iptables for ipv6 address port forwarding to localhost port

Say I want to redirect 2a00:1450:400c:c01::71 on Port 443 to localhost Port 12345.

How to do that with Iptables?

Update

Okey, it's Weechat which running an SSL relay on a port >=1000. It can make connections with IPv4 and IPv6 on this port. So I want to bind a defined IPv6:Port [2a00:1450:400c:c01::71]:443 to IPv6 localhost Port [::1]:12345


Solution 1:

You might cause problems because with IPv6 you're not supposed to NAT, but starting from Linux kernel 3.8 you can do:

ip6tables -t nat -A PREROUTING -p tcp -m tcp \
          -d 2a00:1450:400c:c01::71 --dport 443 -j REDIRECT --to-ports 12345

Solution 2:

This answer is applicable to the original version of the question, before it was edited. For the updated question, the answer given by @SanderSteffann is applicable.

You cannot do that with iptables, because iptables is handling just IPv4 and not IPv6. You cannot do it with ip6tables either, because ip6tables is handling just IPv6 and not IPv4.

There does exist protocol converters, which can convert between IPv4 and IPv6. But those may impose limitations on what IPs they can convert, because IPv4 and IPv6 don't have the same number of IP addresses.

Combining a protocol translator to change the IP address with iptables to change the port number may be possible. But I wouldn't advise using such a combination, in particular not without knowing details about your specific needs.

Either way, the server would not have immediate access to information about the client IPv6 address, because there is no way to embed the entire IPv6 address inside the client IPv4 address visible to the server.

Based on the limited amount of information provided, I would give the same advice that @MichaelHampton did, just run the service on the proper port in the first place. If that's not an option, then ask a better question. Explain what service you tried to run, how you attempted to get it listening on the right port, and how it failed.