documentation:examples:nat64
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
documentation:examples:nat64 [2019/06/05 17:47] – [Stateful (lsn)] olivier | documentation:examples:nat64 [2020/01/02 19:31] – [Stateful (lsn)] olivier | ||
---|---|---|---|
Line 55: | Line 55: | ||
< | < | ||
- | sysrc hostname=VM1 | + | sysrc hostname=VM1 |
- | sysrc gateway_enable=NO | + | |
- | sysrc ipv6_gateway_enable=NO | + | |
- | sysrc ifconfig_vtnet0_ipv6=" | + | |
- | sysrc ipv6_defaultrouter=" | + | |
service hostname restart | service hostname restart | ||
service netif restart | service netif restart | ||
Line 71: | Line 71: | ||
< | < | ||
- | sysrc hostname=VM2 | + | sysrc hostname=VM2 |
- | sysrc ifconfig_vtnet1=" | + | |
- | sysrc ifconfig_vtnet0_ipv6=" | + | |
service hostname restart | service hostname restart | ||
service netif restart | service netif restart | ||
Line 85: | Line 85: | ||
< | < | ||
- | sysrc hostname=VM3 | + | sysrc hostname=VM3 |
- | sysrc gateway_enable=NO | + | |
- | sysrc ipv6_gateway_enable=NO | + | |
- | sysrc ifconfig_vtnet1=" | + | |
- | sysrc defaultrouter=" | + | |
service hostname restart | service hostname restart | ||
service netif restart | service netif restart | ||
Line 103: | Line 103: | ||
< | < | ||
- | sysrc tayga_enable=yes | + | service tayga enable |
sed -i "" | sed -i "" | ||
sed -i "" | sed -i "" | ||
Line 131: | Line 131: | ||
</ | </ | ||
==== Testing ==== | ==== Testing ==== | ||
+ | |||
+ | From VM4, start a tcpdump to check IPv4 source address seen by VM3: | ||
+ | |||
+ | < | ||
+ | [root@VM3]~# | ||
+ | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | ||
+ | listening on vtnet1, link-type EN10MB (Ethernet), capture size 262144 bytes | ||
+ | ... | ||
+ | </ | ||
From VM1 (IPv6 only host), ping NAT64 IPv6 address corresponding to VM3 IPv4 address: | From VM1 (IPv6 only host), ping NAT64 IPv6 address corresponding to VM3 IPv4 address: | ||
Line 146: | Line 155: | ||
</ | </ | ||
- | And check IPv4 source | + | From VM3, check source |
< | < | ||
- | [root@VM3]~# | + | ... |
- | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | + | |
- | listening on vtnet1, link-type EN10MB (Ethernet), capture size 262144 bytes | + | |
17: | 17: | ||
17: | 17: | ||
Line 158: | Line 164: | ||
0 packets dropped by kernel | 0 packets dropped by kernel | ||
</ | </ | ||
- | |||
===== IPFW NAT64 (kernel space) ===== | ===== IPFW NAT64 (kernel space) ===== | ||
Line 170: | Line 175: | ||
< | < | ||
- | sysrc firewall_enable=YES | + | service ipfw enable |
sysrc firewall_script="/ | sysrc firewall_script="/ | ||
echo "# Temporary fix to avoid panicing a 12-stable:" | echo "# Temporary fix to avoid panicing a 12-stable:" | ||
Line 217: | Line 222: | ||
</ | </ | ||
- | ==== Stateless ==== | + | ==== Stateless |
=== VM2 === | === VM2 === | ||
Line 234: | Line 239: | ||
${fwcmd} table T46 create type addr valtype ipv6 | ${fwcmd} table T46 create type addr valtype ipv6 | ||
${fwcmd} table T64 create type addr valtype ipv4 | ${fwcmd} table T64 create type addr valtype ipv4 | ||
+ | ${fwcmd} table T46 add 2.2.1.1 2001: | ||
+ | ${fwcmd} table T64 add 2001: | ||
${fwcmd} nat64stl NAT64 create table4 T46 table6 T64 | ${fwcmd} nat64stl NAT64 create table4 T46 table6 T64 | ||
${fwcmd} add allow icmp6 from any to any icmp6types 135,136 | ${fwcmd} add allow icmp6 from any to any icmp6types 135,136 | ||
Line 242: | Line 249: | ||
service ipfw start | service ipfw start | ||
- | sysctl net.inet.ip.fw.verbose=1 | ||
</ | </ | ||
=== Testing === | === Testing === | ||
Line 248: | Line 254: | ||
From IPv6 only host, ping NAT64 IPv6 address corresponding to VM3 IPv4 address: | From IPv6 only host, ping NAT64 IPv6 address corresponding to VM3 IPv4 address: | ||
- | Need to fix setup. | + | < |
+ | [root@VM1]~# | ||
+ | PING6(56=40+8+8 bytes) 2001: | ||
+ | 16 bytes from 64: | ||
+ | 16 bytes from 64: | ||
+ | 16 bytes from 64: | ||
+ | |||
+ | --- 64: | ||
+ | 3 packets transmitted, | ||
+ | round-trip min/ | ||
+ | </ | ||
+ | |||
+ | From IPv4 only host, ping NAT64 IPv4 address corresponding | ||
+ | < | ||
+ | [root@v4TST64]~# | ||
+ | PING 2.2.1.1 (2.2.1.1): 56 data bytes | ||
+ | 64 bytes from 2.2.1.1: icmp_seq=0 ttl=63 time=17.147 ms | ||
+ | 64 bytes from 2.2.1.1: icmp_seq=1 ttl=63 time=1.409 ms | ||
+ | 64 bytes from 2.2.1.1: icmp_seq=2 ttl=63 time=5.017 ms | ||
+ | |||
+ | --- 2.2.1.1 ping statistics --- | ||
+ | 3 packets transmitted, | ||
+ | round-trip min/ | ||
+ | </ | ||
+ | |||
+ | And check on VM3 | ||
+ | |||
+ | < | ||
+ | [root@rTST64]~# | ||
+ | nat64stl NAT64 | ||
+ | 6 packets translated from IPv6 to IPv4 | ||
+ | 6 packets translated from IPv4 to IPv6 | ||
+ | 0 IPv6 fragments created | ||
+ | 0 IPv4 fragments received | ||
+ | 0 output packets dropped due to no bufs, etc. | ||
+ | 0 output packets discarded due to no IPv4 route | ||
+ | 0 output packets discarded due to no IPv6 route | ||
+ | 0 packets discarded due to unsupported protocol | ||
+ | 0 packets discarded due to memory allocation problems | ||
+ | 0 packets discarded due to some errors | ||
+ | </ | ||
documentation/examples/nat64.txt · Last modified: 2020/01/02 19:36 by olivier