Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:network:ipv6:ipv6.nat6 [2023/02/16 06:33] – [Introduction] split and link the default odhcpd configuration vgaeteradocs:guide-user:network:ipv6:ipv6.nat6 [2023/09/17 23:39] – [Introduction] vgaetera
Line 4: Line 4:
 ===== Introduction ===== ===== Introduction =====
   * This how-to describes the method for setting up NAT66 aka NAT6 with IPv6 masquerading on your OpenWrt router.   * This how-to describes the method for setting up NAT66 aka NAT6 with IPv6 masquerading on your OpenWrt router.
-  * Assuming the [[docs:guide-user:network:ipv6:configuration#slaac_and_dhcpv6|default]] odhcpd configuration and a working IPv6 connection on the router.+  * Assuming [[docs:guide-user:network:ipv6:configuration#ula_prefix|ULA prefix]], [[docs:guide-user:network:ipv6:configuration#slaac_and_dhcpv6|SLAAC and DHCPv6]] and a working IPv6 connection on the router.
   * Avoid using NAT66 and better [[docs:guide-user:network:ipv6:configuration#ipv6_relay|use relay mode]] if you are provided with a /64 prefix.   * Avoid using NAT66 and better [[docs:guide-user:network:ipv6:configuration#ipv6_relay|use relay mode]] if you are provided with a /64 prefix.
   * It is also best to avoid using NAT66 unless you are facing the following problems:   * It is also best to avoid using NAT66 unless you are facing the following problems:
Line 12: Line 12:
     * Creating a subnet for when the network doesn't support subnetting.     * Creating a subnet for when the network doesn't support subnetting.
     * Being provided a smaller prefix than a /64 or worse, none at all or a ULA address.     * Being provided a smaller prefix than a /64 or worse, none at all or a ULA address.
-  * Follow [[docs:guide-user:network:ipv6:nat64|NAT64]] to provide access to IPv4-only services from IPv6-only client networks.+  * See also: [[docs:guide-user:network:ipv6:nat64|NAT64]], [[docs:guide-user:firewall:fw3_configurations:fw3_nat#ipv6_npt|IPv6 NAT and NPT]]
  
 ===== Command-line instructions ===== ===== Command-line instructions =====
Line 26: Line 26:
  
 ==== 2. Network ==== ==== 2. Network ====
-Disable IPv6 source routing on the upstream interface.+Disable IPv6 source filter on the upstream interface.
  
 <code bash> <code bash>
Line 37: Line 37:
 Prefer [[docs:guide-user:network:ipv6:ipv6_extras#using_ipv6_by_default|IPv6 by default]] or announce [[docs:guide-user:network:ipv6:ipv6_extras#announcing_ipv6_default_route|IPv6 default route]] if necessary. Prefer [[docs:guide-user:network:ipv6:ipv6_extras#using_ipv6_by_default|IPv6 by default]] or announce [[docs:guide-user:network:ipv6:ipv6_extras#announcing_ipv6_default_route|IPv6 default route]] if necessary.
  
-===== Extras ===== +===== Troubleshooting ===== 
-==== ULA prefix ==== +Collect and analyze the following information.
-Typically relevant when you do not have a real global prefix assigned by your ISP (in which case your ULA should be a real ULA), AND you want to run local IPv6 (e.g. for NAT66), AND you have applications that preference IPv4 over IPv6 ULA addresses.+
  
-A trick to get around this is set your [[wp>Unique_local_address|ULA]] prefix to a non-ULA value.+<code bash> 
 +# Log and status 
 +/etc/init.d/firewall restart
  
-The default ULA prefix represents an address that is not globally routed on the internet by design (only between provider networks).+# Runtime configuration 
 +ip -6 address show; ip -6 route show table all 
 +ip -6 rule show; nft list ruleset
  
-A lot of clients will prefer IPv4 over a ULA IPv6 address if there is no global IPv6 address assigned, so you may need to change your existing ULA prefix to indicate a global address (i.e. trick it with a non-ULA prefix) to ensure traffic goes over IPv6 by default when possible. +# Persistent configuration 
- +uci show network; uci show firewall 
-When changing the ULA prefix, it doesn't necessarily have to start with ''d'', but to avoid conflicts, you should use a prefix that is not being used yet. +</code>
-The prefix ''fd'' is generally an actual ULA, other ''f'' address have specific meanings, and existing allocated public addresses start with ''2''+
-The letters ''a'' through ''e'' are [[https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml|unassigned for the time being]] and therefore safe choices. +
- +
-Setting ''ula_prefix'' to ''auto'' will auto-generate a new valid ULA prefix. +
- +
-Using your ISP assigned prefix as ULA should also work. +
- +
-However, unless you have a static IPv6 prefix assigned by your ISP, this is not recommended, since it can cause address conflicts once the prefix changes. +
- +
-But normally if you have a static prefix that you can delegate across your LAN (i.e. real global addresses), then you won't need to change your ULA prefix.+
  
  • Last modified: 2023/10/14 06:10
  • by vgaetera