Re: [OpenWrt-Devel] FULL CONE NAT in OpenWrt

2020-05-04 Thread Alberto Bursi
Just allowing inbound connections from any external host on well-known port ranges (like a game) is bad and should NOT be default. It's basically a DMZ or full range port forwarding for all devices in the LAN. Just set a DMZ or full-range port forwarding for your console(s), it's still

Re: [OpenWrt-Devel] FULL CONE NAT in OpenWrt

2020-05-04 Thread Gracias Amigou
*Read this:* *• *Gaming with Full Cone vs Symmetric NAT Routers It is a feature that is necessary and should be by default in OpenWrt. I hope you will add it in the next releases or at least the package. Thank you. El lun., 4 may. 2020 a las

Re: [OpenWrt-Devel] FULL CONE NAT in OpenWrt

2020-05-04 Thread Joel Wirāmu Pauling
Yes that's the update v6 flag I was mentioning.. BUT it won't actually solve this issue, as you would then need to someone dynamically adjust inbound stateful forwarding rules in nft/ip6tables dynamically... WHICH ... am not a fan of doing. On Tue, 5 May 2020 at 10:23, Fernando Frediani wrote:

Re: [OpenWrt-Devel] FULL CONE NAT in OpenWrt

2020-05-04 Thread Fernando Frediani
Not all ISPs allow the user to request static PD. I like the idea of a static PD, but it is the ISP choice what they will give the user. I can understand the issues you are describing but they really need to be fixed by other proper means, not by introducing another problem which is stimulating

Re: [OpenWrt-Devel] FULL CONE NAT in OpenWrt

2020-05-04 Thread Joel Wirāmu Pauling
Yup; ok i'm not going to get into a religious war about this. But I will fight you on this and I have been around long enough to have been on the other side of the fence and am talking from a position of understanding it's not a great place we are in to need it. But we do: There are multiple

Re: [OpenWrt-Devel] FULL CONE NAT in OpenWrt

2020-05-04 Thread Fernando Frediani
I believe NAT66 should not be stimulated in any sense. One of the greatest things of IPv6 is to restore end to end communication. PDs should only change when there is a re-connection and the CPE should be able able to handle that correctly updating its LAN prefixes accordingly. Stimulating and

Re: [OpenWrt-Devel] FULL CONE NAT in OpenWrt

2020-05-04 Thread Joel Wirāmu Pauling
I am all for exposing Cone Nat in UCI / Firewall zones as an option to the masquerading configuration in a zone. Also as much as I hate it nat66 for IPv6 needs to be exposed in the same place - specifically for mapping routable PD which change often to ULA's. -Joel On Tue, 5 May 2020 at 07:25,

[OpenWrt-Devel] FULL CONE NAT in OpenWrt

2020-05-04 Thread Gracias Amigou
Please add this package as official: *Posts:* 1. xt_FULLCONENAT -- Implementing RFC 3489 full cone SNAT in OpenWrt 2. [12/8更新]OpenWrt 上实现 NAT1 (Full cone NAT) 的方法,无需 DMZ/UPnP - OPENWRT专版