Sign in to follow this  
Majibow

UPnP IPv6 Firewall Pinholes

Recommended Posts

The stateful IPv6 firewall running on a router blocks inbound connections in the very same way as IPv4 NAT. There is a solution to this and that is to support "WANIPv6FirewallControl" call (UPnP IGD v2). 

uTorrent currently supports UPnP for IPv4 where both port forwarding and firewall rules are created on the router but does not make a request for IPv6 firewall on the router and hence is blocked to unsolicited inbound IPv6 traffic. There is a related thread here on  the Transmission client forums  https://forum.transmissionbt.com/viewtopic.php?t=19275. I will also add that miniupnpd daemon can be compiled with support to receive these requests as this is the daemon that runs on a lot of SOHO routers. 

IPv6 is not exposed to the internet as you may initially think, which is why this is required. The user would need to manually disable IPv6 firewall as it is usually on by default (undesirable).

The key thing to remember when implementing this is that, when IPv6 is configured as slaac with privacy extensions enabled the Temporary address will change every few hours... therefore uTorrent will need to either periodically refresh the pin-holing or I think the better solution is to use the permanent address for UPnP Pin-holing and reporting to torrent trackers while the temporary address should be used for outbound connections to other clients.

Edited by Majibow

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this