Pages

Welcome to My Blog

This is to share my IT experience with friends all around the world.
I have been working in Linux Fedora Systems for more than 8 years. Its fun to share knowledge and learn..
As everyone knows when a problem arises in your systems "googling" is the way that many depend on..

All the posts here are my working experiences during my working life.. So you can count on it..

I have added the references where I got help in solving IT issues

Friday, September 16, 2011

Simple NAT64 Setup


Configuring a Proxy server with IPv6/IPv4 connectivity will not enable IPv6 only users to access resources other that web (http, https, ftp etc). For example a printer with Ipv4 only connectivity or a POP server with Ipv4 only will not be accessible through a proxy server. What you can do to enable IPv4 accessibility from IPv6 only network?

When we had this issue we thought of implementing NAT-PT server in our IPv6 network but as stated NAT -PT is depreciate by RFC 4966 due to number of issues in NAT-PT

Then we tried NAT64 with DNS64. We obtained an open source NAT64 gateway live CD from Ecdysis http://ecdysis.viagenie.ca/ and installed it on a server. It is running on a customized fedora OS. The system architecture of NAT64 can be given as follows.
+-------------+
                            +-------------------------+IPv6 Internet|
                            |                         +-------------+
                            |          +-----+
                 +------+   |     +----+NAT64+----+
       IPv6 host-+      |   |    /     +-----+     \  +-------------+
                 | CPE  +--IPv6-<                   >-+IPv4 Internet|
       IPv6 host-+router|        \ +-------------+ /  +-------------+
                 +------+         ++DNS rewriting|+
                                   +-------------+
This is from http://www.viagenie.ca/ietf/draft/draft-wing-nat-pt-replacement-comparison-02.txt 
 
The steps we followed in configuring NAT64/DNS64 are as follows


Settings at the NAT64/DNS64 Gateway

  • Install the NAT64 server on a PC with 2 interface cards
    • 

  • Login to the server and configure the interfaces with IPv4 and IPv6 addresses according to the network setup
    • 

  • Run the provided script magic-quick-start.sh
    • 

  • Check the network configurations 
    • 

    • You should observe a nat64 interface when you run ifconfig 
      • 

  • Set the firewall rules in iptables and ip6tables
    • 

  • This is important as many attacks may come thro 
    • 



Settings at your IPv6 clients


  • Set the DNS server as the NAT64 servers IPv6 address
    • 

  • Add a route for 64:ff9b::/64 to the NAT64 gateway IPv6 address 
    • 

After all you can verify the settings at the clients end by querying IPv4 only resource with AAAA 



 e.g. dig chamaradisanayake.blogspot.com AAAA


(Here chamaradisanayake.blogspot.com does not have IPv6 address but we are asking to get an IPv6 address from the NAT64/DNS64 gateway)


If every thing is fine you should get an answer as  



chamaradisanayake.blogspot.com. 929 IN CNAME blogspot.l.google.com. 



blogspot.l.google.com. 139 IN AAAA  64:ff9b::d155:af84 






Here 64:ff9b:: is the DNS prefix added by the DNS64 server and d155:af84 is hexadecimal representation of IPv4 address of chamaradisanayake.blogspot.com  





  













Posted by





at
12:40 AM



















Labels:
,








Location:
Moratuwa, Sri Lanka











3 comments:








  1. RavindraJanuary 3, 2012 at 7:51 AM
    am trying to do the similar test, i have below setup


    Windows 7 (IPv6 only client)-----Fedora 14( NAT64 machine with dual NIc)-----------------IPv4 internet.


    from fedora i am able to reach ipv4 internet, but windows 7 and fedora are not communicating, request you to give me detail steps to configure windows 7 nic and fedora nic




    i have given below ipv6 address in windows,




    ipv6 address : 2001:10::2
    Default gate : 2001:10::1
    DNS : ? I am not clear what to give


    in fedora connecting to windows


    ipv6 address 2001:10:1
    default gateway : ?


    Request you to reply me the detailed steps


    Thanking you in anticipation.
    ReplyDelete
  2. Chamara DisanayakeJanuary 3, 2012 at 9:23 PM
    Ravindra,
    OK. We have tested the setup with Windows7 and NAT64 gateway server (Fedora).  According to my understanding, the main point you have missed is the DNS server. The DNS server for windows7 should be the fedora server (Which is the NAT64 gateway).
    Just check whether the NAT64 server is resolving DNS for IPv4 only hosts 
    For example  
    As blogspot.l.google.com. does not have any IPv6 address [ Only IPv4 address as 209.85.175.132] the NAT64(DNS64) server should rewrite the DNS reply as follows
    blogspot.l.google.com. 139 IN AAAA 64:ff9b::d155:af84
    Here the 64:ff9b:: (/96) part is the IPv6 address set in the NAT64/DNS64 server - You may change this according to your requirement but I believe 64:ff9b::/96 is the predefined block for NAT64 gw.
    d155:af84 is the hexadecimal representation of IPv4 address of the requested host { in this situation it is 209.85.175.132}

    You need to add a route to forward all traffic related to 64:ff9b/96 to the NAT64 server.

    Hope you can proceed with this
    ReplyDelete
  3. UnknownNovember 16, 2016 at 5:04 AM
    Hi
    I want to configure NAT64 using GNS3
    can you help.
    I created virtual machine with Ecdysis .iso image
    Please help

    thank you
    ReplyDelete




























        

      









Subscribe to:
Post Comments (Atom)