User Tools

Site Tools


documentation:examples:nat64

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Last revisionBoth sides next revision
documentation:examples:nat64 [2019/06/04 15:15] – [Stateless] olivierdocumentation:examples:nat64 [2020/01/02 19:33] – [Stateless (stl)] olivier
Line 15: Line 15:
 ==== Downloading BSD Router Project images ==== ==== Downloading BSD Router Project images ====
  
-Download BSDRP serial image (prevent to have to use an X display) on Sourceforge.+[[https://bsdrp.net/downloads|Download BSDRP serial image]] (prevent to have to use an X display).
  
 ==== Download Lab scripts ===== ==== Download Lab scripts =====
Line 55: Line 55:
  
 <code> <code>
-sysrc hostname=VM1 +sysrc hostname=VM1 \ 
-sysrc gateway_enable=NO + gateway_enable=NO \ 
-sysrc ipv6_gateway_enable=NO + ipv6_gateway_enable=NO \ 
-sysrc ifconfig_vtnet0_ipv6="inet6 2001:db8:12::1 prefixlen 64" + ifconfig_vtnet0_ipv6="inet6 2001:db8:12::1 prefixlen 64" \ 
-sysrc ipv6_defaultrouter="2001:db8:12::2"+ ipv6_defaultrouter="2001:db8:12::2"
 service hostname restart service hostname restart
 service netif restart service netif restart
Line 71: Line 71:
  
 <code> <code>
-sysrc hostname=VM2 +sysrc hostname=VM2 \ 
-sysrc ifconfig_vtnet1="inet 2.2.2.2/24" + ifconfig_vtnet1="inet 2.2.2.2/24" \ 
-sysrc ifconfig_vtnet0_ipv6="inet6 2001:db8:12::2 prefixlen 64"+ ifconfig_vtnet0_ipv6="inet6 2001:db8:12::2 prefixlen 64"
 service hostname restart service hostname restart
 service netif restart service netif restart
Line 85: Line 85:
  
 <code> <code>
-sysrc hostname=VM3 +sysrc hostname=VM3 \ 
-sysrc gateway_enable=NO + gateway_enable=NO \ 
-sysrc ipv6_gateway_enable=NO + ipv6_gateway_enable=NO \ 
-sysrc ifconfig_vtnet1="inet 2.2.2.3/24" + ifconfig_vtnet1="inet 2.2.2.3/24" \ 
-sysrc defaultrouter="2.2.2.2"+ defaultrouter="2.2.2.2"
 service hostname restart service hostname restart
 service netif restart service netif restart
Line 103: Line 103:
  
 <code> <code>
-sysrc tayga_enable=yes+service tayga enable
 sed -i "" 's/192.168.255./2.2.1./g' /usr/local/etc/tayga.conf sed -i "" 's/192.168.255./2.2.1./g' /usr/local/etc/tayga.conf
 sed -i "" 's/2001:db8:1:ffff::/64:ff9b::/g' /usr/local/etc/tayga.conf sed -i "" 's/2001:db8:1:ffff::/64:ff9b::/g' /usr/local/etc/tayga.conf
Line 131: Line 131:
 </code> </code>
 ==== Testing ==== ==== Testing ====
 +
 +From VM4, start a tcpdump to check IPv4 source address seen by VM3:
 +
 +<code>
 +[root@VM3]~# tcpdump -c 2 -pni vtnet1
 +tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
 +listening on vtnet1, link-type EN10MB (Ethernet), capture size 262144 bytes
 +...
 +</code>
  
 From VM1 (IPv6 only host), ping NAT64 IPv6 address corresponding to VM3 IPv4 address: From VM1 (IPv6 only host), ping NAT64 IPv6 address corresponding to VM3 IPv4 address:
Line 146: Line 155:
 </code> </code>
  
-And check IPv4 source address seen by VM3: +From VM3, check source IP addresses of ICMP:
 <code> <code>
-[root@VM3]~# tcpdump -c 2 -pni vtnet1 +...
-tcpdump: verbose output suppressed, use -v or -vv for full protocol decode +
-listening on vtnet1, link-type EN10MB (Ethernet), capture size 262144 bytes+
 17:43:03.094975 IP 2.2.1.249 > 2.2.2.3: ICMP echo request, id 6575, seq 0, length 16 17:43:03.094975 IP 2.2.1.249 > 2.2.2.3: ICMP echo request, id 6575, seq 0, length 16
 17:43:03.094983 IP 2.2.2.3 > 2.2.1.249: ICMP echo reply, id 6575, seq 0, length 16 17:43:03.094983 IP 2.2.2.3 > 2.2.1.249: ICMP echo reply, id 6575, seq 0, length 16
Line 158: Line 164:
 0 packets dropped by kernel 0 packets dropped by kernel
 </code> </code>
- 
 ===== IPFW NAT64 (kernel space) ===== ===== IPFW NAT64 (kernel space) =====
  
