REPLY: 2:280/5555 6434155d   
   MSGID: 2:5005/49 6434ca25   
   CHRS: CP866 2   
   TZUTC: 0700   
   TID: hpt/fbsd 1.9.0-cur 2019-12-05   
   Dear Michiel,   
      
   10 Apr 23 15:46, you wrote to me:   
      
    MV>>> Please eleborate...   
      
    VS>> The Transmission torrent client, and the syncthing file   
    VS>> synchronization utility can use the UPnP protocol to request a   
    VS>> firewall to pass *IPv4* incoming traffic (and create a port   
    VS>> porwarding for IPv4 NAT). They cannot however (at least to my   
    VS>> knowledge) use UPnP or any other protocol to request a router to   
    VS>> open a hole for incoming traffic in an *IPv6* firewall.   
      
    MV> I see. Or so I think. You ask for   
      
   It is not even that I *ask for* it. I've read here, some messages ago, that   
   some home router declared "IPv6 punch-holing support." Infortunately I could   
   not find more information either about the model of the router or its features.   
      
      
    MV> for some kind of "IPv6 equivalent" for   
    MV> UPnP. But why would you want that? UpNP is a questionable idea anyway.   
    MV> For IPv4 it creates an entry in de NAT table and as a side effect   
    MV> creates a hole in the firewall.   
      
    MV> But why would you need that for IPv6?   
      
    MV> For IPv6 there (normally) is no NAT, so no need to create an entry in   
    MV> a NAT table.   
      
   The "IPv6 equivalent" for UPnP is not for creating entries in a NAT table   
   (which is absent in IPv6). It is for creating rules in an IPv6 firewall   
   allowing incoming traffic to an application running on an IPv6-enabled host. A   
   firewall (IPv4 or IPv6) is usually configured to block incoming traffic which   
   is not part of an established outgoing connection.   
      
    MV> In IPv6 avery device has a Unique Global Address, so one   
    MV> can simply create pinholes in advance as needed for the address in   
    MV> question.   
      
   Only when you know the IPv6 address and port beforehand. Usually an IPv6   
   address on the home LAN is dynamic (SLAAC), and the port in peer-to-peer   
   applications, VoIP applications etc is often dynamic too.   
      
   The situation is different of course when you are hosting an IPv6 web-server   
   or something like that. It would have a fixed IPv6 address and port anyway, so   
   there is no need for punch-holing the firewall.   
      
   Victor Sudakov, VAS4-RIPE, VAS47-RIPN   
   --- GoldED+/BSD 1.1.5-b20170303-b20170303   
    * Origin: Ulthar (2:5005/49)   
   SEEN-BY: 1/123 10/0 1 15/0 50/109 90/1 103/705 104/117 105/81 106/201   
   SEEN-BY: 123/131 124/5016 153/757 7715 154/10 203/0 214/22 218/0 1   
   SEEN-BY: 218/215 700 860 221/0 1 6 226/30 227/114 229/110 111 112   
   SEEN-BY: 229/113 206 307 317 400 424 426 428 452 470 550 664 700 240/1120   
   SEEN-BY: 240/5832 266/512 280/464 5003 5006 5555 282/1038 292/854   
   SEEN-BY: 292/8125 301/1 310/31 317/3 320/219 322/757 335/364 341/66   
   SEEN-BY: 341/234 342/200 396/45 423/120 460/58 256 1124 5858 463/68   
   SEEN-BY: 467/888 633/280 712/848 770/1 4500/1 5000/111 5001/100 5005/49   
   SEEN-BY: 5005/53 5015/46 5020/545 715 830 846 1042 4441 5030/49 5053/51   
   SEEN-BY: 5054/8 30 5058/104 5064/56 5075/128 5080/102 5083/1 444   
   PATH: 5005/49 5020/1042 221/6 460/58 280/464 103/705 218/700 229/426