Map IPv6 to IPv4

[mahescho]

Hi,

for some good reason  :) I need to map a IPv6 address to an internal RFC1918 IPv4 address.

IPv6-Client -> IPv6-Port-At-Firewall -> IPv4-Port-Internal-RFC1918-Address

E.g. a TCP relay which listens on a IPv6 address / port on the firewall and forwards all Traffic to a internal RFC 1918 IPv4 address / port. Some thing like this:

Code Select Expand

socat TCP6-LISTEN:1234,fork TCP4:1.2.3.4:1234

or

Code Select Expand

6tunnel -6 1234 1.2.3.4 1234

or using xinetd

Code Select Expand


service rdp_port_forward
{
    flags           = IPv6
    disable         = no
    type            = UNLISTED
    socket_type     = stream
    protocol        = tcp
    user            = nobody
    wait            = no
    redirect        = 1.2.3.4 1234
    port            = 1234
}


What is the best way to do this or some thing similar with Opnsense? Can this be done by a simple pf rule or perhaps by haproxy?

TIA

[fabian]

I have implemented Streams in the nginx plugin which has been released today but haproxy should be able to do this as well. Both are similar in configuration so use whatever you have already on your machine. Please note that you will loose the real source IP unless the upstream service is capable of the PROXY protocol which is supported by both.

[mahescho]

Thanks. Well I think I will use nginx as I use it to implement client certificates already. I would prefer haproxy but it does not support client certificates by gui in Opnsense AFAIK. The target client software does not support IPv6 at all so loosing the source IP is the trade off here anyway.

[fabian]

HAProxy should support client certificates as well (https://github.com/opnsense/plugins/issues/426).

[mahescho]

Missed this one ... thanks for the hint !