IPv4 Incoming / Outgoing Connections - Internal Pure IPv6 Network

[geomechanica]

Hello IPv6 word.  I have been busy setting up our new servers with IPv6 support, in anticipation of our new dedicated data line (going in later this month).  In a nutshell, I have built an internal pure IPv6 network, and I need a bit of help / advice on co-existing with IPv4 on my external-facing systems.

Here's the story.  I have setup several Linux systems with IPv6 addresses (no IPv4 addresses internally) on their own internal networks.  I contacted my ISP, and IPv6 is not supported by them at all, therefore I obtained a /48 from tunnelbroker.net for now.  At this point, after some discussions on #ipv6 on freenode, I've decided to put a second NIC into each external system just to simplify my life (one for ipv6 one for ipv4).  I have several (precious) IPv4 addresses allocated to me by my ISP, and right now I am attempting to figure out a few issues:

1) How will my internal IPv6 systems communicate with IPv4 systems that are on the Internet? (i.e. outgoing ipv4 traffic)
2) How will I use an IPv4 firewall / NAT to forward packets arriving on open ports to the internal IPv6 systems? (i.e. incoming ipv4 traffic)

Based on my research so far, I have decided to setup a single system to act as a router for my IPv6 tunnel.  This system will have a static IPv4 address, and will act as my gateway for my servers to connect to IPv6 via the tunnel, and likewise for the IPv6 world to connect to me via that tunnel (unless I misunderstood something?).

I have experience with relatively small networks (~100 systems + VPNs), and I'm a bit lost when it comes to advanced routing and firewall rules.  I really appreciate any advice you can give me :-)

[cholzhauer]

1) How will my internal IPv6 systems communicate with IPv4 systems that are on the Internet? (i.e. outgoing ipv4 traffic)

If your internal servers are only IPv6, you need a way to translate between IPv6 and IPv4.  One of the technologies available for this is 4in6, and I"m sure there are many others.

2) How will I use an IPv4 firewall / NAT to forward packets arriving on open ports to the internal IPv6 systems? (i.e. incoming ipv4 traffic)

Again, you will need a system that translates this and turn IPv4 packets into IPv6 packets.

Based on my research so far, I have decided to setup a single system to act as a router for my IPv6 tunnel.  This system will have a static IPv4 address, and will act as my gateway for my servers to connect to IPv6 via the tunnel, and likewise for the IPv6 world to connect to me via that tunnel (unless I misunderstood something?).

Correct.

You're looking at a lot of work here...the simplest way is to run your internal stuff dual-stacked

[geomechanica]

If your internal servers are only IPv6, you need a way to translate between IPv6 and IPv4.  One of the technologies available for this is 4in6, and I"m sure there are many others.

I understand this at a conceptual level, but it would really help if someone with experience could give some guidance on what technologies work, and what to avoid.  Perhaps there is a book, tutorial or blog I can look at?  I will investigate 4in6 further today.

Regarding a dual-stack configuration, I'm thinking a bit more about it.  To be honest, however, I've really come to like my IPv6 addresses now that I've become used to them, and it seems like a step backward for me to assign IPv4 internally.  On a side note, I also have found a few bugs in packages (Directory 389 was one) that would have worked in a dual-stack environment, and simply did not work in an a pure IPv6 environment.  I like the idea of being able to contribute back to open source projects by testing in a production IPv6 environment, but I do need some form of IPv4 connectivity.