What is ip6 equivalent of ip4 loopback address for redirect on the same device

Started by opnseeker, February 13, 2026, 11:16:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 13, 2026, 11:16:51 PM
In my setup unbound runs on a loopback interface (used for Opnsense GUI and few other services) at port 53053.

I am trying to write a Dest NAT rule that redirects all DNS requests (from some VLANs) reaching Opnsense (port 53) to 53053 on the loopback interface.

My ip4 rule works with redirect ip as 127.0.0.1. But I can't figure out the equivalent ip6 address. ::1 doesn't work and neither does the ULA address statically assigned to the interface.

Any suggestions would be appreciated.
February 13, 2026, 11:33:27 PM #1
You can't use ::1 but the ULA should work.

In my setup I assigned a ULA VIP to the Loopback interface where Unbound also listens, then with a DNAT rule I forward outbound DNS on port 53 to that ULA IP.  Slightly different use case (to trap and redirect unencrypted DNS escapes) but same principle.  Seems to work OK.
N5105/8GB/4xi226-V (local), J4125/8GB/4xi210 (remote)
26.1 Community
February 14, 2026, 01:14:32 AM #2
Quote from: opnseeker on February 13, 2026, 11:16:51 PMI am trying to write a Dest NAT rule that redirects all DNS requests (from some VLANs) reaching Opnsense (port 53) to 53053 on the loopback interface.

But I can't figure out the equivalent ip6 address. ::1 doesn't work and neither does the ULA address statically assigned to the interface.
Browse this topic : https://forum.opnsense.org/index.php?topic=9245.0

IIRC there are some solutions mentioned for IPv6 ;)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Today at 07:56:28 AM #3
Up to 25.x.x, Port Forward to another port on Opnsense worked.

This issue is new in 26.x.x with thd new Dest NAT section.
Today at 07:58:54 AM #4
Quote from: OPNenthu on February 13, 2026, 11:33:27 PMYou can't use ::1 but the ULA should work.

In my setup I assigned a ULA VIP to the Loopback interface where Unbound also listens, then with a DNAT rule I forward outbound DNS on port 53 to that ULA IP.  Slightly different use case (to trap and redirect unencrypted DNS escapes) but same principle.  Seems to work OK.

My use case is the same but doesn't work for IP6 even with ULA on 26.x.x. It worked until 25.x.x.
Today at 08:39:22 AM #5 Last Edit: Today at 09:10:45 AM by OPNenthu
Can you paste your NAT rule for comparison?

Here are some screenshots of what works for me (on 26.1.2).  I have Unbound set to listen on All interfaces.  Not shown is the manual pass rule for the NAT rdr that was imported from my legacy ruleset into the new rules UI, but the firewall log shows it passing the traffic.  I use an alias in the NAT rule because I have this VIP referenced in several places.

You cannot view this attachment.

You cannot view this attachment.

You cannot view this attachment.
N5105/8GB/4xi226-V (local), J4125/8GB/4xi210 (remote)
26.1 Community
Print
Go Up Pages1
User actions