NAT64 for IPv6-only networks

NAT64 (Network address translation from IPv6 to IPv4) is a technology for allowing IPv6 only networks to connect and interoperate with IPv4-only servers on the Internet. It works in conjunction with DNS64, where the DNS returns a specially formatted IPv6 address that encodes the target IPv4 address, which is then handled by NAT64 to forward packets.

It works much like the NAT44 used by most home networks that forwards packets between IPv4 private address space and IPv4 public address space, except it forwards between IPv6 (public) addresses and IPv4 public addresses.

NAT64 can be easily activated using Jool.

For latest version, OpenWRT 22.03, you can enable the Netfilter version of Jool for NAT64 via one of the following:

1. System > Software: Install `jool-tools-netfilter` (this will install `kmod-jool-netfilter` and other dependencies).

2. System > Startup > Local Startup: Add the following to /etc/rc.local:

jool instance add --pool6 64:ff9b::/96

3. System > Reboot > Perform reboot

4. Confirm working NAT64 from a device inside your LAN ping 64:ff9b::

Using your router command line (e.g. SSH into the device).

# Install packages
opkg update
opkg install kmod-jool-netfilter jool-tools-netfilter
# Add the following line to /etc/rc.local (before the exit 0)
jool instance add --pool6 64:ff9b::/96
# Confirm working NAT64 from a device inside your LAN
ping 64:ff9b::

To check Jool's version, run

jool --version

As of 2022-10-24, the above installs Jool, with “(Xtables disabled)”.

When using NAT64, in your IPv6 only network, be sure to change your DNS to Google's DNS64 or set up your own DNS64 to correctly resolve domain names into translated addresses.

See also:

Setting up NAT64 with Jool according to the official package documentation. Utilize service and configuration management using conventional OpenWrt means.

# Install packages
opkg update
opkg install jool-tools-netfilter
# Configure NAT64
cat << EOF > /etc/jool/jool-nat64.conf.json
{ "instance": "default", \
"framework": "netfilter", \
"global": { "pool6": "64:ff9b::/96" } }
uci set jool.general.enabled="1"
uci set jool.nat64.enabled="1"
uci commit jool
/etc/init.d/jool restart
# Check from a LAN client
ping 64:ff9b::
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2023/01/16 23:30
  • by vgaetera