User Tools

Site Tools


documentation:examples:nat64

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
documentation:examples:nat64 [2019/06/06 16:54] – [Stateless (stl)] olivierdocumentation:examples:nat64 [2020/01/02 19:36] (current) – [Stateless (stl)] olivier
Line 55: Line 55:
  
 <code> <code>
-sysrc hostname=VM1 +sysrc hostname=VM1 \ 
-sysrc gateway_enable=NO + gateway_enable=NO \ 
-sysrc ipv6_gateway_enable=NO + ipv6_gateway_enable=NO \ 
-sysrc ifconfig_vtnet0_ipv6="inet6 2001:db8:12::1 prefixlen 64" + ifconfig_vtnet0_ipv6="inet6 2001:db8:12::1 prefixlen 64" \ 
-sysrc ipv6_defaultrouter="2001:db8:12::2"+ ipv6_defaultrouter="2001:db8:12::2"
 service hostname restart service hostname restart
 service netif restart service netif restart
Line 71: Line 71:
  
 <code> <code>
-sysrc hostname=VM2 +sysrc hostname=VM2 \ 
-sysrc ifconfig_vtnet1="inet 2.2.2.2/24" + ifconfig_vtnet1="inet 2.2.2.2/24" \ 
-sysrc ifconfig_vtnet0_ipv6="inet6 2001:db8:12::2 prefixlen 64"+ ifconfig_vtnet0_ipv6="inet6 2001:db8:12::2 prefixlen 64"
 service hostname restart service hostname restart
 service netif restart service netif restart
Line 85: Line 85:
  
 <code> <code>
-sysrc hostname=VM3 +sysrc hostname=VM3 \ 
-sysrc gateway_enable=NO + gateway_enable=NO \ 
-sysrc ipv6_gateway_enable=NO + ipv6_gateway_enable=NO \ 
-sysrc ifconfig_vtnet1="inet 2.2.2.3/24" + ifconfig_vtnet1="inet 2.2.2.3/24" \ 
-sysrc defaultrouter="2.2.2.2"+ defaultrouter="2.2.2.2"
 service hostname restart service hostname restart
 service netif restart service netif restart
Line 103: Line 103:
  
 <code> <code>
-sysrc tayga_enable=yes+service tayga enable
 sed -i "" 's/192.168.255./2.2.1./g' /usr/local/etc/tayga.conf sed -i "" 's/192.168.255./2.2.1./g' /usr/local/etc/tayga.conf
 sed -i "" 's/2001:db8:1:ffff::/64:ff9b::/g' /usr/local/etc/tayga.conf sed -i "" 's/2001:db8:1:ffff::/64:ff9b::/g' /usr/local/etc/tayga.conf
Line 131: Line 131:
 </code> </code>
 ==== Testing ==== ==== Testing ====
 +
 +From VM4, start a tcpdump to check IPv4 source address seen by VM3:
 +
 +<code>
 +[root@VM3]~# tcpdump -c 2 -pni vtnet1
 +tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
 +listening on vtnet1, link-type EN10MB (Ethernet), capture size 262144 bytes
 +...
 +</code>
  
 From VM1 (IPv6 only host), ping NAT64 IPv6 address corresponding to VM3 IPv4 address: From VM1 (IPv6 only host), ping NAT64 IPv6 address corresponding to VM3 IPv4 address:
Line 146: Line 155:
 </code> </code>
  
-And check IPv4 source address seen by VM3: +From VM3, check source IP addresses of ICMP:
 <code> <code>
-[root@VM3]~# tcpdump -c 2 -pni vtnet1 +...
-tcpdump: verbose output suppressed, use -v or -vv for full protocol decode +
-listening on vtnet1, link-type EN10MB (Ethernet), capture size 262144 bytes+
 17:43:03.094975 IP 2.2.1.249 > 2.2.2.3: ICMP echo request, id 6575, seq 0, length 16 17:43:03.094975 IP 2.2.1.249 > 2.2.2.3: ICMP echo request, id 6575, seq 0, length 16
 17:43:03.094983 IP 2.2.2.3 > 2.2.1.249: ICMP echo reply, id 6575, seq 0, length 16 17:43:03.094983 IP 2.2.2.3 > 2.2.1.249: ICMP echo reply, id 6575, seq 0, length 16
Line 158: Line 164:
 0 packets dropped by kernel 0 packets dropped by kernel
 </code> </code>
- 
 ===== IPFW NAT64 (kernel space) ===== ===== IPFW NAT64 (kernel space) =====
  
