separate from your network? Assign an IP address of course, say 2001:db8:c::954c:5cc7:7aeb:ec1d
. Such a WAN address is for the ISP's convenience, it does not need to be related to your nets at all.
Allow access to hosts on your network by firewall configuration. If the application host is 2001:db8:2106:5821::443
, allow https/tcp to that IP. Any firewall worth using can filter by layer 4 ports. The firewall rules can be relatively straightforward, as unlike with NAT the destination IP is the host of interest, no port forwarding required.