I have a server with multiple VMs running.
I want to access some of those machines from the internet.
However some should be only accessible from the local network.
My ISP gives me a public IPv6 range and a IPv4 address behind a NAT.
My usecases are:
- get to the internet from every machine
- Access webserver from external and internal client as well as laptop (best case by using one public IPv6 address.
- Access database only from internal client/ webserver and pfSense.
- Keep things as simple/ usefull
I decided to use IPv4 internally for simplicity.
I forwarded every connection from Fritzbox to PfSense, so that i could access the admin panel from WAN (deactivated that rule again for security rules).
However i don't know how to forward all traffic from WAN to PfSense on port 443 to 192.168.2.1.
Is it possible to forward IPv6 traffic to a IPv4 address?
Should i use an other setup instead ?
How can i setup PfSense to Forward to the Webserver ? Are there any special keywords i can search for ?
+------------------------+
| |
| Client |
| some random IPv6 |
| |
+------------------------+
|
|
+------------v-----------+
| Internet |
+------------------------+
|
+------------v--------------+ +-------------------------+
| | | |
| Fritzbox from ISP | | Laptop |
| public IPv6 range: | | public IPv6: |
| 1234:2548:c25a:ff00::/56 +---------------> 1234:2548:c25a:ff00::2 |
| | | |
| one IPv4 address, | | local IPv4: |
| not accessable from | | 192.168.1.2 |
| Internet | | |
| 123.45.56.78 | +-------------------------+
| 192.168.1.1 |
+---------------------------+
|
|
+------------v--------------+
| |
| PfSense Virtual Machine |
| public IPv6: |
| 1234:2548:c25a:ff00::3 |
| |
| local IPv4: |
| 192.168.1.3 |
| 192.168.2.1 |
| |
+----------------------------------------------------+
| | |
| | |
| | |
+------v-------+ +------v------+ +-------v-----+
| | | | | |
| Webserver: | | Client | | Database: |
| local IPv4: | | local IPv4: | | local IPv4: |
| 192.168.2.2 | | 192.168.2.3 | | 192.168.2.4 |
| | | | | |
+--------------+ +-------------+ +-------------+
Best Answer
I got my Problem solved, however i had to switch IPv6 for this. I used this tutorial as a help: https://blog.veloc1ty.de/2015/08/22/pfsense-ipv6-delegation-hinter-fritzbox/
Basicly i had to configure my Fritzbox to allow secondary routers and give them a Prefix < 64 Bit (I used the IA_PD and IA_NA Method).
Then i configured the Gateway like shown in the turoial with 60 bits. After that i just needed to create a Firewall Rule for Port 443.
On the Clients a added
iface eth0 inet6 dhcp
to the/etc/network/interface