NAT 6to4 to a remote system to provide IPv4 connectivity to IPv6 only systems
Hey all,
I've got a handful of VPSes that only have IPv6 access (absolutely zero IPv4 access) and wanted to utilize another server I own that has dual stack connectivity to forward ports to the IPv6 only VPS. Was wondering if anyone has attempted a setup like this before in the past and how you got it to work as you wanted.
Thanks!
Cheap dedis are my drug, and I'm too far gone to turn back.
Comments
I would build a zerotier network, connect all VPSs to that network, assign ipv4 addresses to the zerotier interface and set the dualstack VPS as the gateway.
The all seeing eye sees everything...
Was leaning toward that doing some of my own research but just wanted to see what others had come up with, mostly out of curiosity/experiences... I'll give that a whirl
Cheap dedis are my drug, and I'm too far gone to turn back.
Setup wireguard. Works for me from a dual stack to ipv6.
Will check zerotier too... @terrorgen
6to4 is a very specific thing: https://en.wikipedia.org/wiki/6to4, and is not applicable here.
It's not correct to use the term for anything converting v6 to v4 or vice versa.
What could work is NAT64, set up a "public" NAT64 server using global IPs, then make the other hosts use its DNS64 as their nameservers. And then instead of actually leaving it public, whitelist your specific VPS IPs in firewall and block the rest, so the entire world can't route through it.
Or of course, any VPN solution where your v6-only nodes would connect to dual-stack ones and route the v4 traffic through those.
IPv6 input, IPv4 output
https://talk.lowendspirit.com/discussion/1556/personal-proxy-ipv6-input-and-ipv4-output
https://talk.lowendspirit.com/discussion/1564/personal-proxy-on-ipv6-nat-ipv4-server
IPv4 input, IPv6 output
https://talk.lowendspirit.com/discussion/1560/personal-proxy-ipv4-input-and-ipv6-output
If all you need is inbound port forwarding (no need for IPv6-only boxes to access IPv4 network), you may not need NAT.
Consider socat or possibly iptables.
Accepting submissions for IPv6 less than /64 Hall of Incompetence.