IPv6 Pinholes and conflict with IPv4 Firewall on SmartHub
BT Broadband provides a globally routable IPv6 address for the LAN, and individually globally routable IPv6 addresses for the devices on your network (that support IPv6 at least). The important thing here is that it is globally routable.
There is a Firewall on the Smart Hub which prevents traffic from the WAN reaching the IPv6 Hosts on the LAN side of your router.
In the SmartHub Settings > Advanced > IPv6 you have the option to configure "Pinholes". The idea is that you create holes in the firewall for specific ports and specific host interfaces (which of course have a specific IPv6 address). Once this is done you should be able to route traffic from anywhere to the IPv6 address of your device on your LAN. This is what IPv6 is for after all.
But it doesn't work...
I have discovered that in order for the Pinholes to work you must also set the IPv4 firewall to "Disabled".
This is a very bad idea, opening up your entire network to the hostile environment of the internet.
It seems there is a conflict between the IPv4 firewall and the pinhole configuration for IPv6, and that one is thwarted by the other.
Has anyone else seen this problem? Has anyone found a workaround that doesn't involve disabling the entire IPv4 firewall?
This seems like a really significant bug in the SmartHub, and something that should really be fixed. Otherwise, people will end up disabling their firewalls and all sorts of bad things will happen.
Does anyone from BT have a way of talking to the right people who might be able to get this fixed?
It is very frustrating, and I am considering buying an alternative router with some better management software on it, or better still that I can configure myself!