bastille icon indicating copy to clipboard operation
bastille copied to clipboard
verified publisher icon BastilleBSD

[ENHANCEMENT] ipv6 rdr support

Open adyxax opened this issue 4 years ago • 5 comments

Is your feature request related to a problem? Please describe. Right now when creating a jail with both a local ipv4 and ipv6 address, only the ipv4 address will be considered for rdr rules by bastille rdr.

Describe the solution you'd like When a jail has both an ipv4 and ipv6 address, each should get rdr rules. I have not tested an ipv6 only jail but after reading https://github.com/BastilleBSD/bastille/blob/master/usr/local/share/bastille/rdr.sh I know it would not work either.

Describe alternatives you've considered A static pf rule like rdr pass on $ext_if inet6 proto tcp from <internet> to <myself> port { http, https } -> ::ffff:10:0:0:2 works around the problem but is cumbersome to maintain.

Additional context I am fluent in shell and more than willing to write a patch then submit a pull request to add this feature. If you are interested, just let me know. Thanks for writing and maintaining such an amazing piece of software!

Have a great day.

adyxax avatar May 26 '21 15:05 adyxax

I appreciate any help in the area of ipv6. Without support from my ISP I feel stuck on the ipv4 train most of the time.

cedwards avatar May 26 '21 16:05 cedwards

@cedwards: I don't know if this works with FreeBSD or not, but Hurricane Electric offers an IPv6 tunnel broker:

https://tunnelbroker.net/

It might be worth looking into if you want to play around. I used it on a project many years ago.

chriswells0 avatar Jun 12 '21 17:06 chriswells0

Right now when creating a jail with both a local ipv4 and ipv6 address

I am curious about your setup. Are you using private ipv4 on vnet and public (routable) ipv6 on your jail? If so, mind sharing your configuration?

janondrusek avatar Jan 15 '22 16:01 janondrusek

I am curious about your setup. Are you using private ipv4 on vnet and public (routable) ipv6 on your jail? If so, mind sharing your configuration?

Sorry for the late response @janondrusek. I am using private ipv4 and private ipv6 on my jails most of the time, with some ipv4 only and some ipv6 only. Just for fun and to flush out any issues that might arise when doing this.

I stumbled on this particular issue while trying to jail different vpn solutions.

adyxax avatar Jan 21 '22 21:01 adyxax

If another data point helps, Azure only does private addresses for both IPv4 and IPv6. Public addresses are created separately and associated with individual (private) IP configurations in network interfaces.

vishwin avatar Feb 24 '22 06:02 vishwin

Since #386 got closed and I since moved on, I am closing this.

So Long, and Thanks for All the Fish!

adyxax avatar Oct 18 '23 20:10 adyxax