From nobody Wed May 14 08:07:49 2025 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Zy5Ym1336z5wKXZ for ; Wed, 14 May 2025 08:07:56 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward500b.mail.yandex.net (forward500b.mail.yandex.net [IPv6:2a02:6b8:c02:900:1:45:d181:d500]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Zy5Yl5ftKz3Md4 for ; Wed, 14 May 2025 08:07:55 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Authentication-Results: mx1.freebsd.org; none Received: from mail-nwsmtp-smtp-production-main-85.iva.yp-c.yandex.net (mail-nwsmtp-smtp-production-main-85.iva.yp-c.yandex.net [IPv6:2a02:6b8:c0c:1a88:0:640:3853:0]) by forward500b.mail.yandex.net (Yandex) with ESMTPS id 0DE1B6097A; Wed, 14 May 2025 11:07:51 +0300 (MSK) Received: by mail-nwsmtp-smtp-production-main-85.iva.yp-c.yandex.net (smtp/Yandex) with ESMTPSA id n7Ca8U0Lb4Y0-0aV2nlhQ; Wed, 14 May 2025 11:07:50 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1747210070; bh=83lQwogOCljiI669qtgbHqdD+bJieiG54OgWSbZdi5c=; h=In-Reply-To:To:From:Date:References:Subject:Message-ID; b=Bv3JpxwzD+1AAZsU1pu89OywIZ9OlrzZNCwRqlujQ3HjHIVnJUqhi07crCC+UgTC+ bqjF8ZQyuxK44UDy4WUCyxaoMsYapgBnp7MOB9sO+URQNqdTEJa79frmzPEyIE4NN5 fIPhJ2Q1U3YAlx0t4I5Tr5d2hyTz7pzCZ60D62+w= Message-ID: Date: Wed, 14 May 2025 11:07:49 +0300 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: ipfw port forwarding ipv6 to localhost? To: Ronald Klop , freebsd-net@freebsd.org References: <1895453271.6640.1747141792650@localhost> Content-Language: ru, en-US From: "Andrey V. Elsukov" Autocrypt: addr=bu7cher@yandex.ru; keydata= xsBNBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAHNJUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT7CwHgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAzOwE0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAcLAXwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i In-Reply-To: <1895453271.6640.1747141792650@localhost> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4Zy5Yl5ftKz3Md4 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU] X-Spamd-Bar: ---- On 13.05.2025 16:09, Ronald Klop wrote: > Quick question. I have Jenkins running on port 8443 as it is running as > an unprivileged user. > To keep the URLs sane I do this in IPFW: > > add nat 1 ipv4 from any to any via epair8b > nat 1 config if epair8b log redirect_port tcp 127.0.0.1:8443 443 > > Which works fine for years already. > > Now I am configuring more and more IPv6 in my network. > Playing around by using an ipv6 address in that config gives errors and > the man page gives me the idea that nat is ipv4 only. > # ipfw add nat 2 ipv6 from any to any via epair8b > # ipfw nat 2 config if epair8b log redirect_port tcp ::1,8443 443 > ipfw: unknown host > > Can I do a similar ipfw action for ipv6? Hi, it is not clear what network topology do you have, but it is probably possible just use ipfw fwd. I.e. something like that: ipfw add fwd ::1,8443 ip6 from any to any 443 proto tcp via epair8b keep-state -- WBR, Andrey V. Elsukov