v6/v4 DNAT-like functionality in Linux
Benedikt Stockebrand
me at benedikt-stockebrand.de
Wed Jul 7 12:33:05 CEST 2010
Hi Ben and list,
Ben Jencks <ben at bjencks.net> writes:
> Here's the problem: I currently run IPv4 on a private network, and use
> a Linux router with DNAT and SNAT/MASQUERADE on the edges to let
> internal hosts open outbound tcp connections with specific external
> hosts on specific ports, also over IPv4. I'd like to use IPv6 in the
> private network, but still do the same DNAT to IPv4 so that it looks
> the same from outside.
> [...]
> I might be able to rig something up with netcat6 piped to itself, but
> that sounds fragile, and it would be nice to just do it in netfilter.
> Also, there doesn't seem to be any pure-v6 DNAT functionality either,
> to redirect v6 tcp streams to a local address.
>
> Is there such a module? Am I missing another, possibly more generic,
> way of doing things? Does anyone else have this need?
nc may be a bit of a kludge for this job, but consider using socat as
a transparent (aka. application agnostic) proxy. I am using it for
that sort of job for a few years now and it works without problems. I
suppose if you had a significant number of ports to forward you might
even start it via inetd, but I've never had a reason to try this.
Unless you are really desperate for performance this approach should
get you all the flexibility as well as portability (at least within
the Un*x world) you may need.
Cheers,
Benedikt
--
Business Grade IPv6
Consulting, Training, Projects
Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/
More information about the ipv6-ops
mailing list