IPv6 Port Redirection

How to redirect a public IPv6 connection to a different port?
For example:
Public Port 443 to Port 1234 on a local machine? (using GUA address)
I got this working somewhat by using a DNAT Rule to redirect the port (443 to 1234).
But this alone doesn't work.
A "Forward Allow" rule is also needed.
But this will open both ports to the public.
Redirecting the ports on the local machine or using a reverse proxy is not an option.
How to properly do this?


A rule to accept port forwards is needed.

GUA x) I edited my post

So there is no other way to do this?

What is wrong with that? You automatically accept the packets which were DNATed in nat table.

No it doesn't automatically accept DNATed packets.
When I set up the DNAT rule, 443 - > 1234, no packets go through.
I also have to set up a "forward allow rule" to port 1234 to make packets go through.
The problem with that is, that both ports 443 and 1234 are open to the public.
I only want port 443 to be open to the public.

Apparently you didn't apply the rule to accept the port forwards.
If you did apply it, does it have hits?
ip6tables -L -vn | grep "ctstate DNAT"

1 Like

If it's a Global Unicast IP, you need a Traffic Forward Allow Rule; not a Port Forward. There's no NAT (unless something isn't noted by the OP). I wanted to be clear, since they're on different tabs.

Can the traffic forward allow rule change the destination port too?

Not sure...but to NAT IPv6, wouldn't a module be needed?

OP has already done that

I think this is the problem.
I will test this later.
I tought the ctstate RELATED rules would be enough.
Thanks trendy.

Not for IPv6. The related fw3 code does not exist (last I looked).
Manual configuration is needed.

1 Like

adding a "ctstate DNAT" allow rule worked.
Thanks trendy!

1 Like

It was more of a rhetorical question, you don't translate in the allow/deny rule, not even in ipv4. But the OP wants to translate the destination port, so a dnat is needed.

Glad you made it! If the issue is solved please mark the topic accordingly!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.