NAT Portforwarding with TPC/UDP and IPv4+6

[Morta]

Hi!

I have two rules. Exactly the same for 5060 and 8080 Port





curl works for IPv4 but not for IPv6. The SERVER has a IPv4 (192.168.1.100) and IPv6(2a02:XXX:a774:2000)

A direct curl on SERVER works with IPv4/6 but a curl on ROUTER IPv6 (192.168.1.1/2a02:XXX:a774::1) doesn't work but IPv4 works

Code: [Select]

[morta@lapt0p ~]$ curl -v6 http://[2a02:XXX:a774::1]:5060
*   Trying 2a02:XXX:a774::1:5060...
* connect to 2a02:XXX:a774::1 port 5060 failed: Die Wartezeit für die Verbindung ist abgelaufen
* Failed to connect to 2a02:XXX:a774::1 port 5060 after 129960 ms: Die Wartezeit für die Verbindung ist abgelaufen
* Closing connection 0
curl: (28) Failed to connect to 2a02:XXX:a774::1 port 5060 after 129960 ms: Die Wartezeit für die Verbindung ist abgelaufen
[morta@lapt0p ~]$ curl -v6 http://[2a02:XXX:a774::2000]:5060
*   Trying 2a02:XXX:a774::2000:5060...
* Connected to 2a02:XXX:a774::2000 (2a02:XXX:a774::2000) port 5060 (#0)
> GET / HTTP/1.1
> Host: [2a02:XXX:a774::2000]:5060
> User-Agent: curl/7.85.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sun, 25 Sep 2022 14:31:34 GMT
< Connection: Keep-Alive
< Content-Type: text/html
< Content-Length: 109
<
<html><head><title>OoklaServer</title></head><body><h1>OoklaServer</h1><p>It worked!<br /></p></body></html>
* Connection #0 to host 2a02:XXX:a774::2000 left intact


What I'm doing wrong?

[tiermutter]

Does the alias "Server" contain both, v4 and v6 adresses?
I think it should be better to use one alias and one redirect rule for each.

[Morta]

Yes. The aliases has a IPv4 and IPv6. I will check later! Thanks for the Input.

[Morta]

Now looks like this but doesn't solve the problem

[i81b4u]

Eh ... When trying to get IPv4 and IPv6 connectivity from the internet to a specific host on the LAN-side, I would make a NAT port forward rule for IPv4 and a normal allow rule for IPv6 on the WAN-interface. No need to NAT IPv6, right?

Best regards.

[i81b4u]

To illustrate, the following would have to be done for access to a LAN-host using IPv4 and IPv6 on port 8080.

Firewall: NAT: Port Forward

Code: [Select]

Source Destination NAT
Interface Proto Address Ports Address Ports IP Ports Description

WAN_INTERNET TCP * * WAN_INTERNET address 8080 192.168.1.234 8080 Access from internet to LAN-host
WAN_INTERNET UDP * * WAN_INTERNET address 8080 192.168.1.234 8080 Access from internet to LAN-host

Firewall: Rules: WAN_INTERNET

Code: [Select]

Protocol Source Port Destination Port Gateway Schedule Description

IPv6 UDP * * 2001:0db8:1234::234/64 8080 * * Access from internet to LAN-host
IPv6 TCP * * 2001:0db8:1234::234/64 8080 * * Access from internet to LAN-host