home

Supported platforms

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Configuring NAT 6-4

The following figure shows a NAT 6-4 configuration example. In this example, Host1, a host that resides in an external IPv6 network, sends requests to Host2, a host that resides in an internal IPv4 network. The request enters the router through the dp0p3p1 data plane interface for which NAT 6-4 translation is enabled.

Figure 1. NAT 6-4 configuration example

To configure NAT 6-4 as shown in this figure, perform the following steps in configuration mode. NAT 6-4 configuration involves the following steps:

  • Creating a NAT 6-4 rule.
  • Specifying the IPv6 routing prefix of the destination IPv4 addresses.
  • Specifying the data plane interface through which the inbound IPv6 request packets pass.
  • Specifying the IPv6 routing prefix of the source IPv6 addresses.
Table 1. Configuring NAT 6-4

Step

Command

On R1, specify 1 as the IPv6-to-IPv4 NAT rule and specify 2001:db9::/32 as the routing prefix for destination addresses.

vyatta@R1# set service nat ipv6-to-ipv4 rule 1 destination prefix 2001:db9::/32

For rule 1, specify the inbound interface.

vyatta@R1# set service nat ipv6-to-ipv4 rule 1 inbound-interface dp0p3p1

For rule 1, specify the routing prefix for source addresses.

vyatta@R1# set service nat ipv6-to-ipv4 rule 1 source prefix 2001:db8::/32

Run the show service nat command.

vyatta@R1# show service nat
nat {
  ipv6-to-ipv4 {
    rule 100 {
      destination {
        prefix 2001:db9::/32
      }
    inbound-interface dp0p3p1
    source {
       prefix 2001:db8::/32
    }
   }
  }
}

To verify that your NAT 6-4 setup works, ping Host2 from Host1.

vyatta@host1# run ping 2001:db9:c612:05c8::
PING 2001:db9:c612:05c8::(2001:db9:c612:5c8::) 56 data bytes
64 bytes from 2001:db9:c612:5c8::: icmp_seq=1 ttl=63 time=0.950 ms

On Host2, run the following command to capture the ping traffic on the eth1 interface.

vyatta@host2:~$ sudo tshark -i eth1
Running as user "root" and group "root". This could be dangerous.
Capturing on eth1
 0.000000 198.18.4.200 -> 198.18.5.200 ICMP Echo (ping) request
 0.000025 198.18.5.200 -> 198.18.4.200 ICMP Echo (ping) reply

For a TCP-based flow (SSH from Host1 to Host2), run the following command:

vyatta@host1# ssh vyatta@2001:db9:c612:05c8::

Welcome to Vyatta
vyatta@2001:db9:c612:05c8::'s password:
Welcome to Vyatta
Version: 999.daisyse.12170009
Description: 999.daisyse.12170009
Copyright: 2006-2013 Vyatta, Inc.
Last login: Wed Sep 24 23:07:35 2014 from 192.168.122.1
vyatta@host2:~$

On Host2, run the following command to capture the SSH traffic on the eth1 interface.

vyatta@host2:~$ sudo tshark -i eth1
Running as user "root" and group "root". This could be dangerous.
Capturing on eth1
 73.000922 198.18.4.200 -> 198.18.5.200 TCP 46468 > ssh [SYN] Seq=0
Win=14400 Len=0 MSS=1440 TSV=2698800 TSER=0 WS=7
 73.000959 198.18.5.200 -> 198.18.4.200 TCP ssh > 46468 [SYN, ACK] Seq=0
Ack=1 Win=14480 Len=0 MSS=1460 TSV=2698617 TSER=2698800 WS=7
 73.002098 198.18.4.200 -> 198.18.5.200 TCP 46468 > ssh [ACK] Seq=1 Ack=1
Win=14464 Len=0 TSV=2698800 TSER=2698617
 73.006947 198.18.5.200 -> 198.18.4.200 SSH Server Protocol:
SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze3\r

Both flows create sessions on DUT, as shown in the following example.

vyatta@vyatta# run show session-table
TCP state codes: SS - SYN SENT, SR - SYN RECEIVED, ES - ESTABLISHED,
                 FW - FIN WAIT, CW - CLOSE WAIT, LA - LAST ACK,
                 TW - TIME WAIT, CL - CLOSE, LI - LISTEN

CONNID Source               Destination      Protocol  TIMEOUTIntf   Parent
5      198.18.4.200:46468   198.18.5.200:22  tcp [6]   TW 237        dp0p4p10
6      198.18.4.200         198.18.5.200     icmp [1]  28            dp0p4p10