At home I have a dual stack IPv4 / IPv6 broadband connection and I also have a wireless access point. The access point currently connects all traffic to my local network, which is by no means segmented, so all visitors who use my wireless network have my entire local network .
While I certainly don't doubt my friends' good intentions, I see the possibility that their smartphones will be compromised, and I would prefer not to have compromised devices in my private LAN if I can help it. This, and also the fact that being in my private LAN does not provide any benefit to my friends, makes me want to create a separate wireless guest network, which I would then use with my own smartphone.
I am currently considering opening all ports for incoming IPv6 TCP and UDP traffic for devices on this separate guest network.
My reason for this is the significantly improved service reliability. As a practical example, I use the XMPP Conversations conversation app which supports sharing, for example images, but it doesn't work very well as much as myself as the ; other people are in our respective local area networks, probably because none of us have open (IPv6) or forwarded (IPv4) ports for our smartphones.
Just to verify this assumption, I opened all the IPv6 ports for my smartphone only. And voila, image sharing has worked perfectly since.
The general implications of opening a router's IPv6 firewall have been widely discussed here, but I think my situation with the guest network for smartphones and other mobile devices is not entirely clear. fact comparable because
- Smartphones are designed to be directly connected to the Internet anyway, so shouldn't have any problems with open IPv6 ports.
- This would only affect the completely separate guest network, any device in which, from the point of view of a device in my local network, would be any other device on the public Internet.
Is this good reasoning or is there something important that I can't see?