How to port-forward IPv6 in m0n0wall

How do i port-forward IPv6 packets in m0n0wall?

For example i want to forward traffic arriving on port 443 of my router to another IPv6 address:

• Interface: WAN
• Protocol: TCP
• External port range: 443
• Destination address: 2607:f8b0:4009:801::1053
• Destination port range: 443
• Description: https goes to secure server

Or for other kinds of services:

• Interface: WAN
• Protocol: TCP+UDP
• External port range: 3784
• Destination address: 2607:f8b0:4009:801::1058
• Destination port range: 3784
• Description: Ventrilo

IPv6 removes the need for NAT; but how do i port-forward?

Bonus Question

How do i port-forward IPv4 in m0n0wall?

For example i want to forward traffic arriving on port 443 of my router to another IPv4 address:

• Interface: WAN
• Protocol: TCP
• External port range: 443
• Destination address: 74.125.225.53
• Destination port range: 443
• Description: https goes to secure server

Or for other kinds of services:

• Interface: WAN
• Protocol: TCP+UDP
• External port range: 3784
• Destination address: 74.125.225.58
• Destination port range: 3784
• Description: Ventrilo

i know how to NAT to a private internal address, but my servers are not behind a NAT proxy – they are directly connected to the internet, each with a publically routable IPv4 address, e.g.

74.125.225.53

i want people to only have to know one address, e.g.:

superuser.com -> 64.34.119.12

but have my m0n0wall router forward the packets to the appropriate machine.

Extraneous bonus chatter

i have a web-server that is directly connected to the internet using IPv6, listening on port 80.

In the olden days i would give people one address:

superuser.com

and that address resolves to a router, which forwards packets to the appropriate machine.

But with the advent of IPv6, and the removal of NAT, it is no longer possible to give people on address name, e.g.:

• http://superuser.com
• irc://superuser.com
• ftp://superuser.com
• news://superuser.com
• https://superuser.com
• ventrilo://superuser.com
• torrent://superuser.com

doesn't work. That's because superuser.com resolves to the same IPv6 address, e.g.:

2607:f8b0:4009:801::100e

And the other servers are on other addresses:

http      -> 2607:f8b0:4009:801::1031
irc       -> 2607:f8b0:4009:801::1041
ftp       -> 2607:f8b0:4009:801::1059
news      -> 2607:f8b0:4009:801::1026
https     -> 2607:f8b0:4009:801::1053
ventrilo  -> 2607:f8b0:4009:801::1058
torrent   -> 2607:f8b0:4009:801::1097

So a user is now forced to memorize other address names, e.g.:

www.superuser.com
wwws.superuser.com
ventrilo.superuser.com
torrent.superuser.com
irc.superuser.com
news.superuser.com

rather than the single:

superuser.com

for everything.

i like only having to know one name. i want that back again. How do i get it back again? How do i port-forward in IPv6?

Update 2:

Another issue is when multiple host names are supposed to be the same server

http://www.superuser.com:80
http://m.superuser.com:80
http://mobile.superuser.com:80
http://english.superuser.com:80
http://spanish.superuser.com:80
http://latin.superuser.com:80
...

What i really want is just:

*.superuser.com

to resolve to the same address, and :80 is forwarded to the server.