OK BizSetup Email Server From Scratch On FreeBSD #2 - 99 FreeBSD NAT64 Router
We believe in data independence, and support others who want data independence.
This tutorial is partially complete 2025-08-07
This is version 2 and everthing works up to and including Roundcube.
########################
# FreeBSD NAT64 Router #
########################
Our PBX cloud servers only support IPV4 and my home internet uses IPV6 and VOIP
phones do not work properly with this configuration. Outgoing calls to the PBX
work but incoming calls do not, the VOIP server isn't able to initiate the connection
back to the phone. I have tried VPN and that doesn't work. The VOIP phone does
support IPV6 so if I could connect by IPV6 the phone might work. If we setup a
dedicated server to convert IPV6 to IPV4 and route all calls to the IPV4 only PBX,
it might work.
I chose Azure USWest 2 to host the test FreeBSD server. One concern is that routing
all calls from the IPV4 to IPV6 will cause the server to be inaccessible so it is
better to setup 2 virtual NIC's each with 1 IPV4 and 1 IPV6, total 4 addresses.
The problem is that even though you might not need to setup a dual gateway it is
a good idea to test that all 4 addresses are working as expected. Azure is a little
strange as it doesn't have the IP addresses directly but is more similar to a home
or office network where the external addresses are routed to a private internal
network.
If one address is set as the main address with a default route and default ipv6
route then how do test the second NIC? If a ping comes in through the second NIC
it gets routed to the first NIC and this doesn't work. There are some tutorials
showing how to route incoming traffic back out the same NIC with ipfw but I
haven't gotten that far yet.
nano rc.conf
# ---
# main4 - the main default interface with default ipv4 route
ifconfig_hn0="SYNCDHCP"
# main6 - the main default ipv6 interface with default ipv6 route
ifconfig_hn0_ipv6="inet6 fddd:dddd:dddd:1::6 prefixlen 64"
ipv6_defaultrouter="fddd:dddd:dddd:1::1"
# proxy4 - the second interface with 2 manual route to route to local and the test server
ifconfig_hn1="inet 192.168.90.90 netmask 255.255.255.0"
static_routes="r1 r2"
route_r1="-net 192.168.90.0/24 192.168.90.1"
route_r2="-host 172.22.22.22 192.168.90.1"
# proxy6 - a second ipv6 interface with a manul route to the test server 2708:1123:abcd:afcd::10
ifconfig_hn1_ipv6="inet6 fddd:aaaa:aaaa:1::90 prefixlen 64"
ipv6_static_routes="v3 v4"
# Routing to fddd:aaaa:aaaa:1::90 works, but fddd:aaaa:aaaa:1::1 doesn't work
ipv6_route_v3="fddd:aaaa:aaaa:1:: -prefixlen 64 fddd:aaaa:aaaa:1::90"
ipv6_route_v4="2708:1123:abcd:afcd:: -prefixlen 64 fddd:aaaa:aaaa:1::90"
# ---
# home network to main network card
ping main4 - works
ping6 main6 - works
ssh -6 main6 - works most of the time
# server to proxy network card
ping proxy4 -works
ping6 proxy6 - works
ssh -6 proxy6 - works on FreeBSD 14.2
ssh -6 proxy6 - did not work on FreeBSD 13.4
I also tested with ssh and sometimes it works and sometimes it doesn't. With the
latest FreeBSD as client and server ssh works. FreeBSD 13.4 as client would not
connect with ssh -6 to the test FreeBSD 14.2 router. With Debian 12.8 as a
client use ssh -6 user@main6 works most of the time, sometimes it doesn't connect
on the first try. This intermittent behavior is on the main6 interface with the
default route so probably not related to the dual routing.
# Notes
# Continue to do it the right way
# if you get stuck on boot use
zfs set readonly=off zroot
# Check routing tables for fib
netstat -r -F 1
Dual Homed host using rc.conf works with fibs
nano /boot/loader.conf
# ---
# fibs
net.fibs=2
net.add_addr_allfibs=1
# ---
nano /boot/loader.conf
# ---
ipfw_load="YES"
ipfw_nat_load="YES"
net.inet.ip.fw.default_to_accept="1"
# fibs
net.fibs=2
net.add_addr_allfibs=1
# ---
nano /etc/rc.conf
# ---
ipv6_activate_all_interfaces="YES"
# main4
ifconfig_hn0="SYNCDHCP"
# main6
ifconfig_hn0_ipv6="inet6 fddd:dddd:dddd:1::6 prefixlen 64"
ipv6_defaultrouter="fddd:dddd:dddd:1::6"
ifconfig_hn1="inet 192.168.90.90 netmask 255.255.255.0 fib 1"
ifconfig_hn1_ipv6="inet6 fddd:aaaa:aaaa:1::90 prefixlen 64 fib 1"
## works, inititally could not get right syntax for ipv6_static_routes
# static_routes="r1 r2 v1 v2"
## proxy4
# route_r1="-inet 192.168.90.0/24 192.168.90.1"
# route_r2="-inet default 192.168.90.1 -fib 1"
## proxy6
# route_v1="-inet6 fddd:aaaa:aaaa:1:: -prefixlen 64 fddd:aaaa:aaaa:1::90 -fib 1"
# route_v2="-inet6 :: fddd:aaaa:aaaa:1::90 -fib 1"
# proxy4
static_routes="r1 r2"
route_r1="-inet 192.168.90.0/24 192.168.90.1"
route_r2="-inet default 192.168.90.1 -fib 1" # works
# proxy6
ipv6_static_routes="v1 v2"
ipv6_route_v1="fddd:aaaa:aaaa:1:: -prefixlen 64 fddd:aaaa:aaaa:1::90 -fib 1"
ipv6_route_v2=":: fddd:aaaa:aaaa:1::90 -fib 1"
# ---