Sign in to follow this  

UPnP IPv6 Firewall Pinholes

Recommended Posts

The stateful IPv6 firewall running on a router blocks inbound connections in the very same way as IPv4 NAT. There is a solution to this and that is to support "WANIPv6FirewallControl" call (UPnP IGD v2). 

uTorrent currently supports UPnP for IPv4 where both port forwarding and firewall rules are created on the router but does not make a request for IPv6 firewall on the router and hence is blocked to unsolicited inbound IPv6 traffic. There is a related thread here on  the Transmission client forums I will also add that miniupnpd daemon can be compiled with support to receive these requests as this is the daemon that runs on a lot of SOHO routers. 

IPv6 is not exposed to the internet as you may initially think, which is why this is required. The user would need to manually disable IPv6 firewall as it is usually on by default (undesirable).

The key thing to remember when implementing this is that, when IPv6 is configured as slaac with privacy extensions enabled the Temporary address will change every few hours... therefore uTorrent will need to either periodically refresh the pin-holing or I think the better solution is to use the permanent address for UPnP Pin-holing and reporting to torrent trackers while the temporary address should be used for outbound connections to other clients.

Edited by Majibow

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this