Dear All
We are not able to use IPv6 and Ipv4 together in vyos version 1.4.0 rolling. Please help us to resolve the issue .
Below are the finding
- Ipv4 on Lan interface
- Ipv6 on WAN interface
- done all default rule with Ipv6 and Ipv4
- internet is working on vyos only
- when giving IPv4 IP on server behind the firewall , we able to ping gateway only but not able to ping internet or outside network.
Please share the proper configuration to achieve NAT and internet on machine.
Below are the configuration that iam using
vyos@vyos:~$ sh int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
eth0 MGMT IPv4/16 MGMT
eth1 IPv6/48 WAN
eth2 ipv4/16 LAN
lo 127.0.0.1/8
::1/128
vyos@vyos:~$
#######################################################################
set firewall ipv6-name FIREWALL_IN default-action ‘drop’
set firewall ipv6-name FIREWALL_IN rule 5 action ‘accept’
set firewall ipv6-name FIREWALL_IN rule 5 description ‘Established Connections’
set firewall ipv6-name FIREWALL_IN rule 5 state established ‘enable’
set firewall ipv6-name FIREWALL_IN rule 5 state related ‘enable’
set firewall ipv6-name FIREWALL_IN rule 6 action ‘accept’
set firewall ipv6-name FIREWALL_IN rule 6 description ‘PING Incoming’
set firewall ipv6-name FIREWALL_IN rule 6 destination address ‘0::0/0’
set firewall ipv6-name FIREWALL_IN rule 6 protocol ‘icmpv6’
set firewall ipv6-name FIREWALL_IN rule 6 source address ‘0::0/0’
set firewall ipv6-name FIREWALL_IN rule 8 action ‘accept’
set firewall ipv6-name FIREWALL_IN rule 8 description ‘TCP Incoming’
set firewall ipv6-name FIREWALL_IN rule 8 destination address ‘0::0/0’
set firewall ipv6-name FIREWALL_IN rule 8 protocol ‘tcp’
set firewall ipv6-name FIREWALL_IN rule 8 source address ‘0::0/0’
set firewall ipv6-name FIREWALL_OUT default-action ‘drop’
set firewall ipv6-name FIREWALL_OUT rule 5 action ‘accept’
set firewall ipv6-name FIREWALL_OUT rule 5 description ‘Established Connections’
set firewall ipv6-name FIREWALL_OUT rule 5 state established ‘enable’
set firewall ipv6-name FIREWALL_OUT rule 5 state related ‘enable’
set firewall ipv6-name FIREWALL_OUT rule 6 action ‘accept’
set firewall ipv6-name FIREWALL_OUT rule 6 description ‘DNS Outgoing’
set firewall ipv6-name FIREWALL_OUT rule 6 destination port ‘53’
set firewall ipv6-name FIREWALL_OUT rule 6 protocol ‘udp’
set firewall ipv6-name FIREWALL_OUT rule 7 action ‘accept’
set firewall ipv6-name FIREWALL_OUT rule 7 description ‘PING Outgoing’
set firewall ipv6-name FIREWALL_OUT rule 7 destination address ‘0::0/0’
set firewall ipv6-name FIREWALL_OUT rule 7 protocol ‘icmpv6’
set firewall ipv6-name FIREWALL_OUT rule 7 source address ‘0::0/0’
set firewall ipv6-name FIREWALL_OUT rule 8 action ‘accept’
set firewall ipv6-name FIREWALL_OUT rule 8 description ‘TCP Outgoing’
set firewall ipv6-name FIREWALL_OUT rule 8 destination address ‘0::0/0’
set firewall ipv6-name FIREWALL_OUT rule 8 protocol ‘tcp’
set firewall ipv6-name FIREWALL_OUT rule 8 source address ‘0::0/0’
set firewall name FIREWALL_IN default-action ‘drop’
set firewall name FIREWALL_IN rule 3 action ‘accept’
set firewall name FIREWALL_IN rule 3 description ‘Established Connections’
set firewall name FIREWALL_IN rule 3 state established ‘enable’
set firewall name FIREWALL_IN rule 3 state related ‘enable’
set firewall name FIREWALL_IN rule 4 action ‘accept’
set firewall name FIREWALL_IN rule 4 description ‘PING Incoming’
set firewall name FIREWALL_IN rule 4 destination address ‘0.0.0.0/0’
set firewall name FIREWALL_IN rule 4 protocol ‘icmp’
set firewall name FIREWALL_IN rule 4 source address ‘0.0.0.0/0’
set firewall name FIREWALL_OUT default-action ‘drop’
set firewall name FIREWALL_OUT rule 1 action ‘accept’
set firewall name FIREWALL_OUT rule 1 description ‘Established Connections’
set firewall name FIREWALL_OUT rule 1 state established ‘enable’
set firewall name FIREWALL_OUT rule 1 state related ‘enable’
set firewall name FIREWALL_OUT rule 2 action ‘accept’
set firewall name FIREWALL_OUT rule 2 description ‘DNS Outgoing’
set firewall name FIREWALL_OUT rule 2 destination port ‘53’
set firewall name FIREWALL_OUT rule 2 protocol ‘udp’
set firewall name FIREWALL_OUT rule 3 action ‘accept’
set firewall name FIREWALL_OUT rule 3 description ‘PING Outgoing’
set firewall name FIREWALL_OUT rule 3 destination address ‘0.0.0.0/0’
set firewall name FIREWALL_OUT rule 3 protocol ‘icmp’
set firewall name FIREWALL_OUT rule 3 source address ‘0.0.0.0/0’
set firewall name FIREWALL_OUT rule 4 action ‘accept’
set firewall name FIREWALL_OUT rule 4 description ‘TCP Outgoing’
set firewall name FIREWALL_OUT rule 4 destination address ‘0.0.0.0/0’
set firewall name FIREWALL_OUT rule 4 protocol ‘tcp’
set firewall name FIREWALL_OUT rule 4 source address ‘0.0.0.0/0’
###########################
set nat source rule 9999 outbound-interface ‘eth2’
set nat source rule 9999 protocol ‘all’
set nat source rule 9999 source address ‘10.10.0.0/16’
set nat source rule 9999 translation address ‘masquerade’
set nat66 source rule 9999 outbound-interface ‘eth1’
set nat66 source rule 9999 translation address ‘masquerade’
#############################
set system name-server ‘2001:4860:4860::8888’
set system name-server ‘2001:4860:4860::8844’
set system name-server ‘8.8.8.8’
set system name-server ‘8.8.4.4’