EdgeRouter IPv6

Interfaces used:

  • eth0: WAN
  • eth1: secondary WAN (optional)
  • eth2: LAN

Adjust accordingly.

Create firewall rules for WAN6_IN

edit firewall ipv6-name WAN6_IN
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
top

Create firewall rules for WAN6_LOCAL

edit firewall ipv6-name WAN6_LOCAL
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
#set rule 40 action accept
#set rule 40 description "allow DHCPv6 client/server"
#set rule 40 destination port 546
#set rule 40 source port 547
#set rule 40 protocol udp
top

Assign IPv6 firewall rules to primary wan interface

set interfaces ethernet eth0 firewall in ipv6-name WAN6_IN
set interfaces ethernet eth0 firewall local ipv6-name WAN6_LOCAL

Assign IPv6 firewall rules to secondary wan interface (optional)

set interfaces ethernet eth1 firewall in ipv6-name WAN6_IN
set interfaces ethernet eth1 firewall local ipv6-name WAN6_LOCAL

Request prefix with eth0 and assign to eth2

Requested prefix size /60 for compatibility with FritzBox

edit interfaces ethernet eth0
set dhcpv6-pd prefix-only
set dhcpv6-pd pd 0 prefix-length /60
set dhcpv6-pd pd 0 interface eth2 host-address ::1
set dhcpv6-pd pd 0 interface eth2 prefix-id :0
set dhcpv6-pd pd 0 interface eth2 service slaac
top

finally

commit
save