Gitea behind reverse proxy / IPv6 address translation

I have a VM with Gitea behind a pfsense firewall. This VM has IPv4 and IPv6 connectivity. The pfsense has a HAproxy for SSL termination running on IPv4 and IPv6 for accessing the Gitea web frontend. For git operations via SSH i have also set up a NAT for IPv4, so that requests on pfsense:222 are forwarded to gitea:222.

Now i have no idea of how to get this setup properly working for IPv6. The DNS entry for git is pointing to the pfsense, since the HAproxy running there should handle all HTTP requests for gitea (and other VMs, but that’s another story).

However, this DNS entry causes all SSH requests being pointed to the firewall as well. For IPv4 that’s no problem, since port 222 is just NATed to gitea’s IPv4 address.

But i have no idea how to get this setup working for IPv6. The easiest solution would be some kind of address translation for IPv6 as well, so that requests on [pfsense-ipv6]:222 are internally forwarded to [gitea-ipv6]:222.

I also can just open port 222 with [gitea-ipv6] as the destination in the firewall, but then i need a second DNS and have to change ALL origin refernces in ALL cloned working copies which is technically possible, but ugly and lots of work.

What is the common setup for this? How would you solve this?

This sounds like a pfSense issue. Have you tried seeking help on Stack or reaching out to them to inquire about commercial support of their custom-kernel product?