Configuring IPv6 to expose local device(s) to the internet

ipv6

Most traffic through an IPv6 router has a destination address not on the router's interfaces, but to other hosts in subnets delegated to it. IP forwarding happens as usual. IPv4 used to work this way, but NAT is so pervasive public addresses on every host seems alien to many people.

Say you are delegated 2001:db8:2106::/48. A service provider should route all of it to you. Via your router, but how will the ISP identify your router separate from your network? Assign an IP address of course, say 2001:db8:c::954c:5cc7:7aeb:ec1d. Such a WAN address is for the ISP's convenience, it does not need to be related to your nets at all.

Allow access to hosts on your network by firewall configuration. If the application host is 2001:db8:2106:5821::443, allow https/tcp to that IP. Any firewall worth using can filter by layer 4 ports. The firewall rules can be relatively straightforward, as unlike with NAT the destination IP is the host of interest, no port forwarding required.

Related

Restricting OpenVPN connection to only one program
sshfs permission denied even for root user
Forbidden after enabling SSL
What process does certbot run as on Linux?
The term 'New-RemoteMailbox' is not recognized as the name of a cmdlet
Keepalived: multicast vs unicast
What's the endpoint running at `include:spf.example.com` as seen in an SPF record in DNS?
IPsec site-to-site VPN issues after recent Linux kernel update
What exactly is a floating IP and how does it work?
Kubernetes manual certificate renewal - apiserver ceritificate update failed
Accessing dict subelement value
Disable ping in Windows Server 2008 R2 [closed]