Hello,
I am trying to ask for some help as I need to solve rather difficult situation, which looks like to be far behind my knowledge at the moment.
I have hAP ac3 configured as a classic Home AP Dual config with IPv6 enabled. My WAN (eth1) has fixed public IPv4. On eth2 there is connected small homelab (Intel NUC), which is running VMWare ESXi and will have bunch of VMs running on it. The best thing would be just absolutely ignore IPv4 and its public address and live just with IPv6. However the world is not perfect and I still do have 2 networks outside home, which are running IPv4. I will need to access some services on VMs behind that IPv4 NAT (and I dont really want to go port forwarding way, that would be too much difficult if I am not mistaken).
Is there any way how to passthrough public WAN IP to ESXi running on NUC behind the Mikrotik? Or is there any way how to passthrough requests from IPv4 networks from outside the world to the ESXi running home with IPv6 enabled?
Thank you very much for pointing me the right way.
for some reason you have a block of public IP address handy so you can request your ISP to route the addresses through your wan address
destination nat or the common name, Port forward
set up a VPN on the hap AC3, then use mikrotiks DDNS service if it is a dynamic address
Either the destination nat or the VPN will be a little bit of effort but not as much as you think and the first option costs way to much. Let us know if you would like to look into the last two options and I will send through some more information
Just to add some context to what @AidanAus wrote - as you mention “access some services on VMs” but just a single “fixed public IPv4”, there is no way to handle this without port forwarding anyway, no matter whether that single public IP is assigned to the hAP ac3 or to a virtual router running on the ESXi.
Ah ok, I kinda expected that it will be harder than I thought. I don’t have access to the block of public IPv4. And tbh, I don’t really need them as IPv6 serves me well with some exceptions.
I guess, the only good working solution will be virtual PFSense, with another NIC attached to NUC (homelab is ESXi). I was quite afraid of that, as this will need more deeper knowledge and it will be quite challenging.
Giving the public IP to hAP and having infinite number of port forward rules on dst-nat is not the solution I would like to go, as I am not sure how to handle multiple ESXi hosts behind.
I’m not sure I understand why setting a gazilion of port forwarding rules on pfSense should be easier than setting the same gazilion of port forwarding rules directly on the hAP? It’s a single rule as follows per each service:
True, that would be the same problem. By the way, I have a really dumb question now. I just looked quickly and read little bit about ZeroTier. Isnt that solution I might be looking for?
EDIT: Nevermind, its a dead end too. I will just port forward specific services, that should do the job.