IPV6 and IPv4 transition not working

Dear All

We are not able to use IPv6 and Ipv4 together in vyos version 1.4.0 rolling. Please help us to resolve the issue .
Below are the finding :-1:

  1. Ipv4 on Lan interface
  2. Ipv6 on WAN interface
  3. done all default rule with Ipv6 and Ipv4
  4. internet is working on vyos only
  5. when giving IPv4 IP on server behind the firewall , we able to ping gateway only but not able to ping internet or outside network.

Please share the proper configuration to achieve NAT and internet on machine.

Below are the configuration that iam using

vyos@vyos:~$ sh int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description


eth0 MGMT IPv4/16 MGMT
eth1 IPv6/48 WAN
eth2 ipv4/16 LAN
lo 127.0.0.1/8
::1/128
vyos@vyos:~$
#######################################################################

set firewall ipv6-name FIREWALL_IN default-action ‘drop’
set firewall ipv6-name FIREWALL_IN rule 5 action ‘accept’
set firewall ipv6-name FIREWALL_IN rule 5 description ‘Established Connections’
set firewall ipv6-name FIREWALL_IN rule 5 state established ‘enable’
set firewall ipv6-name FIREWALL_IN rule 5 state related ‘enable’
set firewall ipv6-name FIREWALL_IN rule 6 action ‘accept’
set firewall ipv6-name FIREWALL_IN rule 6 description ‘PING Incoming’
set firewall ipv6-name FIREWALL_IN rule 6 destination address ‘0::0/0’
set firewall ipv6-name FIREWALL_IN rule 6 protocol ‘icmpv6’
set firewall ipv6-name FIREWALL_IN rule 6 source address ‘0::0/0’
set firewall ipv6-name FIREWALL_IN rule 8 action ‘accept’
set firewall ipv6-name FIREWALL_IN rule 8 description ‘TCP Incoming’
set firewall ipv6-name FIREWALL_IN rule 8 destination address ‘0::0/0’
set firewall ipv6-name FIREWALL_IN rule 8 protocol ‘tcp’
set firewall ipv6-name FIREWALL_IN rule 8 source address ‘0::0/0’
set firewall ipv6-name FIREWALL_OUT default-action ‘drop’
set firewall ipv6-name FIREWALL_OUT rule 5 action ‘accept’
set firewall ipv6-name FIREWALL_OUT rule 5 description ‘Established Connections’
set firewall ipv6-name FIREWALL_OUT rule 5 state established ‘enable’
set firewall ipv6-name FIREWALL_OUT rule 5 state related ‘enable’
set firewall ipv6-name FIREWALL_OUT rule 6 action ‘accept’
set firewall ipv6-name FIREWALL_OUT rule 6 description ‘DNS Outgoing’
set firewall ipv6-name FIREWALL_OUT rule 6 destination port ‘53’
set firewall ipv6-name FIREWALL_OUT rule 6 protocol ‘udp’
set firewall ipv6-name FIREWALL_OUT rule 7 action ‘accept’
set firewall ipv6-name FIREWALL_OUT rule 7 description ‘PING Outgoing’
set firewall ipv6-name FIREWALL_OUT rule 7 destination address ‘0::0/0’
set firewall ipv6-name FIREWALL_OUT rule 7 protocol ‘icmpv6’
set firewall ipv6-name FIREWALL_OUT rule 7 source address ‘0::0/0’
set firewall ipv6-name FIREWALL_OUT rule 8 action ‘accept’
set firewall ipv6-name FIREWALL_OUT rule 8 description ‘TCP Outgoing’
set firewall ipv6-name FIREWALL_OUT rule 8 destination address ‘0::0/0’
set firewall ipv6-name FIREWALL_OUT rule 8 protocol ‘tcp’
set firewall ipv6-name FIREWALL_OUT rule 8 source address ‘0::0/0’
set firewall name FIREWALL_IN default-action ‘drop’
set firewall name FIREWALL_IN rule 3 action ‘accept’
set firewall name FIREWALL_IN rule 3 description ‘Established Connections’
set firewall name FIREWALL_IN rule 3 state established ‘enable’
set firewall name FIREWALL_IN rule 3 state related ‘enable’
set firewall name FIREWALL_IN rule 4 action ‘accept’
set firewall name FIREWALL_IN rule 4 description ‘PING Incoming’
set firewall name FIREWALL_IN rule 4 destination address ‘0.0.0.0/0’
set firewall name FIREWALL_IN rule 4 protocol ‘icmp’
set firewall name FIREWALL_IN rule 4 source address ‘0.0.0.0/0’
set firewall name FIREWALL_OUT default-action ‘drop’
set firewall name FIREWALL_OUT rule 1 action ‘accept’
set firewall name FIREWALL_OUT rule 1 description ‘Established Connections’
set firewall name FIREWALL_OUT rule 1 state established ‘enable’
set firewall name FIREWALL_OUT rule 1 state related ‘enable’
set firewall name FIREWALL_OUT rule 2 action ‘accept’
set firewall name FIREWALL_OUT rule 2 description ‘DNS Outgoing’
set firewall name FIREWALL_OUT rule 2 destination port ‘53’
set firewall name FIREWALL_OUT rule 2 protocol ‘udp’
set firewall name FIREWALL_OUT rule 3 action ‘accept’
set firewall name FIREWALL_OUT rule 3 description ‘PING Outgoing’
set firewall name FIREWALL_OUT rule 3 destination address ‘0.0.0.0/0’
set firewall name FIREWALL_OUT rule 3 protocol ‘icmp’
set firewall name FIREWALL_OUT rule 3 source address ‘0.0.0.0/0’
set firewall name FIREWALL_OUT rule 4 action ‘accept’
set firewall name FIREWALL_OUT rule 4 description ‘TCP Outgoing’
set firewall name FIREWALL_OUT rule 4 destination address ‘0.0.0.0/0’
set firewall name FIREWALL_OUT rule 4 protocol ‘tcp’
set firewall name FIREWALL_OUT rule 4 source address ‘0.0.0.0/0’

