3

Our non-IT company uses a IPv4-only webservice which only allows access from our (whitelisted) IPv4 ip. This ip is assigned to one of our VPSes (this VPS also has a IPv6 assigned to it).

We usually SSH tunnel from other IPv4 machines in to this VPS and use the ip address via the proxy settings in Firefox. This works exactly how we want it, but not on our IPv6-only machines. These can SSH tunnel in to the VPS with it's IPv6 address, but then we can only use the IPv6 of the VPS and not the IPv4.

Is there any way to use the IPv4 from this VPS, and maybe use the VPS as a intermediate server to 'translate' the requests? We prefer a tunnel-like solution but every possible tool is allowed if it helps us to achieve our goal.

We already tried most ways of setting up a ssh connection (ssh & sshuttle) and also did things with socat, but haven't had luck yet and most solutions we find are about turning IPv4 into IPv6, not IPv6 to IPv4.

Rick
  • 53
  • 1
  • 5
  • So if I understand correctly, you use `ssh -D ` and you configure `localhost:` as SOCKS5 proxy in Firefox? Did you check the remote DNS option? – Piotr P. Karwasz Nov 15 '19 at 21:18
  • @PiotrP.Karwasz Solved. You sent me in the right direction by asking about the remote DNS option. What I did was: connect to SSH on the remote server with `ssh -p [PORT] -D 8080 [IPv6]`. What I also had to do after I added the SOCKS5 proxy to Firefox was: go to 'about:config' in Firefox and change 'network.proxy.socks_remote_dns' to 'True' instead of 'False'. Thank you! – Rick Nov 16 '19 at 11:11
  • So it was a DNS problem (that option is also a checkbox in Firefox Preferences). The interesting part is why you IPv6 hosts cannot resolve your webservice, while the IPv4 can: maybe you don't have IPv6 DNS servers? Note that the IPv4 only hosts won't need DNS proxying to visit http://ipv6.google.com/ (an IPv6-only page). – Piotr P. Karwasz Nov 16 '19 at 17:11

1 Answers1

1

Let's draft a more comprehensive explanation if the problem should affect also other people. The OP is connecting to the web through a SOCKS5 proxy established with:

ssh -D <local_port>

Unfortunately there is a Firefox bug, which doesn't allow IPv6-only hosts to connect to an IPv4 address using the proxy. They must enable DNS proxying too.

In the other direction, IPv4-only hosts can connect to an IPv6 address using the proxy.

Piotr P. Karwasz
  • 5,748
  • 2
  • 11
  • 21
  • Thank you for this explanation and the link to Bugzilla, this could really help others (and me, now understanding what was going on). – Rick Nov 16 '19 at 21:15