I've been searching around in the Internet for quite a time to find some answers, but did not find satisfying ones.
We are in the process of deploying IPv6 in our infrastructure and got into some trouble. In the IPv4 world, we try to avoid running services using the root account, so if a service needs access to a port < 1024 (typically web services, but not limited to), we use ipnat to map the port to a higher port number.
According to my research, network address translation is regarded as a taboo by the IPv6 community, and my colleague from the network department claims that therefore there are no mapping capabilities on our firewalls (Juniper) for IPv6. It also seems to me that ipfilter neither supports NAT for IPv6 (while it supports filtering).
As I am not an expert on IPv6 and Linux/Unix system administration (yet, still working on it), it is not unlikely that I missed the point, so here is my question:
Is there any solution to
- either to map a port below 1024 to a port above or equal to 1024 for an IPv6 address,
- or to allow a non-root user to access a port below 1024
Thanks in advance for any kind of help