Static IPv4 address and IPv6 - 'Pass-Thru-Mode'

Looking over the 'Forum' for the past 7 years this is an on-going problem:

Short: I have had a static IPv4 along with IPv6 running for the past +14 years. Two different ISP's which included four modems and three different firewalls. None have failed to achieve this configuration until I received a DPC3939B that replaced the CG3000DCR which started to have a lot of errors. When I explained to the Comcast technician that I use IPv6 he was surprised, then stated quickly to not put the modem into 'Bridge Mode' as it will 'Brick' the device. I asked again, what? He stated it again that it will 'Brick' if put into 'Bridge Mode'

I am unable to achieve IPv6 connections thru the Comcast modem and a separate firewall to my network. The Netgear (CG3000BCR) worked flawlessly during the past six years. I found that I can ping my firewall from the outside over IPv6, this also includes any other device directly plugged into the Comcast modem. I also found that any device that is not directly connected, meaning thru a firewall or router, the packets are able to leave to the Internet but would be blocked coming back as the modem would see these as a 'threat' as you can not turn off the IDS WAN-to-LAN option in any modem I currently have access to that uses Comcast Business. Looking at the log files inside the modem confirmed that they are being blocked when coming back.

My question is - what good is 'Pass-Thru-Mode' as Comcast calls it? If it only works with directly connected devices, then you would have to rely on the firewall of each device.

As stated - I do not care what modem I use as long as it can be used with a static IPv4 IP and that I can continue to use IPv6 as I have for the last +14 years. Nothing I can do will let WAN-to-LAN packets thru the modem, if not directly connected to the modem itself. I run servers as IPv6, all incoming must pass thru the modem without being blocked, and all firewall activities will be taken care of later. I would like the Comcast firewall to be 'Off'. This problem has been around for years and years. The only modem that could handle this was the Netgear, which is now EOL.

I went to another location that has the 'Technicolor' 'CGA4131COM' modem also with static IPv4. I configured a second router/firewall as to not interfere with the current network getting IPv6 addressing by mistake. Went to test the IPv6 and the first test did show an address but stated that the browser will not use IPv6 due to problems. It did have an IPv6 address for the connected machine which matched what the web-page saw. I could not pull up any IPv6 web-page. I checked the logs of the Comcast modem. Again it displayed a ton of 'Threats' being blocked from the outside during the last few minutes. The firewall I set up was with automatic IPv6 configuration on the WAN side and to use 'SLAAC' on the LAN. There were no logs for any issues during this test, for the connected firewall.

Currently running a 'Tunnel Broker' for my IPv6 - overall IPv6 speed is reduced by ~20%, but the quickness of web pages outweighs the speed loose. Only problem I have seen has been with 'Comcast' - Comcast uses mainly IPv4 servers, where Xfinity uses IPv6. Comcast uses Xfinity servers for account log-in credentials. Comcast servers seems to have difficulties passing data from an account in IPv6 to IPv4 when the ISP of the two protocols are different. Temporary fix is to disable IPv6 during log-in to any Comcast account, then re-enable it after you are logged in.

Is there a fix, that I am missing? If not, will there ever be a fix? Until then I am stuck with a 'Tunnel Broker' for my IPv6 addressing.

IPv6 is not difficult, actually if understood, it is simple.

Kind Regards.