An IPv4 to IPv6 reverse proxy service similar to http://v4-frontend.netiter.com/
Email Jon@9072997.com
The IP addresses of clients are checked against AbuseIPDB
The world is running out of IPv4 addresses, so NAT is commonly used to share a single public IPv4 address between multiple users. NAT has the side effect of blocking incoming connections. The best solution to this would be for everyone to get connected to the IPv6 internet, where NAT is not necessary. Unfortunately, many users are not connected to the IPv6 internet. If you have a connection to the IPv6 internet, this service allows you to run many types of servers in a way that will allow IPv6 users to connect directly to you, while allowing IPv4 users to fall back to connecting through my IPv4-to-IPv6 reverse proxy.
2001:db8::1:0:0:1
you would use 2001-0db8-0000-0000-0001-0000-0000-0001.withfallback.com
.foo.2001-0db8-0000-0000-0001-0000-0000-0001.withfallback.com
Yes, as long as you only need support for HTTP, HTTPS, and/or TLS. Just use a CNAME
or ALIAS
record to point to 2001-0db8-0000-0000-0001-0000-0000-0001.withfallback.com
(substitute in your own IPv6 address). If you cannot use a CNAME
/ALIAS
record, you can manually add an A
record for 45.33.22.33
and an AAAA
record for your IPv6 address, though this may break if I ever have to change the server’s public IPv4 address.
DNS queries for some-ipv6-address.withfallback.com always return an AAAA
record for the given IP, and an A
record for my reverse proxy. If the client supports IPv6, they can connect directly to the IPv6 address. If not, they will connect to the proxy. The proxy uses name-based virtual hosting to figure out which site the client was trying to connect to and proxies the connection for them. The source code for all this is available here, though it’s not really packaged in a way that is designed for re-use.
Connections from the reverse proxy always come from 2600:3c00:e000:03f5::/96
with the last 32 bytes of the IPv6 address being the client’s IPv4 address. The source port is also preserved in case you care about that.
It supports DNS, as long as you don’t use vanity nameservers. Set your nameservers to something like 2001-0db8-0000-0000-0001-0000-0000-0001.withfallback.com
(substitute your DNS server’s IPv6 address).
It also has very limited support for running your own DNS server for the withfallback.com
domain itself. For now you can only set A
, AAAA
, MX
, and TXT
records, and everything is limited to a TTL of 5 minutes.
Do you want one? You will need to install WireGuard.
If you control the firewall, change your firewall rules to allow incoming connections on the appropriate port. If not, see the above question.