Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can ipv6 virtual server point at ipv4 pool elements?

    Scheduled Pinned Locked Moved IPv6
    7 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hcoin
      last edited by

      Any reason a virtual server on the WAN with an ipv6 address can't include a server member in its balancing pool on a LAN side subnet that has a private (RFC 1918) ipv4 address?

      It ought to work, but then…

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        With the built-in load balancer (relayd) it's all done in NAT so you can't do that. With a true proxy like HAproxy, it might work but I haven't tried it.

        Relayd doesn't actually proxy. The source address is preserved and the original connection is forwarded, so it all has to stay in the same address family.

        HAProxy accepts a connection and initiates its own new connection out to the server locally, so it's possible that might be able to mix families in this way, though I wouldn't hold my breath.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          PiBa
          last edited by

          HAProxy should be able to mix v6 frontends and v4 backends and/or the other way around.. The transparent-clientip feature wont work due to the fact that v4 and v6 dont cannot be mixed in 1 ip connection.. Other that that it should all be fine :).

          1 Reply Last reply Reply Quote 0
          • H
            hcoin
            last edited by

            Thanks everyone!

            For me IPv6 awaits what you might call a 'killer app'.  Right now, it represents a black hole for work time, and what do I have to talk about to people who use tech as an everyday tool?  "Well, you can do everything you did before, except some websites won't work."

            For transitional purposes, what I'd really like to see is a pure outbound NAT that could map a whole block of v6 on the lan side to a single v6 on the wan side– because 'real isps' don't 'just delegate' /64 or anything else for that matter consistently.

            Longer term:  In the same spirit as the 'just click this if you want a transparent proxy" for squid, I'd like to see a similar 'one click config' that maps an internal fc00:/something space to two ISPS in a 'real' way ( choosing ISP via per dest ip metric).  The Npt/load balancer gateway possibility is a 'sort of'.  A necessary feature is the ability to deny IPv6 access to all in an alias because some users want routine access to Netflix or other services that ... do ... not ... like ... this v4 range or that v6 range.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              1. As IPv4 addresses evaporate, some sites will be IPv6 only. If it hasn't started happening already, it's only a matter of time.

              2. No. Just NO. You do not need nor want NAT with IPv6 and doing that only allows ISPs to get away with bad and invalid IPv6 configurations. IPv6 is not scarce. Do not allow them to treat it as such.

              3. There is already an example config for IPv6 Multi-WAN. No need to use private space on LAN, you can use one native and NPt to map the other. It does require static addressing on both IPv6 WANs, though.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • H
                hcoin
                last edited by

                Thanks much.

                Re #1: So true, and so opaque to the nice folks who have this long list of things they'd like done.

                Re #2…. The firm but gentle encouragement I give along these lines has the same result the cashier at the grocery store gives when I explain "But I contribute to open source software, do I still have to pay?"

                Re #3:  Time for a "Track" option on Npt.  Until then, I'd like to see the "Filer" package back so I don't have to move custom scripts along with config.xml.

                Still need a way to 'turn off' v6 only for all hosts in an alias as a transitional thing.

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by

                  @hcoin:

                  Re #2…. The firm but gentle encouragement I give along these lines has the same result the cashier at the grocery store gives when I explain "But I contribute to open source software, do I still have to pay?"

                  Not an apt comparison at all. If you're paying someone for connectivity and they aren't routing you an IPv6 block for use internally, they aren't providing what you're paying for.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.