I'm using one of the tunnel brokers, gogo6/freenet6, for IPv6 in ASG. I've got the tunnel broker address and a /56 subnet, from which I've assigned addresses to the internal LAN interface on the Astaro and on the internal clients.
Since Astaro added the tunnel broker functionality, I've used this setup to access external IPv6 resources. Now I'd like to make a website that I host externally available over IPv6 (works just fine over ipv4). Currently, this will only be for the purpose of a tech demo, so no AAAA dns record will be created yet, only access by IPv6 address.
I'm using a couple of different online IPv6 port scanners to test. I've tried numerous combinations of DNAT and PF rules, with no success. The PF always default drops the packets to port 80 (they both automatically select the tunnel broker address as the target). The DNAT that I thought was most likely to work, but doesn't:
Internet IPv6 --->HTTP--->IPv6 Broker (Address)
translation to internal server
Automatic PF rules
If anyone has successfully hosted internal resources using one of the IPv6 tunnel brokers, I'd appreciate a scrubbed explanation of your setup. [:)]
Updates:
1) Just to test any accessibility from the WAN, I temporarily added Internet IPv6 definition to allowed networks for WebAdmin and tested against port 4444. Showed as open, so that's good.
2) The more that I "play" with the NAT rules, it's looking like they may not be fully IPv6 aware. It appears to be impossible to assign all source and/or network definitions that are v6 only. I'm frequently seeing "The NAT rule object requires an IPv4 address" errors as I try different combinations.
This thread was automatically locked due to age.
