On 10/4/19 1:22 PM, Timo Sigurdsson wrote: > Hi Andreas, > > Andreas Günther schrieb am 04.10.2019 08:41 (GMT +02:00): > >> Hi, >> >> I want to use IPv6 addresses externally and IPv4 with 192.168.1.0/24 >> internally on virtual machines in an internal network. > > <SNIP> > >> 2) How do I do port forwarding or NAT for e.g. SMTP on incoming >> 2a03: 6500: 5ca: 45a :: 3 to 192.168.1.3 >> so that I get SSH and SMPT from the outside (IPv6) to inside (IPv4)? > > I can't answer your question directly as I don't have any experience with > NAT64 mechanisms. But what I found pretty easy to set up is IPv6 NAT. I have > one machine that does not get a larger global IPv6 prefix that it could use > to assign addresses to downstream (virtual) interfaces. So instead I use > unique local unicast addresses (ULA fd00::/8) for the downstream interfaces > and NAT to translate between the global 2000::/3 addresses and the internal > fd00::/8 addresses. That works quite well and the same way as IPv4 NAT in > shorewall. A rule in /etc/shorewall6/snat might look like this (where > "enp1s0" is your external interface): > MASQUERADE fd1a:2401:185a:ea93::/64 enp1s0 > > And then you'd have to configure port forwarding just like IPv4. Maybe this > helps. > >
I would also recommend this approach. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
