Getting through an ipv6 -only router with ipv4

2

My situation is the following, I have a website hosted on a linux machine(with apache2), unfortunately my router (unitymedia) provides only a port filtering for the IPv6 adresses, but no port forwarding for IPv4. Then I have created a noip account, I have created a domain name and installed a duc on my machine. Noip has given a kind of virtual IPv4 number to my machine so I thought it would work, unfortunately the connections from IPv6 works but the IPv4 connections that are not local return a timeout error. (IPv4 connections on the local network work).

I think there are two possibilities, the box is cutting the IPv4 connection or the website is replying with IPv6 on the virtual IPv4 connection (is that possible ?).

Is there a way to get around this trouble ? (I cannot change the box/router).

edit:

if I try to use socat I obtain the following error :

sudo socat TCP4-LISTEN:22,fork,su=nobody TCP6:[2a02:xxxx:xxx:xxxx:xxxx:xxxx:xxxx:xxx]:22

socat[10594] E bind(5, {AF=2 0.0.0.0:22}, 16): Address already in use

Trebok

Posted 2018-02-18T21:36:48.003

Reputation: 23

2

If you’re a Unitymedia customer in Germany, you most likely have DS Lite. That means native IPv6 connectivity but carrier-grade NAT with IPv4. You simply cannot receive unsolicited IPv4 traffic.

– Daniel B – 2018-02-18T22:23:20.050

You cannot connect to your home network from outside with IPv4. This will never again work. The only solution is to begin using IPv6. – Michael Hampton – 2018-02-18T23:16:30.897

Thank you for informing me !

Well, I would like to access the website (a Nextcloud platform) from the university (but I think the IT department deactivated the ipv6 on the full network, or the firewall is blocking it). Is the Ipv6 tunneling an option ? An other way would be to access it from my mobile phone (from the 4g network), but here again I am stuck. My phone does not access the website and it could be a constructor or an operator fault since constructors and operators are not activating it systematically. Is there a way to make it work ? (I did not found so much info in other topics) – Trebok – 2018-02-19T20:54:11.057

Answers

2

Your main problem is that many providers (50% of all internet accesses in Europe!) provide CGNAT only for IPv4 connections.

This means that many customers share one single IPv4 address and therefore you cannot operate a server on such an internet line. (What if two or three customers want to forward port 80?)

If you have a provider not having IPv6 you are very unlucky in such a situation.

But you have IPv6.

You have two possibilities:

  • The other machine (the one where the web browser is running on) also has IPv6. Then you can directly connect to your server. You can for example install Teredo on an IPv4-only computer to access IPv6 web sites. (Unfortunately many WLAN router firewalls block Teredo.)

  • There are commercial "port forwarding" services that provide you some ports on a fixed IP address. Incoming (IPv4) connections are forwarded to an IPv6 address in the internet (the server in your home). I'm not sure but I think I have read that these services are available starting from 5 Euros/Year (in reality I think you'll pay 15-20 Euros/Year).

Martin Rosenau

Posted 2018-02-18T21:36:48.003

Reputation: 562

Asked: 2018-02-18T21:36:48.003

Viewed: 455 times

Active: 2018-02-19T20:59:29.107