Why? Imagine you have an IPv6-only VM on an IPv4 and IPv6 enabled Host, or for some reason IPv4 is routed differently on the VM than IPv6 (think VPN). Then you want to access your VM from an IPv4-only internet access point. Pretty much impossible, you’d think. But fear not! socat comes to rescue \ud83d\ude42<\/p>\n
SOcket CAT is the swiss army knife for network sockets, even when iptables can’t help you any more:<\/p>\n
socat TCP4-LISTEN:<LPORT>,fork TCP6:[2001:db8::8]:<DPORT><\/pre>\n<LPORT> is the listen port on the Host. It can be anything, but if you want to run socat as a non-privileged user, it should be > 1024. <DPORT> is the destination port on the IPv6-only VM to forward <LPORT> to. Of course this is not arbitrary. The parameter fork<\/em>\u00a0makes socat keep listening after a connection is established. Otherwise it would exit after the connection is closed.<\/p>\n
A systemd-unit would look like this:<\/p>\n
[Unit]\r\nDescription=Forward Port to IPv6\r\nRequires=sys-subsystem-net-devices-br0.device\r\nAfter=sys-subsystem-net-devices-br0.device\r\n\r\n[Service]\r\nUser=nobody\r\nExecStart=\/usr\/bin\/socat TCP4-LISTEN:44444,fork TCP6:[2001:db8::8]:3389\r\n \r\n[Install] \r\nWantedBy=multi-user.target<\/pre>\nThe Requires and After order the service after the network bridge (br0) for your VM. Change it accordingly.<\/p>\n
If your use case would be RDP (like above), and your favorite RDP client is rdpk<\/a>, you can add a Host <IPv4-Address-of-Host>:44444<\/em>\u00a0to rdpk and be done! Luckily rdpk passes the Hostname verbatim to xfreerdp \/v:<\/em> \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"
Why? Imagine you have an IPv6-only VM on an IPv4 and IPv6 enabled Host, or for some reason IPv4 is routed differently on the VM than IPv6 (think VPN). Then you want to access your VM from an IPv4-only internet access point. Pretty much impossible, you’d think. But fear not! socat comes to rescue \ud83d\ude42 … Continue reading IPv4 to IPv6 Forwarding<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[77,76],"tags":[125,123,124],"class_list":["post-395","post","type-post","status-publish","format-standard","hentry","category-linux","category-network","tag-port-forwarding","tag-rdpk","tag-socat"],"_links":{"self":[{"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=\/wp\/v2\/posts\/395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=395"}],"version-history":[{"count":3,"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=\/wp\/v2\/posts\/395\/revisions"}],"predecessor-version":[{"id":398,"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=\/wp\/v2\/posts\/395\/revisions\/398"}],"wp:attachment":[{"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}