configure IPv6 connectivity for an IPv4 mailserver in the DMZ
Hi,
I am trying to configure NAT64 for mailserver in the DMZ. External interface has a valid IPv6 address. Interface in the DMZ has a valid IPv6 address. I have no IPv6 DNS server internally.
Is there any way to configure this using NAT64? Can anyone tell me how or point me to the right documentation?
I only found a 2020 document. But that does not help me any further (https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-nat-policies-for-ipv6-to-ipv4-traffic/190122012317986/) because it does not translate the traffice to a dedicated internal server.
Best Answer
-
Arkwright All-Knowing Sage ✭✭✭✭
I am not sure that document is relevant to your scenario as your Sonicwall won't be handling the relevant DNS queries.
Surely if you have enough v6 address space to give the WAN and DMZ interfaces v6 IPs, then you can give the mailserver a v6 IP as well? I am assuming that you mean a global IP when you say "valid IPv6 IP". Even if you don't, you could try NATing the global IP on your WAN to a link-local IP on your mailserver.
If your mailserver is not new enough to support IPv6 then......just give up now 😁
0
Answers
Thank you for the response.
How did you solve this?
I'm also trying a similar layout:
I'm trying to make a NAT policy to translate IPv4 to IPv6.
I did not resolve it. Did not find the right way to do this.
Thanks, I'm still trying here.
So I think you should consider unmark that post as "CORRECT ANSWER" since it may be misleading.
I think I misunderstood that Sonicwall KB article. The Sonicwall does not have to do anything with DNS, the idea is that some other DNS server returns specially-formatted 6-to-4 replies. I think the KB article only covers an outbound access scenario for clients behind a Sonicwall.
So it probably applies to you @FRE but it's not clear to me if "mailer" is in your network or on the internet somewhere.
It may or may not apply to you @Jan but probably it's still more straightforward just to give the server the correct IP addressing in order to make it work without DNS-based hacks.
Thanks @ARKWRIGHT.
Server "mailer" is inside network. I've posted my issue in details here (https://community.sonicwall.com/technology-and-support/discussion/5528/translate-ipv4-to-ipv6).
Please have a look if you can, I would be (very) glad to hear some ideas on this.
Well, the answer is marked as correct because the last remark was ":f your mailserver is not new enough to support IPv6 then......just give up now: Actually it is not the mailserver (and spamfilter etc) that is not ready for IPv6. But I do not want to implement IPv6 internally yet. And I was looking or a way the Soniceall could answer to an IPv6 request and translate that to IPv4. And even that NAT rule uses an IPv6 DNS internally. So my Sonicwall cannot do the job I want.