Line 170: Line 175:
  
 <code> <code>
-sysrc firewall_enable=YES+service ipfw enable
 sysrc firewall_script="/etc/ipfw.rules" sysrc firewall_script="/etc/ipfw.rules"
 echo "# Temporary fix to avoid panicing a 12-stable:" >> /etc/sysctl.conf echo "# Temporary fix to avoid panicing a 12-stable:" >> /etc/sysctl.conf
Line 224: Line 229:
  
 <code> <code>
-sysrc firewall_enable=YES+service ipfw enable
 sysrc firewall_script="/etc/ipfw.rules" sysrc firewall_script="/etc/ipfw.rules"
  
Line 234: Line 239:
 ${fwcmd} table T46 create type addr valtype ipv6 ${fwcmd} table T46 create type addr valtype ipv6
 ${fwcmd} table T64 create type addr valtype ipv4 ${fwcmd} table T64 create type addr valtype ipv4
-${fwcmd} table T46 add 2.2.1.1 2001:db8:12::2 +${fwcmd} table T46 add 2.2.1.1 2001:db8:12::1 
-${fwcmd} table T64 add 2001:db8:12::2.2.1.1+${fwcmd} table T64 add 2001:db8:12::2.2.1.1
 ${fwcmd} nat64stl NAT64 create table4 T46 table6 T64 ${fwcmd} nat64stl NAT64 create table4 T46 table6 T64
 ${fwcmd} add allow icmp6 from any to any icmp6types 135,136 ${fwcmd} add allow icmp6 from any to any icmp6types 135,136
Line 249: Line 254:
 From IPv6 only host, ping NAT64 IPv6 address corresponding to VM3 IPv4 address: From IPv6 only host, ping NAT64 IPv6 address corresponding to VM3 IPv4 address:
  
-To Do+<code> 
 +[root@VM1]~# ping6 -c 3 64:ff9b::2.2.2.3 
 +PING6(56=40+8+8 bytes) 2001:db8:12::1 --> 64:ff9b::202:203 
 +16 bytes from 64:ff9b::202:203, icmp_seq=0 hlim=63 time=1.037 ms 
 +16 bytes from 64:ff9b::202:203, icmp_seq=1 hlim=63 time=1.048 ms 
 +16 bytes from 64:ff9b::202:203, icmp_seq=2 hlim=63 time=1.560 ms 
 + 
 +--- 64:ff9b::2.2.2.3 ping6 statistics --- 
 +3 packets transmitted, 3 packets received, 0.0% packet loss 
 +round-trip min/avg/max/std-dev = 1.037/1.215/1.560/0.244 ms 
 +</code> 
 + 
 +From IPv4 only host, ping NAT64 IPv4 address corresponding to VM3 IPv6 address: 
 +<code> 
 +[root@VM3]~# ping -c 3 2.2.1.1 
 +PING 2.2.1.1 (2.2.1.1): 56 data bytes 
 +64 bytes from 2.2.1.1: icmp_seq=0 ttl=63 time=17.147 ms 
 +64 bytes from 2.2.1.1: icmp_seq=1 ttl=63 time=1.409 ms 
 +64 bytes from 2.2.1.1: icmp_seq=2 ttl=63 time=5.017 ms 
 + 
 +--- 2.2.1.1 ping statistics --- 
 +3 packets transmitted, 3 packets received, 0.0% packet loss 
 +round-trip min/avg/max/stddev = 1.409/7.858/17.147/6.732 ms 
 +</code> 
 + 
 +And check on the NAT router VM2 some stats: 
 + 
 +<code> 
 +[root@VM2]~# ipfw nat64stl NAT64 stats 
 +nat64stl NAT64 
 +        6 packets translated from IPv6 to IPv4 
 +        6 packets translated from IPv4 to IPv6 
 +        0 IPv6 fragments created 
 +        0 IPv4 fragments received 
 +        0 output packets dropped due to no bufs, etc. 
 +        0 output packets discarded due to no IPv4 route 
 +        0 output packets discarded due to no IPv6 route 
 +        0 packets discarded due to unsupported protocol 
 +        0 packets discarded due to memory allocation problems 
 +        0 packets discarded due to some errors 
 +</code>
  
documentation/examples/nat64.txt · Last modified: 2020/01/02 19:36 by olivier

Except where otherwise noted, content on this wiki is licensed under the following license: BSD 2-Clause
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki