NAT64: have to choose between LAN or WAN

I’ve started testing the NAT64 service in VyOS 1.4 RC3 to create IPv6-only networks, and first of all just love the fact that it exists!

My basic test setup is

  • eth0: WAN
  • eth1: LAN (dual-stack)
  • eth1.8: IPv6-only test VLAN (using NAT64)

Currently I’m stuck on one point. If I set the translation pool address to an IP on a LAN interface, then I’m able to access IPs on the LAN, but I cannot access the Internet despite that same LAN subnet already having a source NAT rule.

If I set the translation pool address to the WAN interface IP, then I can access IPs on the Internet, but not IPs on the LAN side.

Perhaps I need to create separate translation pools for the WAN and LAN, but it’s not immediately clear how this should be done. I do see a match function on the source rule, maybe I should use that and create a separate rule for each?
Or maybe I’m missing something else? Already tried without any firewall rules applied.

My issue was solved by removing the translation pool. The nat64 config is now simply

 nat64 {
     source {
         rule 1 {
             source {
                 prefix 64:ff9b::/96

And both LAN and Internet translation is now working.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.