Line 167: Line 172:
 === VM2 === === VM2 ===
  
-Configure a stateful NAT64 with ipfw, and enable logging:+Configure a stateful NAT64 with ipfw:
  
 <code> <code>
-sysrc firewall_enable=YES+service ipfw enable
 sysrc firewall_script="/etc/ipfw.rules" sysrc firewall_script="/etc/ipfw.rules"
 +echo "# Temporary fix to avoid panicing a 12-stable:" >> /etc/sysctl.conf
 echo "net.inet.ip.fw.nat64_direct_output=1" >> /etc/sysctl.conf echo "net.inet.ip.fw.nat64_direct_output=1" >> /etc/sysctl.conf
 cat > /etc/ipfw.rules <<'EOF' cat > /etc/ipfw.rules <<'EOF'
Line 216: Line 222:
 </code> </code>
  
-==== Stateless ====+==== Stateless (stl) ====
  
 === VM2 === === VM2 ===
Line 223: Line 229:
  
 <code> <code>
-sysrc firewall_enable=YES+service ipfw enable
 sysrc firewall_script="/etc/ipfw.rules" sysrc firewall_script="/etc/ipfw.rules"
  
Line 233: Line 239:
 ${fwcmd} table T46 create type addr valtype ipv6 ${fwcmd} table T46 create type addr valtype ipv6
 ${fwcmd} table T64 create type addr valtype ipv4 ${fwcmd} table T64 create type addr valtype ipv4
 +${fwcmd} table T46 add 2.2.1.1 2001:db8:12::1
 +${fwcmd} table T64 add 2001:db8:12::1 2.2.1.1
 ${fwcmd} nat64stl NAT64 create table4 T46 table6 T64 ${fwcmd} nat64stl NAT64 create table4 T46 table6 T64
 ${fwcmd} add allow icmp6 from any to any icmp6types 135,136 ${fwcmd} add allow icmp6 from any to any icmp6types 135,136
Line 241: Line 249:
  
 service ipfw start service ipfw start
-sysctl net.inet.ip.fw.verbose=1 
 </code> </code>
 === Testing === === Testing ===
Line 247: Line 254:
 From IPv6 only host, ping NAT64 IPv6 address corresponding to VM3 IPv4 address: From IPv6 only host, ping NAT64 IPv6 address corresponding to VM3 IPv4 address:
  
-Need to fix setup.+<code> 
 +[root@VM1]~# ping6 -c 3 64:ff9b::2.2.2.3 
 +PING6(56=40+8+8 bytes) 2001:db8:12::1 --> 64:ff9b::202:203 
 +16 bytes from 64:ff9b::202:203, icmp_seq=0 hlim=63 time=1.037 ms 
 +16 bytes from 64:ff9b::202:203, icmp_seq=1 hlim=63 time=1.048 ms 
 +16 bytes from 64:ff9b::202:203, icmp_seq=2 hlim=63 time=1.560 ms 
 + 
 +--- 64:ff9b::2.2.2.3 ping6 statistics --- 
 +3 packets transmitted, 3 packets received, 0.0% packet loss 
 +round-trip min/avg/max/std-dev = 1.037/1.215/1.560/0.244 ms 
 +</code> 
 + 
 +From IPv4 only host, ping NAT64 IPv4 address corresponding to VM3 IPv6 address: 
 +<code> 
 +[root@v4TST64]~# ping -c 3 2.2.1.1 
 +PING 2.2.1.1 (2.2.1.1): 56 data bytes 
 +64 bytes from 2.2.1.1: icmp_seq=0 ttl=63 time=17.147 ms 
 +64 bytes from 2.2.1.1: icmp_seq=1 ttl=63 time=1.409 ms 
 +64 bytes from 2.2.1.1: icmp_seq=2 ttl=63 time=5.017 ms 
 + 
 +--- 2.2.1.1 ping statistics --- 
 +3 packets transmitted, 3 packets received, 0.0% packet loss 
 +round-trip min/avg/max/stddev = 1.409/7.858/17.147/6.732 ms 
 +</code> 
 + 
 +And check on VM3 
 + 
 +<code> 
 +[root@rTST64]~# ipfw nat64stl NAT64 stats 
 +nat64stl NAT64 
 +        6 packets translated from IPv6 to IPv4 
 +        6 packets translated from IPv4 to IPv6 
 +        0 IPv6 fragments created 
 +        0 IPv4 fragments received 
 +        0 output packets dropped due to no bufs, etc. 
 +        0 output packets discarded due to no IPv4 route 
 +        0 output packets discarded due to no IPv6 route 
 +        0 packets discarded due to unsupported protocol 
 +        0 packets discarded due to memory allocation problems 
 +        0 packets discarded due to some errors 
 +</code>
  
documentation/examples/nat64.txt · Last modified: 2020/01/02 19:36 by olivier

Except where otherwise noted, content on this wiki is licensed under the following license: BSD 2-Clause
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki