Skip to content

Instantly share code, notes, and snippets.

@PhirePhly
Last active February 4, 2019 06:38
Show Gist options
  • Save PhirePhly/71e0a03b993221db942d54dc92bbd767 to your computer and use it in GitHub Desktop.
Save PhirePhly/71e0a03b993221db942d54dc92bbd767 to your computer and use it in GitHub Desktop.
Files for running a NAT64 daemon
# Defaults for tayga initscript
# sourced by /etc/init.d/tayga
# installed at /etc/default/tayga by the maintainer scripts
# Change this to "yes" to enable tayga
RUN="yes"
# Configure interface and set the routes up
CONFIGURE_IFACE="yes"
# Configure NAT44 for the private IPv4 range
CONFIGURE_NAT44="yes"
# Additional options that are passed to the Daemon.
DAEMON_OPTS=""
# IPv4 address to assign to the NAT64 tunnel device
IPV4_TUN_ADDR=""
# IPv6 address to assign to the NAT64 tunnel device
IPV6_TUN_ADDR=""
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
ens160:
addresses:
- 23.152.160.4/26
- 2620:13b:0:1000::4/64
gateway4: 23.152.160.1
gateway6: 2620:13b:0:1000::1
nameservers:
search: [ phirephly.design ]
addresses:
- "8.8.8.8"
- "1.1.1.1"
!
! Zebra configuration saved from vty
! 2019/02/03 15:05:17
!
!
router bgp 4264646464
bgp router-id 23.152.160.4
neighbor 2620:13b:0:1000::1 remote-as 7034
neighbor 2620:13b:0:1000::1 description BGP session back to core1
no neighbor 2620:13b:0:1000::1 activate
!
address-family ipv6
network 64:ff9b::/96
neighbor 2620:13b:0:1000::1 activate
neighbor 2620:13b:0:1000::1 prefix-list nat64-only out
exit-address-family
exit
!
ipv6 prefix-list nat64-only seq 5 permit 64:ff9b::/96
!
line vty
!
!
! Zebra configuration saved from vty
! 2019/02/03 15:05:17
!
hostname kwfnat64
password zebra
enable password zebra
!
interface ens160
!
interface lo
!
interface nat64
!
ipv6 prefix-list nat64-only seq 5 permit 64:ff9b::/96
!
ip forwarding
ipv6 forwarding
!
!
line vty
!
# ... SNIP the rest of this file except the two important lines
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
net.ipv6.conf.all.forwarding=1
# TUN device that TAYGA will use to exchange IPv4 and IPv6 packets with the
# kernel. You may use any name you like, but `nat64' is recommended.
tun-device nat64
# TAYGA's IPv4 address. This is NOT your router's IPv4 address! TAYGA
# requires its own address because it acts as an IPv4 and IPv6 router, and
# needs to be able to send ICMP messages. TAYGA will also respond to ICMP
# echo requests (ping) at this address.
#
# This address can safely be located inside the dynamic-pool prefix.
#
# We're using the pool 100.65.0.0/16, so lets take the first addr in that pool
#
# Mandatory.
#
ipv4-addr 100.65.0.1
#
# TAYGA's IPv6 address. This is NOT your router's IPv6 address! TAYGA
# requires its own address because it acts as an IPv4 and IPv6 router, and
# needs to be able to send ICMP messages. TAYGA will also respond to ICMP
# echo requests (ping6) at this address.
#
# Optional if the NAT64 prefix is specified, otherwise mandatory. It is also
# mandatory if the NAT64 prefix is 64:ff9b::/96 and ipv4-addr is a private
# (RFC1918) address.
#
# This is set to our system's public IP address to match /etc/netplan/01-netcfg.yaml
ipv6-addr 2620:13B:0:1000::4
#
# The NAT64 prefix. The IPv4 address space is mapped into the IPv6 address
# space by prepending this prefix to the IPv4 address. Using a /96 prefix is
# recommended in most situations, but all lengths specified in RFC 6052 are
# supported.
#
# This must be a prefix selected from your organization's IPv6 address space
# or the Well-Known Prefix 64:ff9b::/96. Note that using the Well-Known
# Prefix will prohibit IPv6 hosts from contacting IPv4 hosts that have private
# (RFC1918) addresses, per RFC 6052.
#
# The NAT64 prefix need not be specified if all required address mappings are
# listed in `map' directives. (See below.)
#
# Optional.
#
# 64:ff9b is the standard prefix used by public DNS64 servers
prefix 64:ff9b::/96
#
# Dynamic pool prefix. IPv6 hosts which send traffic through TAYGA (and do
# not correspond to a static map or an IPv4-translatable address in the NAT64
# prefix) will be assigned an IPv4 address from the dynamic pool. Dynamic
# maps are valid for 124 minutes after the last matching packet is seen.
#
# If no unassigned addresses remain in the dynamic pool (or no dynamic pool is
# configured), packets from unknown IPv6 hosts will be rejected with an ICMP
# unreachable error.
#
# Optional.
#
# We picked this out of the carrier grade NAT 100.64.0.0/10 pool.
# Not that it particularly matters. This pool of addresses never leaves this host
#
dynamic-pool 100.65.0.0/16
#
# Persistent data storage directory. The dynamic.map file, which saves the
# dynamic maps that are created from dynamic-pool, is stored in this
# directory. Omit if you do not need these maps to be persistent between
# instances of TAYGA.
#
# Optional.
#
data-dir /var/spool/tayga
kenneth@kwfnat64:~$ ip route
default via 23.152.160.1 dev ens160 proto static
23.152.160.0/26 dev ens160 proto kernel scope link src 23.152.160.4
100.65.0.0/16 dev nat64 scope link
kenneth@kwfnat64:~$ ip -6 route
64:ff9b::/96 dev nat64 metric 1024 pref medium
2620:13b:0:1000::/64 dev ens160 proto kernel metric 256 pref medium
2620:13b:0:1000::/64 dev ens160 proto ra metric 1024 pref medium
fe80::/64 dev ens160 proto kernel metric 256 pref medium
fe80::/64 dev nat64 proto kernel metric 256 pref medium
default proto static metric 1024
nexthop via 2620:13b:0:1000::1 dev ens160 weight 1
nexthop via fe80::209:7bff:fe9f:580 dev ens160 weight 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment