# operating a mailserver through tunnel to IPv6 cloud?

## KarlisRepsons

Hi all!

As it's already known, IPv4 addresses are scarce, but IPv6 is still not as operational as it should be. Having to put up with it, it's been a while since I run a mailserver, which is there to receive mails, but another server from LAN subsequently takes them all out. The server with external IP(v4) is also used to relay outgoing mail.

Now for the problem: can anyone tell me how to make the current primary server (with an external IPv4 address) unnecessary? That is: to connect the real server in LAN through some tunnel to IPv6 cloud and do the same thing more efficiently? I hope I was clear enough, otherwise please let me know what needs to be clarified...

----------

## Schnulli

well....... this should work... generally..... 

All you need to do is setting up a working tunneling System with routing and bridging.... both IP Segments Routing added.. Endpoints etc. configured.. Security setup.... 

- radvd -tun6to4 -bgp ...... thats it ^^

There is no need to have a public IPv6..... and to warn you !!! better be aware of using Ipv6 at time external, just TO MANY backdoors ^^

----------

## KarlisRepsons

 *Schnulli wrote:*   

> There is no need to have a public IPv6..... and to warn you !!! better be aware of using Ipv6 at time external, just TO MANY backdoors ^^

 

Well fine, I realize that people are used to the idea of locking up into LAN. But that is such an ugly thing, I mean IPv4! Just like if Internet was still solely for USA military or wouldn't make real sense! (I seem to remember that it started out of US army network, didn't it?)

No need for public IPv6? What did you mean? Are you saying: no need to avoid all the mess with extra tunnels and NAT evil, because the current networks, systems and people are all together a larger mess to have with IPv6?

----------

## Schnulli

Hi Karlis,

naaaaa... IPv6 itself makes a sense...... but right now it is still buggy, very buggy... You should ONLY use it when you know about all this Problems.... remember, IPv6 is an ABSOLUTE Adressing..... unique Adresses..... i guess you know what i am talking about.. right?  :Wink: 

This what you have in mind dosnt need any public Ipv6, what for? You can tunnel what ever to where ever you want..... if you place a IPv6 Tunnel inside the IPv4 Net or other direction makes no difference.... just a hint.. ssh is a Crypted Tunnel over IPv4 or 6.... VPN .. VoIP same... 

We are running some tun6to4 and so on, works fine, but we forward/route ONLY non public traffic and IP´s  :Wink: 

----------

## KarlisRepsons

Then I'll give an example problem and what should be done to comfortably stagnate in IPv4:

we have a gentoo machine, which runs some services like sshd and dovecot -- a small server; such machine has to be able to work provided just the most casual LAN connection behind NAT, all ports open, but no router/NAT adjustments or similar possibilities provided.

How would you solve it?

----------

## Schnulli

 *KarlisRepsons wrote:*   

> Then I'll give an example problem and what should be done to comfortably stagnate in IPv4:
> 
> we have a gentoo machine, which runs some services like sshd and dovecot -- a small server; such machine has to be able to work provided just the most casual LAN connection behind NAT, all ports open, but no router/NAT adjustments or similar possibilities provided.
> 
> How would you solve it?

 

HI again Karlis,

well, more than just one possible way....

first, a dedicated and permanent VPN connection, this requires as well routing, add route bla bla bla, S/DNAT (FullNat on a Linux Router+Server), or Portforwarding like easily be done at most Routers  :Wink: 

The other is a Tunnel... any port can be used, its just ur decission done and set  up in your configuration, even over port 80 it would work, you will also need a configured routing and Portforwarding

What does Routing mean?... simple both LAN IP Segments like this: add route 192.168.168.0/32 mask 255.255.255.0 gateway bla bla bla. the other , secnd destination LAN Segment needs it as well..........both should be able to communicate between each other, this is to be done with add route on both LAN´s :Wink: ... thats it

third..... when ur behind a Linux Router/Server.. teach him Bridging..(bind the Public IP to a Virtuall Iface, the real NIC has NO IP for bridging=> transparent !  :Wink:  ) bridging can be done on all in/out coming/going traffic , on IP Segemnts or simple IP´s... i would use IP Bridging, more comfortable and avoids unwanted Traffic ... then set up a tunnel.... so all traffic will be transfered kinda "transparent" through the Bridge(Router) or named Brouter  :Wink: ... routing has to be done as well.... thats it

some configuration on Iptables/Etables..... and it will work.....

A hint.. when u call someone abroad.... how does it work? easy logic eh?? nearly the same way works IP Routing....  :Wink: 

But... you will allways need to configure at least some small portforwardings etc on the Router.... no Access to the Router, no luck....

----------

## KarlisRepsons

 *Schnulli wrote:*   

> But... you will allways need to configure at least some small portforwardings etc on the Router....

 

So you yourself proved that you're so very entrenched in IPv4 stuff! Happy enough to not even read what previously renders your answer .. useless or almost useless. Sorry.

I might need to add, that I meant: no external routing/NAT adjustments can be provided! Just the LAN connection behind NAT and a server.

Now again it looks like I don't know any other real solution than having a public IPv6 address... Can you keywords-list some 5 examples of backdoors, if they are then so many with IPv6?

----------

