2017-06-12
When you connect your webserver as a client to a Freifunk router in Munich,
you will get an IPv6 address, and you can run your web service just fine.
However, you cannot access it from IPv4-only networks (e.g. mobile networks).
If the router which connects the Freifunk node to the internet has a (dynamic)
IPv4 address, and you are in controll of both of them, you can work around this problem.
We will assume a standard https server available at port 443,
but clearly this will work for other services as well.
Choose an arbitrary port, that is not in use on your Freifunk router (42042 in this example). Configure your router to forward any IPv4 traffic comming in on port 443 to the Freifunk routers port you just chose.
We will now configure the Freifunk node to redirect the incomming
IPv4 requests via IPv6 to our webserver. In order to do so, we must
first accept packets on the chosen port:
Add the following rule to /etc/config/firewall:
config rule 'accept_https_on_42042'
option name 'accept_https_on_42042'
option dest_port '42042'
option src 'wan'
option proto 'tcp'
option family 'ipv4'
option target 'ACCEPT'
Then restart your firewall with : /etc/init.d/firewall restart.
The actual forwarding will be done by a program called socat.
We will tell it to listen on the chosen port, and send all incomming traffic
to our webserver using IPv6. (You may have to install it.)
In order to run the required command at boot, put the following into an
executable file in /etc/init.d/webserver-fwd.sh:
#!/bin/sh /etc/rc.common
START=99
start() {
# wait until boot is complete
sleep 5
# this is the actual work:
socat "TCP4-LISTEN:42042,fork,su=nobody" \
"TCP6:[SERV:ERS:IPV6::ADDR:ESS]:443" &
}
Enable it typing /etc/init.d/webserver-fwd.sh enable.
More on OpenWRT Init scrips can be found
here.
You should now be able to access your webserver via the public IPv4 of your router.
☐