I’ve started testing the NAT64 service in VyOS 1.4 RC3 to create IPv6-only networks, and first of all just love the fact that it exists!
My basic test setup is
- eth0: WAN
- eth1: LAN (dual-stack)
- eth1.8: IPv6-only test VLAN (using NAT64)
Currently I’m stuck on one point. If I set the translation pool address to an IP on a LAN interface, then I’m able to access IPs on the LAN, but I cannot access the Internet despite that same LAN subnet already having a source NAT rule.
If I set the translation pool address to the WAN interface IP, then I can access IPs on the Internet, but not IPs on the LAN side.
Perhaps I need to create separate translation pools for the WAN and LAN, but it’s not immediately clear how this should be done. I do see a match function on the source rule, maybe I should use that and create a separate rule for each?
Or maybe I’m missing something else? Already tried without any firewall rules applied.