|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Redirect IPv6 packets to IPv4 and vice versa
Hello,
I have a Java web server that I can't get to listen on ::1 (even when compiling with the with_ipv6 flavor). So I'm thinking maybe I can try to redirect all external traffic that comes on the IPv6 address port 8080 to the internal IPv4 address same port. My machine has both an IPv6 and IPv4 address on the nfe0 interface. Can I even do this with PF? I have tried many different rules without results... Code:
# tried this pass in on nfe0 proto tcp from $ipv6 port 8080 to 192.168.0.101 port 8080 pass out on nfe0 proto tcp from 192.168.0.101 port 8080 to $ipv6 port 8080 # or this pass in on egress proto tcp from any to any port 8080 rdr-to 192.168.0.101 # or this rdr pass on nfe0 from any to $ipv6 port 8080 -> 192.168.0.101 port 8080 Thanks for your help! |
|
||||
For clarity, here are two examples, from one of the two endpoints.
Tunneling IPv6 inside IPv4: # ifconfig gif0 tunnel 10.9.0.51 10.9.0.50 # ifconfig gif0 inet6 fd00::5/64 Tunneling IPv4 inside IPv6: # ifconfig gif0 tunnel fd00::99 fd00::100 # ifconfig gif0 192.168.99.5/24
|
|
||||
Ooops. I have just tested these tunnels, and gif(4) seems to require point-to-point connections for an inner IPv4 connection, not the /24 I posted above.
Here is a correction, then, for IPv4 within IPv6: # ifconfig gif0 tunnel fd00::1 fd00::2 # ifconfig gif0 192.168.99.1 192.168.99.2
|
|
|||
Thanks a lot for you answers and for directing me in the correct direction .
So... I have external IPv6 packets coming in to specific IPv6 address on one interface. The first example is to encapsulate v6 packets into v4 ones so my guess is that the inet6 address is my "public" v6 address, and the destination v4 address is that on which my web server is listening, what's the first one (10.9.0.51) for though? |
|
||||
Quote:
Quote:
Let me restate the problem, and see if I've captured it correctly. You have an application which cannot (at the moment) open an IPv6 socket, yet you have a requirement to have that application send and receive IPv6 packets. If that's the case, then tunneling won't avail you either, because the packets are IPv6 packets, and while they can be tunneled over an IPv4 network, they need an IPv6 socket at the terminating end in order to process them. If you cannot repair your application, perhaps you can insert a transparent proxy in front of it? The relayd(8) tool looks like a possible fit for this. See the discussion of the inet and inet6 instructions in relayd.conf(5). --- While looking for options for you, I discovered that PF can translate between address families. The translation option is called "af-to." I've never used it, and my brief reading in the pf.conf(5) man page it leads me to believe it might not fit your use-case, as it requires /96 or greater prefix lengths, and is for inbound-only translation. |
|
|||
HOLY COW!
It works! Amazing! Using an unbelievable simple relayd.conf: Code:
relay tcp6to4 { listen on my_ipv6 port 8080 forward to 0:0:0:0:0:ffff:c0a8:65 port 8080 inet } Small detail but the man page says that if port xxx is not specified (in forward to) then the one from listen to will be used. I've tried without it but then relayd -n fails: Code:
# relayd -n /etc/relayd.conf:3: syntax error no actions, nothing to do Anyway, thank you so much for suggesting so many solutions! |
|
||||
I am very glad you got it working!
I'm unsure regarding the syntax error, because I'm not very familiar with relayd(), as I don't use it. I set up some layer 7 load balancers in a lab several years ago, and then set it aside. Michael W Lucas has a new book soon to-be-published which covers both httpd(8) and relayd(). I haven't seen any of it yet (other than the occasional clause that got tweeted during its development), but I'll get it ... if only because the cover art is so nice: https://twitter.com/mwlauthor/status/820414929534652416 |
|
|||
Aha, interesting. I have his Absolute OpenBSD but there no how-to on relayd(8). He just refers to The Book of PF for those interested in loadbalancing...
Yes, that was the issue. |
|
||||
And..
I got my lab version working just now with a slightly simpler configuration, because I didn't use inet and selected an IPv4 address. My test webserver was httpd(), listening to 127.0.0.1: Code:
server "default" { listen on 127.0.0.1 port 80 directory auto index } Quote:
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Redirect kernel messages to another vt? | darktrym | NetBSD General | 2 | 16th October 2016 11:52 AM |
US Threatened Germany Over Snowden, Vice Chancellor Says | LeFrettchen | News | 0 | 21st March 2015 09:04 PM |
With World IPv6 Launch, IPv6 on by default will be the new normal | J65nko | News | 0 | 29th March 2012 07:59 PM |
NAT64: OpenBSD 5.1 will translate between IPv4 and IPv6 | J65nko | News | 0 | 27th February 2012 10:37 PM |
VNC and sound redirect | DNAeon | FreeBSD Ports and Packages | 2 | 16th September 2009 07:52 PM |