How to configure NAT46

devashish · December 24, 2024, 5:53am

Dear Team

I have achieved NAT64 and iam able to access IPv4 IP from IPv6 configured system .

Now i want the vice versa . Please let me know how to achieve this task and what configuration i need to configure .

Viacheslav · December 24, 2024, 6:18am

Not implemented
Add a feature request on https://vyos.dev
Most likely this SIIT-DC

patient0 · December 24, 2024, 9:54am

I’m curious, for NAT64 you need at least one public IPv4 address.

What is your use case for NAT46? You get only one public IPv6/128 address to use for exit to the world and all your devices have got only IPv4 addresses?

Usually you get at least a /64 of IPv6 addresses and won’t have to NAT, or use NAT66 if you use ULAs in your network.

runar · December 25, 2024, 9:57am

Hi!

NAT64 and NAT46 solves two technically different use-cases. For NAT64 the usecase is to nat the whole(or part of) ipv4 space to a /96 ipv6 prefix. this is the equivalent to ipv4 source nat(“outgoing nat”) used on every home internet point for ipv4 or carrier grade ipv4 nat only for ipv6 to ipv4 . this will be done 1-to-1 nat for the whole /32 ipv4 . This can be used for ipv6 only hosts that try to connect to the ipv4 internet. this can be used directly via dns64 or with a emulated ipv4 interface (CLAT) on the end host system.

NAT46 other hand works more like ipv4 destination nat(“incoming nat”) used on ipv4. it provides the ability to NAT ipv4 addresses or ports from ipv4 into the ipv6 world, to eg. make a ipv6 only service available on ipv4.

While this also translates need to translate all ipv4 packets into ipv6 packets this is a feature that for now is not built into the kernel or netfilter as of now.

One usecase for this could be eg. a datacenter that has a single /24 ipv4 allocation. with the use of this those ipv4 addresses could be “bound” to different ipv6 only hosts inside the dc without the need to deploy a datacenter wide ipv4 network.

MPStudyly · January 13, 2025, 10:37am

There is a feature request for this already: ⚓ T6563 Expose Jool's stateless NAT46 feature (SIIT-DC)

Adding to the response from @runar: There are different “variants” of destination NAT from IPv4 → IPv6. The described NAT46 is one way to do it stateless, at the cost of one public IPv4 being bound to one IPv6 host. There is also stateful NAT64, covering the same usecase but allowing multiple IPv4:Port → IPv6:Port mappings per IPv4 (see this feature request: ⚓ T6595 Expose Jool's stateful NAT64 feature (BIB)).

While the basics already work in VyOS, I really hope these two features gain traction rather soon, as this is some rather important stuff to get configured when transitioning from v4 to v6 (or just building v6 only).

system · February 12, 2025, 10:38am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.