Having the same scenario. My Turris MOX shall be a host computer behind another router (some call this mode ‘IP client’ or ‘bridge’) to play just Ethernet switch, Wi-Fi access point, and/or a NAS. Especially the latter two scenarios should not be uncommon.
Consequently, I have no WAN in Foris → Network interfaces. The section Foris → WAN should do nothing. Instead, Foris gives me LAN → Mode: Computer → IPv4: Automatic Configuration. That is just about IPv4. However, my Turris MOX does enable IPv6 on that very same LAN interface. I see that via SSH and
ifconfig. Nevertheless, it is only a link-local address. Even worse, my Turris MOX advertises itself as IPv6 router and DNSv6 provider; Turris OS is still in router mode when it comes to IPv6.
I digged deeper into that thanks to Wireshark and via sysctl -a. Compared to a client computer with the Debian based Ubuntu 18.04 LTS, the following is different:
net.ipv6.conf.br-lan.forwarding = 1
net.ipv6.conf.br-lan.accept_ra = 0
net.ipv6.conf.br-lan.accept_ra_defrtr = 0
net.ipv6.conf.br-lan.accept_ra_pinfo = 0
The forwarding is set for all interfaces on default via the file
/etc/sysctl.d/10-default.conf (since the year 2013). That is nice for router scenarios but not if I want a host. Should that value not be changed when I do not want ‘Router’ but select ‘Computer’ as LAN mode in Foris? So, this is a bug report to the Turris team.
Furthermore, OpenWRT disables
accept_ra via the file
/etc/init.d/sysctl (since the year 2013 as well) without getting into detail what exactly the problem was. I am not sure whom to blame for /report that.
After fixing those four values myself via the file
net.ipv6.conf.br-lan.forwarding = 0
net.ipv6.conf.br-lan.accept_ra = 1
net.ipv6.conf.br-lan.accept_ra_defrtr = 1
net.ipv6.conf.br-lan.accept_ra_pinfo = 1
I see a working dual-stack single interface (even without needing a DHCPv6 server thanks to SLAAC). Now, on the SSH interface,
ifconfig gives a 2000::/3 and
check_connection does not give
UNKNOWN for the IPv6 Gateway anymore. Instead, I get a
OK for every subtest.
All this should be done automatically. However, as there is no IPv6 test in the Foris interface, I wonder if LAN/Computer/IPv6 is a supported scenario at all. Here in Germany, at least for DSL providers like Telekom Deutschland, United Internet (1&1), and Telefónica (O₂) offer IPv4/IPv6 Dual Stack. Their CPEs come configured my way. Therefore, if that scenario is not supported by Turris OS, yet, I would prefer
net.ipv6.conf.br-lan.disable_ipv6 = 1
Once again: With the default (non-router) configuration, I see unroutable DNS traffic from my home network being sent to my Turris MOX.