Jump to content

UPnP IPv6 Firewall Pinholes


Recommended Posts

The stateful IPv6 firewall running on a router blocks inbound connections in the very same way as IPv4 NAT. There is a solution to this and that is to support "WANIPv6FirewallControl" call (UPnP IGD v2). 

uTorrent currently supports UPnP for IPv4 where both port forwarding and firewall rules are created on the router but does not make a request for IPv6 firewall on the router and hence is blocked to unsolicited inbound IPv6 traffic. There is a related thread here on  the Transmission client forums  https://forum.transmissionbt.com/viewtopic.php?t=19275. I will also add that miniupnpd daemon can be compiled with support to receive these requests as this is the daemon that runs on a lot of SOHO routers. 

IPv6 is not exposed to the internet as you may initially think, which is why this is required. The user would need to manually disable IPv6 firewall as it is usually on by default (undesirable).

The key thing to remember when implementing this is that, when IPv6 is configured as slaac with privacy extensions enabled the Temporary address will change every few hours... therefore uTorrent will need to either periodically refresh the pin-holing or I think the better solution is to use the permanent address for UPnP Pin-holing and reporting to torrent trackers while the temporary address should be used for outbound connections to other clients.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...