Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:network:ipv6:ipv6.nat6 [2023/02/24 12:15] – [Selective IPv6 masquerading] vgaeteradocs:guide-user:network:ipv6:ipv6.nat6 [2023/09/17 23:39] – [Introduction] vgaetera
Line 12: Line 12:
     * Creating a subnet for when the network doesn't support subnetting.     * Creating a subnet for when the network doesn't support subnetting.
     * Being provided a smaller prefix than a /64 or worse, none at all or a ULA address.     * Being provided a smaller prefix than a /64 or worse, none at all or a ULA address.
-  * Follow [[docs:guide-user:network:ipv6:nat64|NAT64]] to provide access to IPv4-only services from IPv6-only client networks.+  * See also: [[docs:guide-user:network:ipv6:nat64|NAT64]], [[docs:guide-user:firewall:fw3_configurations:fw3_nat#ipv6_npt|IPv6 NAT and NPT]]
  
 ===== Command-line instructions ===== ===== Command-line instructions =====
Line 26: Line 26:
  
 ==== 2. Network ==== ==== 2. Network ====
-Disable IPv6 source routing on the upstream interface.+Disable IPv6 source filter on the upstream interface.
  
 <code bash> <code bash>
Line 37: Line 37:
 Prefer [[docs:guide-user:network:ipv6:ipv6_extras#using_ipv6_by_default|IPv6 by default]] or announce [[docs:guide-user:network:ipv6:ipv6_extras#announcing_ipv6_default_route|IPv6 default route]] if necessary. Prefer [[docs:guide-user:network:ipv6:ipv6_extras#using_ipv6_by_default|IPv6 by default]] or announce [[docs:guide-user:network:ipv6:ipv6_extras#announcing_ipv6_default_route|IPv6 default route]] if necessary.
  
-===== Extras ===== +===== Troubleshooting ===== 
-==== Selective IPv6 masquerading ==== +Collect and analyze the following information.
-Enable selective IPv6 masquerading for a specific source subnet.+
  
 <code bash> <code bash>
-Configure firewall +Log and status
-uci -q delete firewall.@zone[1].masq6 +
-uci -q delete firewall.nat66 +
-uci set firewall.nat66="nat" +
-uci set firewall.nat66.family="ipv6" +
-uci set firewall.nat66.proto="all" +
-uci set firewall.nat66.src="wan" +
-uci set firewall.nat66.src_ip="fc00::/7" +
-uci set firewall.nat66.target="MASQUERADE" +
-uci commit firewall+
 /etc/init.d/firewall restart /etc/init.d/firewall restart
 +
 +# Runtime configuration
 +ip -6 address show; ip -6 route show table all
 +ip -6 rule show; nft list ruleset
 +
 +# Persistent configuration
 +uci show network; uci show firewall
 </code> </code>
  
  • Last modified: 2023/10/14 06:10
  • by vgaetera