Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:firewall:fw3_configurations:fw3_nat [2023/09/16 16:19] – [Symmetric dynamic IPv6 NPT] vgaetera | docs:guide-user:firewall:fw3_configurations:fw3_nat [2023/11/01 22:14] – [IPv6 to IPv4 NAT with Tayga] update vgaetera | ||
|---|---|---|---|
| Line 222: | Line 222: | ||
| uci set firewall.@zone[1].masq=" | uci set firewall.@zone[1].masq=" | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| Line 231: | Line 231: | ||
| uci set firewall.@zone[1].masq6=" | uci set firewall.@zone[1].masq6=" | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| Line 239: | Line 239: | ||
| uci set dhcp.lan.ra_default=" | uci set dhcp.lan.ra_default=" | ||
| uci commit dhcp | uci commit dhcp | ||
| - | / | + | service |
| </ | </ | ||
| - | Disable IPv6 source | + | Disable IPv6 source |
| <code bash> | <code bash> | ||
| uci set network.wan6.sourcefilter=" | uci set network.wan6.sourcefilter=" | ||
| uci commit network | uci commit network | ||
| - | / | + | service |
| </ | </ | ||
| Line 262: | Line 262: | ||
| uci set firewall.nat.target=" | uci set firewall.nat.target=" | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| Line 277: | Line 277: | ||
| uci set firewall.nat6.target=" | uci set firewall.nat6.target=" | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| Line 299: | Line 299: | ||
| uci set firewall.npt.path="/ | uci set firewall.npt.path="/ | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| Line 321: | Line 321: | ||
| uci set firewall.npt6.path="/ | uci set firewall.npt6.path="/ | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| Line 328: | Line 328: | ||
| <code bash> | <code bash> | ||
| - | cat << " | ||
| - | DHCPC_EVENT=" | ||
| - | case ${DHCPC_EVENT} in | ||
| - | (bound|informed|updated|rebound|ra-updated) ;; | ||
| - | (*) exit 0 ;; | ||
| - | esac | ||
| - | / | ||
| - | EOF | ||
| cat << " | cat << " | ||
| LAN_IF=" | LAN_IF=" | ||
| + | sleep 5 | ||
| . / | . / | ||
| network_flush_cache | network_flush_cache | ||
| Line 356: | Line 349: | ||
| uci set firewall.npt6.path="/ | uci set firewall.npt6.path="/ | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| - | Note that '' | + | ==== IPv6 to IPv4 NAT with Jool ==== |
| - | Use an alternative method to get the prefix on older versions. | + | Enable IPv6 to IPv4 NAT aka NAT64 for IPv6-only networks |
| - | + | ||
| - | <code bash> | + | |
| - | eval $(ifstatus " | + | |
| - | " | + | |
| - | </ | + | |
| - | + | ||
| - | ==== IPv6 to IPv4 NAT ==== | + | |
| - | Enable IPv6 to IPv4 NAT aka NAT64 for IPv6-only networks/clients. | + | |
| Use DNS64 to resolve domain names. | Use DNS64 to resolve domain names. | ||
| Line 385: | Line 370: | ||
| uci set jool.nat64.enabled=" | uci set jool.nat64.enabled=" | ||
| uci commit jool | uci commit jool | ||
| - | /etc/init.d/jool restart | + | service jool restart |
| + | </code> | ||
| + | |||
| + | ==== IPv6 to IPv4 NAT with Tayga ==== | ||
| + | Enable IPv6 to IPv4 NAT aka NAT64 for IPv6-only networks with Tayga. | ||
| + | Use DNS64 to resolve domain names. | ||
| + | |||
| + | <code bash> | ||
| + | opkg update | ||
| + | opkg install tayga | ||
| + | uci del_list firewall.lan.network=" | ||
| + | uci add_list firewall.lan.network=" | ||
| + | uci commit firewall | ||
| + | service firewall restart | ||
| + | uci -q delete network.nat64 | ||
| + | uci set network.nat64=" | ||
| + | uci set network.nat64.proto=" | ||
| + | uci set network.nat64.prefix=" | ||
| + | uci set network.nat64.ipv6_addr=" | ||
| + | uci set network.nat64.dynamic_pool=" | ||
| + | uci set network.nat64.ipv4_addr=" | ||
| + | uci commit network | ||
| + | service network | ||
| </ | </ | ||
| Line 405: | Line 412: | ||
| uci set firewall.ttl.path="/ | uci set firewall.ttl.path="/ | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| Line 425: | Line 432: | ||
| uci set firewall.hlim.path="/ | uci set firewall.hlim.path="/ | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| Line 434: | Line 441: | ||
| opkg update | opkg update | ||
| opkg install kmod-nf-nathelper | opkg install kmod-nf-nathelper | ||
| - | / | + | service |
| </ | </ | ||
| Line 443: | Line 450: | ||
| opkg update | opkg update | ||
| opkg install kmod-nf-nathelper-extra | opkg install kmod-nf-nathelper-extra | ||
| - | /etc/init.d/firewall restart | + | service firewall restart |
| + | </code> | ||
| + | |||
| + | ==== RTSP passthrough ==== | ||
| + | Enable NAT passthrough for RTSP using [[packages: | ||
| + | |||
| + | <code bash> | ||
| + | opkg update | ||
| + | opkg install kmod-ipt-nathelper-rtsp | ||
| + | service | ||
| </ | </ | ||