Funbox 2.0 Port Forwarding: IPv6 Addressing, No-IP Service, Livebox & Fritzbox 7390 Compatibility

Dear Forum Members,
I apologize for the long text, but I hope that thanks to you I will find a solution to my problem and at the same time others will save themselves trouble. For the past few years, instead of generously given to me by the Livebox service provider, I used Fritzbox 7390. Unfortunately, the storms at the end of June did their part and despite the overvoltage protection of the line the modem input was damaged. By the way, some devices fell on the switchboard and pulled out of the attic Livebox also waited for synchronization for over two weeks. As it was successful, after logging in to the service, it hung when downloading some updates. The gentlemen from the line service came with the "new" LB, which worked, as it turned out, making me happy with IPv6 addressing, which cut me off from the No-IP service. Overcoming this problem was relatively easy, although the information about the need to remove "/ ipv6" after the username in the login does not "lie" at the top of the service provider's page. As IPv4 addressing worked, I started to transfer settings from FB7390 related to port forwarding. I changed the firewall settings in LB to "low" and made the appropriate entries in the NAT / PAT section. Checking the status of the ports on the portal available in the network showed that they are "closed". This led to the need to contact BOK. As usual, after waiting a dozen minutes or so, I got the standard advice "turn off LB from power", "hard reset", "firewall settings and NAT / PAT" - of course without effect - the ports remained closed. Information from the consultant "you know there was a LB series where it did not work - you need to replace the modem, we will replace it with FB 2.0 is better".
After a few days I was able to replace the modem (a separate story is how to get information in which salon they have a modem to exchange). After connecting and still closed ports, another connection with BOK and after several dozen minutes of combination, the consultant's statement "I can't help, please call the pay line * 900 (PLN 1.99 / min)". Before I called there, I started to look for help on the network and found information that the service provider "cares for my security" and filters network traffic and to get rid of this "boon" before the login should be added "WITHOUT PROTECTION -". It is a pity that on his website it is not easy to dig into it and in addition consultants do not inform about it.
Unfortunately, adding this prefix did not help much and the half-hour paid "expert" line changed nothing but the next decision to replace the modem. Another modem did not change anything tonight, I have to wait for a phone call from an "expert" this time to me, because I dared to ask the question why the VOIP gateway connected to the LAN port despite connection setup (both ways) immediately breaks it and connecting the phone directly to the socket TEL on FB works fine. It seems to me again that there are no open ports.
To make it more complicated, I will add that ports 21, 37777, 5060 and 34567 have been opened. No other randomly selected ports worked. I will add that all redirections relate to devices with static IP addresses.
I'm afraid it will end up buying Fritz
I will add that the damaged 7390 behaves properly as a router and still supports DECT phones. Unfortunately, AVM does not repair its devices - it only exchanges under warranty.
I will be grateful for hints on what else can be done besides putting FB in the attic.

I even have in tabs: link . The unprotected option allows you to unblock only ports 25, 135, 137, 138, 139, 445 which do not see the sense of redirection, maybe port 25, but from experience I know that the mail server should not be put on neo, because most of the pool dynamic IPs are on the blacklist, e.g. mail servers on o2 / wp. So you can't send messages to your account, e.g. @ o2.pl because the server rejects the connection.

I don't need to unblock these ports (mentioned above), and I don't even advise you to redirect them to your local computer because it poses a threat. Other ports can be redirected without any problems in the PPPoE login. I have a firewall set to "user" and the ports I have there do not even have to overlap with NAT rules. Everything works fine.

PS. some port checking pages only scan well for TCP ports.

Thank you for your comment. I know the link you provided. Reading its fragment:

I understand that with this login the firewall in FB (or somewhere else) does not filter any port. I haven't tried the "user" firewall settings option, but the "low" settings option in the description should also allow you to open ports, e.g. from 2231 to 2236, which cannot be achieved.
I just need a remote control of several devices without any sophisticated interface which worked without any problems on the fritzbox.
Of course, I will share information from the expert service provider if he actually speaks.
Regards, E.

gunnpa wrote:

I understand that with this login the firewall in FB (or somewhere else) does not filter any port

Normally, traffic on ports 25, 135, 137, 138, 139, 445 is completely blocked (even if there are no entries in the firewall), the unprotected function will only unblock these ports. The option should rather not affect other ports.

As I wrote, redirected ports work fine and I don't even have to add them in the firewall as allowed.

Thank you again .
Convinced by your assurance that everything works for you, I made a desperate attempt again. Reset to factory settings, login with the note "no_protection-", firewall low. Because previously I had problems setting fixed IPs (not all devices appeared in the dynamic IP table) this time I did it "manually", i.e. I entered the desired IP address and I rewrote the MAC from information obtained from arp. As it was already set, I went to NAT / PAT settings and after entering the ports as in previous approaches, surprisingly the redirection worked. I have no idea how to explain this phenomenon. But if it wasn't so rosy, there was a surprise. Well, one of the redirections that I considered unnecessary can not be removed or turned off (removing the bird in the window) regardless of whether the device is connected to the router or not, removing it from the fixed IP table also does not help, the lack of its address in the dynamic table IP after router reset also does not change the situation.
An expert from BOK called in according to the agreement, but unfortunately I haven't arrived home yet, he was not asked to call in an hour anymore, so the problem of starting the external VOIP gate remained, because probably the one that is integrated with FB cannot be turned off and for now the reconciliation of their simultaneous functioning fails.
Regards, E.

I am not surprised with this deletion of entries in the NAT table. I think I had a problem adding them once, but I don't remember anymore. Unfortunately, this soft is a piece of equipment from Orange. I even have a DHCP server switched off on something and I use my own In fact, there is already a large selection of equipment for VDSL at the moment.

I wonder why this software is so weak. There are many devices that are comfortable to use, stable and even with open software. If it wasn't for the price, I would swap fb for fritzbox without hesitation. The external VOIP gateway (the one with 7390) logs in correctly, the connection is set up in both directions, but after receiving the call, the call disconnects immediately. The consultant from the expert line gave up, he was unable to answer whether other open ports were needed in addition to 5060.
Today he has to call me, he was to seek help at a higher level.
Regards, E.

To close the topic and make life easier for someone, I answer myself. Of course, the promise of a return call from "experts" on the * 900 line was not fulfilled. A few days spent trying to find appropriate port forwarding suggested in various forums did not produce any results. The established connection was immediately terminated after receiving it. As a last resort, I set the gateway address as DMZ and it helped. I draw the conclusion (please correct if I am wrong) that, however, the firewall in FB is guilty of everything, it is a pity that nobody from BOK is able to tell what should be the NAT / PAT settings for it to work without grabbing the left hand behind right ear.
Now I will see how the service provider will treat my conversations with the "expert" pay line, which did not lead to anything.
I greet all readers and wish you no trouble configuring this device.
E.