Configuring NAT 6-4
The following figure shows a NAT 6-4 configuration example. In this example, Host1, a host that resides in an external IPv6 network, sends requests to Host2, a host that resides in an internal IPv4 network. The request enters the router through the dp0p3p1 data plane interface for which NAT 6-4 translation is enabled.
To configure NAT 6-4 as shown in this figure, perform the following steps in configuration mode. NAT 6-4 configuration involves the following steps:
- Creating a NAT 6-4 rule.
- Specifying the IPv6 routing prefix of the destination IPv4 addresses.
- Specifying the data plane interface through which the inbound IPv6 request packets pass.
- Specifying the IPv6 routing prefix of the source IPv6 addresses.
Step | Command |
---|---|
On R1, specify 1 as the IPv6-to-IPv4 NAT rule and specify 2001:db9::/32 as the routing prefix for destination addresses. |
|
For rule 1, specify the inbound interface. |
|
For rule 1, specify the routing prefix for source addresses. |
|
Run the show service nat command. |
|
To verify that your NAT 6-4 setup works, ping Host2 from Host1. |
|
On Host2, run the following command to capture the ping traffic on the eth1 interface.
vyatta@host2:~$ sudo tshark -i eth1
Running as user "root" and group "root". This could be dangerous.
Capturing on eth1
0.000000 198.18.4.200 -> 198.18.5.200 ICMP Echo (ping) request
0.000025 198.18.5.200 -> 198.18.4.200 ICMP Echo (ping) reply
For a TCP-based flow (SSH from Host1 to Host2), run the following command:
vyatta@host1# ssh vyatta@2001:db9:c612:05c8::
Welcome to Vyatta
vyatta@2001:db9:c612:05c8::'s password:
Welcome to Vyatta
Version: 999.daisyse.12170009
Description: 999.daisyse.12170009
Copyright: 2006-2013 Vyatta, Inc.
Last login: Wed Sep 24 23:07:35 2014 from 192.168.122.1
vyatta@host2:~$
On Host2, run the following command to capture the SSH traffic on the eth1 interface.
vyatta@host2:~$ sudo tshark -i eth1
Running as user "root" and group "root". This could be dangerous.
Capturing on eth1
73.000922 198.18.4.200 -> 198.18.5.200 TCP 46468 > ssh [SYN] Seq=0
Win=14400 Len=0 MSS=1440 TSV=2698800 TSER=0 WS=7
73.000959 198.18.5.200 -> 198.18.4.200 TCP ssh > 46468 [SYN, ACK] Seq=0
Ack=1 Win=14480 Len=0 MSS=1460 TSV=2698617 TSER=2698800 WS=7
73.002098 198.18.4.200 -> 198.18.5.200 TCP 46468 > ssh [ACK] Seq=1 Ack=1
Win=14464 Len=0 TSV=2698800 TSER=2698617
73.006947 198.18.5.200 -> 198.18.4.200 SSH Server Protocol:
SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze3\r
Both flows create sessions on DUT, as shown in the following example.
vyatta@vyatta# run show session-table
TCP state codes: SS - SYN SENT, SR - SYN RECEIVED, ES - ESTABLISHED,
FW - FIN WAIT, CW - CLOSE WAIT, LA - LAST ACK,
TW - TIME WAIT, CL - CLOSE, LI - LISTEN
CONNID Source Destination Protocol TIMEOUTIntf Parent
5 198.18.4.200:46468 198.18.5.200:22 tcp [6] TW 237 dp0p4p10
6 198.18.4.200 198.18.5.200 icmp [1] 28 dp0p4p10