###########################

set nat source rule 9999 outbound-interface ‘eth2’
set nat source rule 9999 protocol ‘all’
set nat source rule 9999 source address ‘10.10.0.0/16’
set nat source rule 9999 translation address ‘masquerade’

set nat66 source rule 9999 outbound-interface ‘eth1’
set nat66 source rule 9999 translation address ‘masquerade’

#############################

set system name-server ‘2001:4860:4860::8888’
set system name-server ‘2001:4860:4860::8844’
set system name-server ‘8.8.8.8’
set system name-server ‘8.8.4.4’

Hello @devashish

Can you provide information about interfaces and ip routing?

vyos@vyos:~$ show interfaces
vyos@vyos:~$ show ip route

vyos@vyos:~$ sh int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description


eth0 172.17.21.46/16 u/u
eth1 406c:e5c8:58d9:90f3:22f9:d65b:5030:3236/48 u/u
eth2 fdeb:b39a:29f8:bfd5::1/64 u/u
lo 127.0.0.1/8 u/u
::1/128
vti1 - u/u
vyos@vyos:~$

##########################################################################################

vyos@vyos:~$
vyos@vyos:~$ sh ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure

S>* ::/0 [1/0] via 406c:e5c8:58d9:90f3:22f9:d65b:5030:1, eth1, weight 1, 01w2d01h
C>* 406c:e5c8:58d9:90f3:22f9:d65b:5030:/48 is directly connected, eth1, 01w2d01h
C>* fdeb:b39a:29f8:bfd5::/64 is directly connected, eth2, 01w2d01h
C * fe80::/64 is directly connected, vti1, 07:03:10
C * fe80::/64 is directly connected, eth1, 01w2d01h
C * fe80::/64 is directly connected, eth2, 01w2d01h
C * fe80::/64 is directly connected, eth0, 01w2d01h
C>* fe80::/64 is directly connected, lo, 01w2d01h
vyos@vyos:~$
vyos@vyos:~$

Please do let us know if you need more information. we have to be get it fix soon. Please help.

If you do not specify incoming and outgoing IP addresses in the firewall rules, this means that they will be applied to all IP addresses.

set firewall ipv6-name FIREWALL_IN rule 6 action ‘accept’
set firewall ipv6-name FIREWALL_IN rule 6 description ‘PING Incoming’
set firewall ipv6-name FIREWALL_IN rule 6 protocol ‘icmpv6’
set firewall ipv6-name FIREWALL_IN rule 8 action ‘accept’
set firewall ipv6-name FIREWALL_IN rule 8 description ‘TCP Incoming’
set firewall ipv6-name FIREWALL_IN rule 8 protocol ‘tcp’
set firewall ipv6-name FIREWALL_OUT rule 7 action ‘accept’
set firewall ipv6-name FIREWALL_OUT rule 7 description ‘PING Outgoing’
set firewall ipv6-name FIREWALL_OUT rule 7 protocol ‘icmpv6’
set firewall ipv6-name FIREWALL_OUT rule 8 action ‘accept’
set firewall ipv6-name FIREWALL_OUT rule 8 description ‘TCP Outgoing’
set firewall ipv6-name FIREWALL_OUT rule 8 protocol ‘tcp’
set firewall name FIREWALL_IN rule 4 action ‘accept’
set firewall name FIREWALL_IN rule 4 description ‘PING Incoming’
set firewall name FIREWALL_IN rule 4 protocol ‘icmp’
set firewall name FIREWALL_OUT rule 3 action ‘accept’
set firewall name FIREWALL_OUT rule 3 description ‘PING Outgoing’
set firewall name FIREWALL_OUT rule 3 protocol ‘icmp’
set firewall name FIREWALL_OUT rule 4 action ‘accept’
set firewall name FIREWALL_OUT rule 4 description ‘TCP Outgoing’
set firewall name FIREWALL_OUT rule 4 protocol ‘tcp’