From nobody Tue May 13 13:09:52 2025
X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZxcJp3mMhz5wpXn
	for <freebsd-net@mlmmj.nyi.freebsd.org>; Tue, 13 May 2025 13:10:02 +0000 (UTC)
	(envelope-from SRS0=8FBu=X5=klop.ws=ronald-lists@realworks.nl)
Received: from smtp-relay-int-backup.realworks.nl (smtp-relay-int-backup.realworks.nl [87.255.56.188])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZxcJn59L3z47Mx
	for <freebsd-net@freebsd.org>; Tue, 13 May 2025 13:10:01 +0000 (UTC)
	(envelope-from SRS0=8FBu=X5=klop.ws=ronald-lists@realworks.nl)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=klop.ws header.s=rw2 header.b=uUcUywU7;
	spf=pass (mx1.freebsd.org: domain of "SRS0=8FBu=X5=klop.ws=ronald-lists@realworks.nl" designates 87.255.56.188 as permitted sender) smtp.mailfrom="SRS0=8FBu=X5=klop.ws=ronald-lists@realworks.nl";
	dmarc=pass (policy=quarantine) header.from=klop.ws
Received: from smtp-relay-int-backup.realworks.nl (crmpreview6.colo2.realworks.nl [10.2.52.36])
	by mailrelayint2.colo2.realworks.nl (Postfix) with ESMTP id 4ZxcJd13YjzFd
	for <freebsd-net@freebsd.org>; Tue, 13 May 2025 15:09:53 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=klop.ws; s=rw2;
	t=1747141793;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type;
	bh=N/4qJkpe2Rd9hqC/1dPpacCYKXsMLlGXElBwdelSdy4=;
	b=uUcUywU7EU3AmDrku57BcBTOMoJUFWzxm14qmPBXTTwqFgFCIhulDiQl6U9u3U1im/s5rP
	Ix3CvPSTx54Et+uXUOWw+s3OpiJlrR/m+/5LSg8BT8DKlzHXb+ULXR69ArVXMm+MWmr58m
	XfdHVv1d+/O5rAANoLYfVqaznFGvgCK9qZrdYRFM9IqwL3N7HYvwPSDQSQTP9GIx65+X38
	8BRcaD4SvVNTuTkvM9k6dFGTqhiujJr+EajPBamMZt4qa3SSw65TS68B44YNm6q0cAkvOp
	AQBQQMEw5WwGfMOxCQghJgAWnaQCtRYl2HW5ndyAB0RbcrCJhQhsmCUnG01Y9A==
Received: from crmpreview6.colo2.realworks.nl (localhost [127.0.0.1])
	by crmpreview6.colo2.realworks.nl (Postfix) with ESMTP id 229D72001E6
	for <freebsd-net@freebsd.org>; Tue, 13 May 2025 15:09:52 +0200 (CEST)
Date: Tue, 13 May 2025 15:09:52 +0200 (CEST)
From: Ronald Klop <ronald-lists@klop.ws>
To: freebsd-net@freebsd.org
Message-ID: <1895453271.6640.1747141792650@localhost>
Subject: ipfw port forwarding ipv6 to localhost?
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@FreeBSD.org
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_6639_1001044677.1747141792642"
X-Mailer: Realworks (749.22)
X-Originating-Host: from (83-81-212-149.cable.dynamic.v4.ziggo.nl [83.81.212.149])
	by crmpreview6.colo2.realworks.nl [10.2.52.36]
	with HTTP; Tue, 13 May 2025 15:09:52 +0200
Importance: Normal
X-Priority: 3 (Normal)
X-Originating-User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:138.0) Gecko/20100101 Firefox/138.0
X-Rspamd-Queue-Id: 4ZxcJn59L3z47Mx
X-Spamd-Bar: /
X-Spamd-Result: default: False [-0.74 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_SHORT(-1.00)[-0.997];
	NEURAL_HAM_LONG(-0.93)[-0.931];
	DMARC_POLICY_ALLOW(-0.50)[klop.ws,quarantine];
	MID_RHS_NOT_FQDN(0.50)[];
	NEURAL_SPAM_MEDIUM(0.39)[0.386];
	FORGED_SENDER(0.30)[ronald-lists@klop.ws,SRS0=8FBu=X5=klop.ws=ronald-lists@realworks.nl];
	R_DKIM_ALLOW(-0.20)[klop.ws:s=rw2];
	R_SPF_ALLOW(-0.20)[+ip4:87.255.56.128/26];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	RCPT_COUNT_ONE(0.00)[1];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	ASN(0.00)[asn:38930, ipnet:87.255.32.0/19, country:NL];
	ARC_NA(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	HAS_X_PRIO_THREE(0.00)[3];
	FROM_NEQ_ENVFROM(0.00)[ronald-lists@klop.ws,SRS0=8FBu=X5=klop.ws=ronald-lists@realworks.nl];
	FROM_HAS_DN(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-net@freebsd.org];
	RCVD_COUNT_TWO(0.00)[2];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_NONE(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org];
	DKIM_TRACE(0.00)[klop.ws:+]

------=_Part_6639_1001044677.1747141792642
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

Quick question. I have Jenkins running on port 8443 as it is running as an unprivileged user.
To keep the URLs sane I do this in IPFW:

add nat 1 ipv4 from any to any via epair8b
nat 1 config if epair8b log redirect_port tcp 127.0.0.1:8443 443

Which works fine for years already.

Now I am configuring more and more IPv6 in my network.
Playing around by using an ipv6 address in that config gives errors and the man page gives me the idea that nat is ipv4 only.
# ipfw add nat 2 ipv6 from any to any via epair8b
# ipfw nat 2 config if epair8b log redirect_port tcp ::1,8443 443
ipfw: unknown host

Can I do a similar ipfw action for ipv6?

NB: I'm aware that I can install a simple proxy in between to do this on L7. But that is my plan B.

Regards,
Ronald.
 
------=_Part_6639_1001044677.1747141792642
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html><head></head><body>Hi,<br>
<br>
Quick question. I have Jenkins running on port 8443 as it is running as an unprivileged user.<br>
To keep the URLs sane I do this in IPFW:<br>
<br>
add nat 1 ipv4 from any to any via epair8b<br>
nat 1 config if epair8b log redirect_port tcp 127.0.0.1:8443 443<br>
<br>
Which works fine for years already.<br>
<br>
Now I am configuring more and more IPv6 in my network.<br>
Playing around by using an ipv6 address in that config gives errors and the man page gives me the idea that nat is ipv4 only.<br>
# ipfw add nat 2 ipv6 from any to any via epair8b<br>
# ipfw nat 2 config if epair8b log redirect_port tcp ::1,8443 443<br>
ipfw: unknown host<br>
<br>
Can I do a similar ipfw action for ipv6?<br>
<br>
NB: I'm aware that I can install a simple proxy in between to do this on L7. But that is my plan B.<br>
<br>
Regards,<br>
Ronald.<br>
&nbsp;</body></html>
------=_Part_6639_1001044677.1747141792642--