On 10/5/19 2:12 AM, Andreas Günther wrote: > Am Freitag, 4. Oktober 2019, 22:22:15 CEST schrieb Timo Sigurdsson: > >> Hi Andreas, > >> > >> Andreas Günther schrieb am 04.10.2019 08:41 (GMT +02:00): > >> > Hi, > >> > > >> > I want to use IPv6 addresses externally and IPv4 with 192.168.1.0/24 > >> > internally on virtual machines in an internal network. > >> > >> <SNIP> > >> > >> > 2) How do I do port forwarding or NAT for e.g. SMTP on incoming > >> > 2a03: 6500: 5ca: 45a :: 3 to 192.168.1.3 > >> > so that I get SSH and SMPT from the outside (IPv6) to inside (IPv4)? > >> > >> I can't answer your question directly as I don't have any experience with > >> NAT64 mechanisms. But what I found pretty easy to set up is IPv6 NAT. I > >> have one machine that does not get a larger global IPv6 prefix that it > >> could use to assign addresses to downstream (virtual) interfaces. So > >> instead I use unique local unicast addresses (ULA fd00::/8) for the > >> downstream interfaces and NAT to translate between the global 2000::/3 > >> addresses and the internal fd00::/8 addresses. That works quite well and > >> the same way as IPv4 NAT in shorewall. A rule in /etc/shorewall6/snat > might > >> look like this (where "enp1s0" is your external interface): MASQUERADE > >> fd1a:2401:185a:ea93::/64 enp1s0 > >> > >> And then you'd have to configure port forwarding just like IPv4. Maybe > this > >> helps. > >> > >> > >> Cheers, > >> > >> Timo > > > > Thanks Timo, > > > > I think this help me on that part. > > The other part here > > > >>> 1) In /usr/share/shorewall6/ I only like macros > >>> macro.mDNS, macro.mDNSbi, macro.Ping, macro.Trcrt > >>> It is possible to use the macros at /usr/share/shorewall/ like > >>> macro.SMTP, macro.Sieve, macro.HTTPS at shorewall6 too? > > > > I don't know why there aren't macro.templats build. Should you build > your own macros like the patterns of IPv4 macros? > > If you run 'shorewall6 show macros', you will find that all of the macros are there. Those that are in /usr/share/shorewall and not in /usr/share/shorewall6 are used by both shorewall and shorewall6.
-Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
