documentation:examples:nat64
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
documentation:examples:nat64 [2019/06/04 15:08] – [Stateful (lsn)] olivier | documentation:examples:nat64 [2020/01/02 17:34] – [Router 2] olivier | ||
---|---|---|---|
Line 15: | Line 15: | ||
==== Downloading BSD Router Project images ==== | ==== Downloading BSD Router Project images ==== | ||
- | Download BSDRP serial image (prevent to have to use an X display) | + | [[https:// |
==== Download Lab scripts ===== | ==== Download Lab scripts ===== | ||
Line 55: | Line 55: | ||
< | < | ||
- | sysrc hostname=VM1 | + | sysrc hostname=VM1 |
- | sysrc gateway_enable=NO | + | |
- | sysrc ipv6_gateway_enable=NO | + | |
- | sysrc ifconfig_vtnet0_ipv6=" | + | |
- | sysrc ipv6_defaultrouter=" | + | |
service hostname restart | service hostname restart | ||
service netif restart | service netif restart | ||
Line 71: | Line 71: | ||
< | < | ||
- | sysrc hostname=VM2 | + | sysrc hostname=VM2 |
- | sysrc ifconfig_vtnet1=" | + | |
- | sysrc ifconfig_vtnet0_ipv6=" | + | |
service hostname restart | service hostname restart | ||
service netif restart | service netif restart | ||
Line 167: | Line 167: | ||
=== VM2 === | === VM2 === | ||
- | Configure a stateful NAT64 with ipfw, and enable logging: | + | Configure a stateful NAT64 with ipfw: |
< | < | ||
sysrc firewall_enable=YES | sysrc firewall_enable=YES | ||
sysrc firewall_script="/ | sysrc firewall_script="/ | ||
+ | echo "# Temporary fix to avoid panicing a 12-stable:" | ||
echo " | echo " | ||
cat > / | cat > / | ||
Line 216: | Line 217: | ||
</ | </ | ||
- | ==== Stateless ==== | + | ==== Stateless |
=== VM2 === | === VM2 === | ||
Line 233: | Line 234: | ||
${fwcmd} table T46 create type addr valtype ipv6 | ${fwcmd} table T46 create type addr valtype ipv6 | ||
${fwcmd} table T64 create type addr valtype ipv4 | ${fwcmd} table T64 create type addr valtype ipv4 | ||
+ | ${fwcmd} table T46 add 2.2.1.1 2001: | ||
+ | ${fwcmd} table T64 add 2001: | ||
${fwcmd} nat64stl NAT64 create table4 T46 table6 T64 | ${fwcmd} nat64stl NAT64 create table4 T46 table6 T64 | ||
${fwcmd} add allow icmp6 from any to any icmp6types 135,136 | ${fwcmd} add allow icmp6 from any to any icmp6types 135,136 | ||
Line 241: | Line 244: | ||
service ipfw start | service ipfw start | ||
- | sysctl net.inet.ip.fw.verbose=1 | ||
</ | </ | ||
=== Testing === | === Testing === | ||
Line 248: | Line 250: | ||
< | < | ||
- | [root@VM1]~# | + | [root@VM1]~# |
- | PING6(56=40+8+8 bytes) 2001: | + | PING6(56=40+8+8 bytes) 2001: |
- | 16 bytes from 64:ff9b::a00:1703, icmp_seq=0 hlim=63 time=1.105 ms | + | 16 bytes from 64:ff9b::202:203, icmp_seq=0 hlim=63 time=1.037 ms |
- | 16 bytes from 64:ff9b::a00:1703, icmp_seq=1 hlim=63 time=0.216 ms | + | 16 bytes from 64:ff9b::202:203, icmp_seq=1 hlim=63 time=1.048 ms |
- | 16 bytes from 64:ff9b::a00:1703, icmp_seq=2 hlim=63 time=0.199 ms | + | 16 bytes from 64:ff9b::202:203, icmp_seq=2 hlim=63 time=1.560 ms |
- | --- 64:ff9b::10.0.23.3 ping6 statistics --- | + | --- 64:ff9b::2.2.2.3 ping6 statistics --- |
3 packets transmitted, | 3 packets transmitted, | ||
- | round-trip min/ | + | round-trip min/ |
</ | </ | ||
- | And check IPv4 source addresses seen by VM3: | + | From IPv4 only host, ping NAT64 IPv4 address corresponding to VM3 IPv6 address: |
< | < | ||
- | [root@VM3]~# tcpdump | + | [root@v4TST64]~# ping -c 3 2.2.1.1 |
- | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | + | PING 2.2.1.1 |
- | listening on vtnet1, link-type EN10MB | + | 64 bytes from 2.2.1.1: icmp_seq=0 ttl=63 time=17.147 ms |
- | 13:15:29.862862 ARP, Request who-has 10.0.23.3 tell 10.0.23.2, length 46 | + | 64 bytes from 2.2.1.1: icmp_seq=1 ttl=63 time=1.409 ms |
- | 13:15:29.862879 ARP, Reply 10.0.23.3 is-at 58: | + | 64 bytes from 2.2.1.1: icmp_seq=2 ttl=63 time=5.017 ms |
- | 13:15:29.863081 IP 10.0.64.161 > 10.0.23.3: ICMP echo request, id 1024, seq 0, length 16 | + | |
- | 13: | + | --- 2.2.1.1 ping statistics --- |
+ | 3 packets transmitted, 3 packets received, 0.0% packet loss | ||
+ | round-trip min/ | ||
</ | </ | ||
- | You can check firewall logs too on R2: | + | And check on VM3 |
< | < | ||
- | Feb 17 13:15:29 VM2 kernel: | + | [root@rTST64]~# |
- | Feb 17 13:15:29 VM2 kernel: ipfw: 400 Accept ICMP:8.0 10.0.64.161 10.0.23.3 out via vtnet1 | + | nat64stl NAT64 |
- | Feb 17 13:15:29 VM2 kernel: ipfw: 400 Accept ICMPv6:129.0 [64: | + | 6 packets translated from IPv6 to IPv4 |
- | Feb 17 13:15:29 VM2 kernel: ipfw: 400 Accept ICMPv6:129.0 [64: | + | 6 packets translated from IPv4 to IPv6 |
+ | | ||
+ | | ||
+ | | ||
+ | 0 output packets discarded due to no IPv4 route | ||
+ | | ||
+ | | ||
+ | 0 packets discarded due to memory allocation problems | ||
+ | 0 packets discarded due to some errors | ||
</ | </ | ||
documentation/examples/nat64.txt · Last modified: 2020/01/02 19:36 by olivier