HAProxy as a IPv4 gateway for IPv6-only hosts with IPv4 NAT

etc_network_interfaces

[ ... ]

auto vmbr0
iface vmbr0 inet static
    [ ... ]
    post-up echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
    post-up iptables -t mangle -N DIVERT
    post-up iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
    post-up iptables -t mangle -A DIVERT -j MARK --set-mark 74
    post-up iptables -t mangle -A DIVERT -j ACCEPT
    post-up ip rule add fwmark 74 lookup 100
    post-up ip route add local 0.0.0.0/0 dev lo table 100

[ ... ]

haproxy.cfg

global
	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	daemon

	maxconn 256

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# set default parameters to the intermediate configuration
	tune.ssl.default-dh-param 2048
	ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
	ssl-default-bind-options no-sslv3 no-tls-tickets
	ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
	ssl-default-server-options no-sslv3 no-tls-tickets

defaults
	log	global
	mode	http
	option	dontlognull
	timeout connect 6000
	timeout client 900000ms
	timeout server 900000ms
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

listen http-in
  # replace 1.2.3.4 with your public IP
	bind 1.2.3.4:80 transparent     # transparent here
	source 0.0.0.0 usesrc clientip  # and usesrc clientip here make the requests appear from the real IPv4

  # fake server for requests not going to any of the domains below
	server nomatch 1.1.1.1:80

	use-server dom1 if { req.hdr(Host) -m end mydomain1.com }
	    server dom1 192.168.24.101:80

	use-server dom2 if { req.hdr(Host) -m end mydomain2.com }
	    server dom2 192.168.24.102:80

  use-server dom3 if { req.hdr(Host) -m end sub1.mydomain3.com }
	    server dom3 192.168.24.103:80

listen https-in
	mode tcp
  # replace 1.2.3.4 with your public IP
	bind 1.2.3.4:443 transparent
	source 0.0.0.0 usesrc clientip

  # inspect SNI headers
	tcp-request inspect-delay 5s
	tcp-request content accept if { req.ssl_hello_type 1 }
	tcp-request content reject

  # again, fake default server
	server nomatch 1.1.1.1:443

	use-server dom1_ssl if { req_ssl_sni -m end mydomain1.com }
	    server dom1_ssl 192.168.24.101:443

	use-server dom2_ssl if { req_ssl_sni -m end mydomain2.com }
	    server dom2_ssl 192.168.24.102:443

	use-server dom3_ssl if { req_ssl_sni -m end sub1.mydomain3.com }
	    server dom3_ssl 192.168.24.103:443

Do you also have this for the other way around (an IPv4 server that needs to be able to listen to ipv6 ) ?