Text only | Text with Images

OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: Morta on September 25, 2022, 04:40:19 PM

Title: NAT Portforwarding with TPC/UDP and IPv4+6
Post by: Morta on September 25, 2022, 04:40:19 PM
Hi!

I have two rules. Exactly the same for 5060 and 8080 Port


(https://abload.de/img/auswahl_0304wix1.png)
(https://abload.de/img/auswahl_031wydji.png)

curl works for IPv4 but not for IPv6. The SERVER has a IPv4 (192.168.1.100) and IPv6(2a02:XXX:a774:2000)

A direct curl on SERVER works with IPv4/6 but a curl on ROUTER IPv6 (192.168.1.1/2a02:XXX:a774::1) doesn't work but IPv4 works
Code Select

[morta@lapt0p ~]$ curl -v6 http://[2a02:XXX:a774::1]:5060
*   Trying 2a02:XXX:a774::1:5060...
* connect to 2a02:XXX:a774::1 port 5060 failed: Die Wartezeit für die Verbindung ist abgelaufen
* Failed to connect to 2a02:XXX:a774::1 port 5060 after 129960 ms: Die Wartezeit für die Verbindung ist abgelaufen
* Closing connection 0
curl: (28) Failed to connect to 2a02:XXX:a774::1 port 5060 after 129960 ms: Die Wartezeit für die Verbindung ist abgelaufen
[morta@lapt0p ~]$ curl -v6 http://[2a02:XXX:a774::2000]:5060
*   Trying 2a02:XXX:a774::2000:5060...
* Connected to 2a02:XXX:a774::2000 (2a02:XXX:a774::2000) port 5060 (#0)
> GET / HTTP/1.1
> Host: [2a02:XXX:a774::2000]:5060
> User-Agent: curl/7.85.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sun, 25 Sep 2022 14:31:34 GMT
< Connection: Keep-Alive
< Content-Type: text/html
< Content-Length: 109
<
<html><head><title>OoklaServer</title></head><body><h1>OoklaServer</h1><p>It worked!<br /></p></body></html>
* Connection #0 to host 2a02:XXX:a774::2000 left intact



What I'm doing wrong?

Title: Re: NAT Portforwarding with TPC/UDP and IPv4+6
Post by: tiermutter on September 25, 2022, 05:00:07 PM
Does the alias "Server" contain both, v4 and v6 adresses?
I think it should be better to use one alias and one redirect rule for each.
Title: Re: NAT Portforwarding with TPC/UDP and IPv4+6
Post by: Morta on September 25, 2022, 05:09:37 PM
Yes. The aliases has a IPv4 and IPv6. I will check later! Thanks for the Input.
Title: Re: NAT Portforwarding with TPC/UDP and IPv4+6
Post by: Morta on September 25, 2022, 06:33:47 PM
(https://abload.de/img/auswahl_032snidn.png)

Now looks like this but doesn't solve the problem
Title: Re: NAT Portforwarding with TPC/UDP and IPv4+6
Post by: i81b4u on September 25, 2022, 08:34:31 PM
Eh ... When trying to get IPv4 and IPv6 connectivity from the internet to a specific host on the LAN-side, I would make a NAT port forward rule for IPv4 and a normal allow rule for IPv6 on the WAN-interface. No need to NAT IPv6, right?

Best regards.
Title: Re: NAT Portforwarding with TPC/UDP and IPv4+6
Post by: i81b4u on September 25, 2022, 08:53:13 PM
To illustrate, the following would have to be done for access to a LAN-host using IPv4 and IPv6 on port 8080.

Firewall: NAT: Port Forward
Code Select
Source Destination NAT
Interface Proto Address Ports Address Ports IP Ports Description

WAN_INTERNET TCP * * WAN_INTERNET address 8080 192.168.1.234 8080 Access from internet to LAN-host
WAN_INTERNET UDP * * WAN_INTERNET address 8080 192.168.1.234 8080 Access from internet to LAN-host


Firewall: Rules: WAN_INTERNET
Code Select
Protocol Source Port Destination Port Gateway Schedule Description

IPv6 UDP * * 2001:0db8:1234::234/64 8080 * * Access from internet to LAN-host
IPv6 TCP * * 2001:0db8:1234::234/64 8080 * * Access from internet to LAN-host
Text only | Text with Images