Their new modem/router doesn’t support opening ports in the ipv6 firewall, so if you want to open ports, they recommend disabling ipv6 entirely. For ipv4, they no longer support forwarding ports from only specific source addresses either, which is way less secure. You can only forward ports from all source addresses. You also have to use their crappy app to add port forward rules, it’s no longer available in the web ui. You can completely disable the ipv6 firewall in the web ui, but that wouldn’t be safe.

Old motorola modem/routers could do all of the above.

It says it can do bridge mode at least, but it seems silly to need 2 devices just to open ipv6 ports.

How are routers being made now in 2023 that don’t have proper ipv6 support? It seems crazy to me.

  • mo_ztt ✅
    link
    English
    101 year ago

    At least the last I was aware, you could just use your own hardware which I always found preferable. I don’t think it’s a secret that Xfinity sucks bad :-(.

  • @adlr
    link
    English
    31 year ago

    My view on this, at least for higher end devices like laptops, tablets, phones, etc, is that the OS must be secure to threats already because they all support cellular connections, where you will not have a home router to block incoming connections. IOT is, of course, a different story.

    The other thing we should all hopefully know is that a lot of threat vectors don’t involve incoming connections. Browser zero days, for example.

    BTW, all that said, I still don’t see why Xfinity can’t just provide a better set of knobs on the firewall.

  • @TCB13
    link
    English
    21 year ago

    You don’t need port forwarding for IPv6 because, unlike IPv4, it doesn’t use NAT. It is expected that an IPv6 device will not show up on the “Port Forward” page that was specifically designed to handle IPv4’s NAT port rules.

    Try to see if there’s some dedicated firewall page on the router and there you should be able to “poke a hole” to allow an incoming IPv6 request to reach a device in your network.

    • @[email protected]
      link
      fedilink
      English
      31 year ago

      I believe OP is already aware of this. At least based on the wording in his post. He specifically says “opening ports in the IPv6 firewall.” Could be mistaken though.

      • @iwasgodonceOP
        link
        English
        4
        edit-2
        1 year ago

        Yup, I’m aware.

        There’s no page for anything to do with ports for ipv6, and the documentation specifically says it’s not available to open ports on ipv6.

        The only options for configuring the ipv6 firewall are things like blocking ping, and disabling the ipv6 firewall entirely. There were 5 checkboxes, I forget what the other 3 were. It was at a relatives house I was helping so I can’t check right now.

        • @[email protected]
          link
          fedilink
          English
          31 year ago

          IMO if you have to put “you can’t do xyz with IPv6” in your documentation…then you need to not ship that product…but Comcast is Comcast…sooo

  • MadaMada
    link
    English
    11 year ago

    deleted by creator

  • @[email protected]
    link
    fedilink
    English
    0
    edit-2
    1 year ago

    IMO if you’re serious about IPv6 you should probably have your own router running OpenWRT or the like. That’s not to say consumer routers don’t exist with good v6 support. AT&T provided routers have very good v6 support including full firewall rules for both v4 and v6 on top of the v4 port forwarding for NAT. We’ll ignore their PD issues lol. Sounds like Xfinity might just be behind the times. I’d put OpenWRT on a router and use that instead of the ISP router anyway.