NAT64: have to choose between LAN or WAN

artooro · January 25, 2024, 9:19pm

I’ve started testing the NAT64 service in VyOS 1.4 RC3 to create IPv6-only networks, and first of all just love the fact that it exists!

My basic test setup is

eth0: WAN
eth1: LAN (dual-stack)
eth1.8: IPv6-only test VLAN (using NAT64)

Currently I’m stuck on one point. If I set the translation pool address to an IP on a LAN interface, then I’m able to access IPs on the LAN, but I cannot access the Internet despite that same LAN subnet already having a source NAT rule.

If I set the translation pool address to the WAN interface IP, then I can access IPs on the Internet, but not IPs on the LAN side.

Perhaps I need to create separate translation pools for the WAN and LAN, but it’s not immediately clear how this should be done. I do see a match function on the source rule, maybe I should use that and create a separate rule for each?
Or maybe I’m missing something else? Already tried without any firewall rules applied.

artooro · January 27, 2024, 7:39pm

My issue was solved by removing the translation pool. The nat64 config is now simply

 nat64 {
     source {
         rule 1 {
             source {
                 prefix 64:ff9b::/96
             }
         }
     }
 }

And both LAN and Internet translation is now working.

system · February 26, 2024, 7:40pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.