IPv6 port forward with differenet source port (redirect)

Hello!
I can open the firewall for the router on port 22. But it is not secure enough.
How could I telnet via ipv6 form 12345 to 22.
I tried this but, it is not working:

config rule
        option proto 'tcp'
        option src 'wan'
        option src_port '12345'
        option dest_port '22'
        option target 'ACCEPT'
# the router ipv6 address
        option dest_ip '2001:470:1f1b:5b5:0:0:0:1'

but it is now working. if i remove the src port, i can accept the router but that is port 22, i want it to be 12345.

if i want to port with ipv6 via 22 port, it works:

config rule
        option proto 'tcp'
        option src 'wan'
        option dest_port '22'
        option target 'ACCEPT'
# the router ipv6 address
        option dest_ip '2001:470:1f1b:5b5:0:0:0:1'

IPv6 doesn’t typically use NAT.

Configure the service, allow that public IPv6 address and port to be forwarded in through the router, you’re done.

how to do that? "Configure the service, allow that public IPv6 address and port to be forwarded in through the router, you’re done."

You want to use "src_dport" instead of "src_port".

config rule
	option proto 'tcp'
	option dest_port '22'
	option src_dport '12345' # which should be forward from 12345 to port 22 ssh router
	option target 'ACCEPT'
	option dest_ip '2001:470:1f1b:5b5:0:0:0:1'
	option family 'ipv6'
	option src 'wan'
	option name 'ROUTER SSH IPv6'

not working :confused:

patrikx3@workstation:~/Projects/nuaxia/nuaxia-frontend-workspace/projects/video-library/dist$ ssh 2001:470:1f1b:5b5:0:0:0:1 -p 12345
ssh: connect to host 2001:470:1f1b:5b5:0:0:0:1 port 12345: Connection refused

i could not to set it up, i created a 2nd instance form dropbear on the given port 12345 and now i can open the ipv6. i think redirect nat is missing from ipv6 so i suppose it will not work, only this new dropbear instance could be solved.

Normally NAT is not used in IPv6.
Moreover in your case you are using a rule to allow a flow, not a redirect to forward a port to another one. "src_port" is tricky cause it specifies the port that the SSH client will use, which is most of the time random between 1024 and 65536.
"src_dport" is the original destination port before it is NATed, but this is not applicable in your case.
"dest_port" is the destination port in case of a rule or the final destination port in case of NAT (not your case).

config rule
        option proto 'tcp'
        option src 'wan'
        option dest_port '22'
        option target 'ACCEPT'

This rule can cover both IPv4v6 on the normal port 22.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.