IPv4 NAT port forwarding and IPv6 port forwarding
-
Hello hive mind.
I have an IPv4 port forward set up for IPv4 TCP through the nat port forwarding config, which sends WAN address port 8003 -> 10.42.1.3 port 80. This works.
However, if I connect to my pfsense box on IPv6 TCP port 8003, it appears to be an alternative port for the web interface. What I would like to have happen is, when I connect to IPv6 TCP port 8003, it is also redirected to IPv4 TCP port 80 on my internal host. This is causing issues, since sometimes I have an IPv6 address and sometimes I do not. When I have an IPv6 address, I have to use the current IPv4 WAN address and port, and when I do not I can use DNS names. As my WAN address can and will change, this is a PITA.
Smaller routing software gets this right, but I suspect they use a different technique: OpenWRT, for instance, will do what I describe as the default behavior. I know I can run some sort of port forwarding on the pfsense box; what is recommended in the pfsense ecosystem if this is my only option?
I understand network protocols very, very well, so please, no one tell me IPv6 should be routed and IPv4 should be NATed, as that is not the issue I am having.
Thanks!
–Michael -
As far as I understand what you would need for that is NAT64 which pfSense doesn't have yet.
-
You can't redirect IPv6 to IPv4. There are translation mechanisms, but I don't think pfSense supports them. Also, why do you even need port forwarding on IPv6? It's used on IPv4 to get around NAT, but on IPv6, every device should have a global unicast address. This means you don't have to get around anything. Just used the appropriate IPv6 address.
-
"no one tell me IPv6 should be routed and IPv4 should be NATed, as that is not the issue I am having."
How is that not exactly your problem? Confused.
So does this box behind pfsense not have an IPv6 address?
So this fqdn you want to use to get to whatever gets forwarded to port 80. Why not just hit the same fqdn, if you use ipv4 it gets fowarded to your box IPv4 address on 80. If you use fqdn that resolves to http://fqdn:8003 and its IPv6 - just have this box that is listening on 80 on ipv4 just listen on 8003 on its ipv6 address.
-
Another solution would be : Use the solution that was made to handle all these questions, and more : use a VPN.
VPN is build into pfSense.You will gain : a secured access. No more natting or other setups are needed.
Btw : I have a IPv4 WAN that can change - and a IPv6 (WAN) that never changes. When I VPN 'in' (using a fqdn for my IPv4 WAN, maintained by … pfSense).
My VPN connection also gives me a IPv6 so I can access all LAN devices - pfSense included - using IPv4 or IPv6, but I don't care, I used device host names. -
While I agree, and sure hope he is not forwarding traffic to something that is not meant to be public consumed. He is forwarding to port 80 - so assumed it was some public sort of website.
If this is a private use app your running - then by all means the correct solution would be to vpn into pfsense and then access whatever it is you want.