What is this?

An IPv4 to IPv6 reverse proxy service similar to http://v4-frontend.netiter.com/

How do I report abuse?

Email Jon@9072997.com

The IP addresses of clients are checked against AbuseIPDB

AbuseIPDB Contributor Badge

Why would I want this?

The world is running out of IPv4 addresses, so NAT is commonly used to share a single public IPv4 address between multiple users. NAT has the side effect of blocking incoming connections. The best solution to this would be for everyone to get connected to the IPv6 internet, where NAT is not necessary. Unfortunately, many users are not connected to the IPv6 internet. If you have a connection to the IPv6 internet, this service allows you to run many types of servers in a way that will allow IPv6 users to connect directly to you, while allowing IPv4 users to fall back to connecting through my IPv4-to-IPv6 reverse proxy.

Which services are supported?

How do I use this?

Can I use a custom DNS name?

Yes, as long as you only need support for HTTP, HTTPS, and/or TLS. Just use a CNAME or ALIAS record to point to 2001-0db8-0000-0000-0001-0000-0000-0001.withfallback.com (substitute in your own IPv6 address). If you cannot use a CNAME/ALIAS record, you can manually add an A record for and an AAAA record for your IPv6 address, though this may break if I ever have to change the server’s public IPv4 address.

How does this work?

DNS queries for some-ipv6-address.withfallback.com always return an AAAA record for the given IP, and an A record for my reverse proxy. If the client supports IPv6, they can connect directly to the IPv6 address. If not, they will connect to the proxy. The proxy uses name-based virtual hosting to figure out which site the client was trying to connect to and proxies the connection for them. The source code for all this is available here, though it’s not really packaged in a way that is designed for re-use.

How do I get the client’s original IPv4 address?

Connections from the reverse proxy always come from 2600:3c00:e000:03f5::/96 with the last 32 bytes of the IPv6 address being the client’s IPv4 address. The source port is also preserved in case you care about that.

Does this support UDP-based protocols?

It supports DNS, as long as you don’t use vanity nameservers. Set your nameservers to something like 2001-0db8-0000-0000-0001-0000-0000-0001.withfallback.com (substitute your DNS server’s IPv6 address).

It also has very limited support for running your own DNS server for the withfallback.com domain itself. For now you can only set A, AAAA, MX, and TXT records, and everything is limited to a TTL of 5 minutes.

I don’t have a public IPv6 address

Do you want one? You will need to install WireGuard.

I have a public IPv6 address, but I can’t accept incoming connections

If you control the firewall, change your firewall rules to allow incoming connections on the appropriate port. If not, see the above question.