OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: mahescho on December 12, 2018, 10:04:17 pm
-
Hi,
for some good reason :) I need to map a IPv6 address to an internal RFC1918 IPv4 address.
IPv6-Client -> IPv6-Port-At-Firewall -> IPv4-Port-Internal-RFC1918-Address
E.g. a TCP relay which listens on a IPv6 address / port on the firewall and forwards all Traffic to a internal RFC 1918 IPv4 address / port. Some thing like this:
socat TCP6-LISTEN:1234,fork TCP4:1.2.3.4:1234
or
6tunnel -6 1234 1.2.3.4 1234
or using xinetd
service rdp_port_forward
{
flags = IPv6
disable = no
type = UNLISTED
socket_type = stream
protocol = tcp
user = nobody
wait = no
redirect = 1.2.3.4 1234
port = 1234
}
What is the best way to do this or some thing similar with Opnsense? Can this be done by a simple pf rule or perhaps by haproxy?
TIA
-
I have implemented Streams in the nginx plugin which has been released today but haproxy should be able to do this as well. Both are similar in configuration so use whatever you have already on your machine. Please note that you will loose the real source IP unless the upstream service is capable of the PROXY protocol which is supported by both.
-
Thanks. Well I think I will use nginx as I use it to implement client certificates already. I would prefer haproxy but it does not support client certificates by gui in Opnsense AFAIK. The target client software does not support IPv6 at all so loosing the source IP is the trade off here anyway.
-
HAProxy should support client certificates as well (https://github.com/opnsense/plugins/issues/426).
-
Missed this one ... thanks for the hint !