Last active
February 4, 2019 06:38
-
-
Save PhirePhly/71e0a03b993221db942d54dc92bbd767 to your computer and use it in GitHub Desktop.
Files for running a NAT64 daemon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Defaults for tayga initscript | |
# sourced by /etc/init.d/tayga | |
# installed at /etc/default/tayga by the maintainer scripts | |
# Change this to "yes" to enable tayga | |
RUN="yes" | |
# Configure interface and set the routes up | |
CONFIGURE_IFACE="yes" | |
# Configure NAT44 for the private IPv4 range | |
CONFIGURE_NAT44="yes" | |
# Additional options that are passed to the Daemon. | |
DAEMON_OPTS="" | |
# IPv4 address to assign to the NAT64 tunnel device | |
IPV4_TUN_ADDR="" | |
# IPv6 address to assign to the NAT64 tunnel device | |
IPV6_TUN_ADDR="" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This file describes the network interfaces available on your system | |
# For more information, see netplan(5). | |
network: | |
version: 2 | |
renderer: networkd | |
ethernets: | |
ens160: | |
addresses: | |
- 23.152.160.4/26 | |
- 2620:13b:0:1000::4/64 | |
gateway4: 23.152.160.1 | |
gateway6: 2620:13b:0:1000::1 | |
nameservers: | |
search: [ phirephly.design ] | |
addresses: | |
- "8.8.8.8" | |
- "1.1.1.1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
! | |
! Zebra configuration saved from vty | |
! 2019/02/03 15:05:17 | |
! | |
! | |
router bgp 4264646464 | |
bgp router-id 23.152.160.4 | |
neighbor 2620:13b:0:1000::1 remote-as 7034 | |
neighbor 2620:13b:0:1000::1 description BGP session back to core1 | |
no neighbor 2620:13b:0:1000::1 activate | |
! | |
address-family ipv6 | |
network 64:ff9b::/96 | |
neighbor 2620:13b:0:1000::1 activate | |
neighbor 2620:13b:0:1000::1 prefix-list nat64-only out | |
exit-address-family | |
exit | |
! | |
ipv6 prefix-list nat64-only seq 5 permit 64:ff9b::/96 | |
! | |
line vty | |
! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
! | |
! Zebra configuration saved from vty | |
! 2019/02/03 15:05:17 | |
! | |
hostname kwfnat64 | |
password zebra | |
enable password zebra | |
! | |
interface ens160 | |
! | |
interface lo | |
! | |
interface nat64 | |
! | |
ipv6 prefix-list nat64-only seq 5 permit 64:ff9b::/96 | |
! | |
ip forwarding | |
ipv6 forwarding | |
! | |
! | |
line vty | |
! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ... SNIP the rest of this file except the two important lines | |
net.ipv4.ip_forward=1 | |
net.ipv6.conf.all.forwarding=1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Uncomment the next line to enable packet forwarding for IPv4 | |
net.ipv4.ip_forward=1 | |
# Uncomment the next line to enable packet forwarding for IPv6 | |
net.ipv6.conf.all.forwarding=1 | |
# TUN device that TAYGA will use to exchange IPv4 and IPv6 packets with the | |
# kernel. You may use any name you like, but `nat64' is recommended. | |
tun-device nat64 | |
# TAYGA's IPv4 address. This is NOT your router's IPv4 address! TAYGA | |
# requires its own address because it acts as an IPv4 and IPv6 router, and | |
# needs to be able to send ICMP messages. TAYGA will also respond to ICMP | |
# echo requests (ping) at this address. | |
# | |
# This address can safely be located inside the dynamic-pool prefix. | |
# | |
# We're using the pool 100.65.0.0/16, so lets take the first addr in that pool | |
# | |
# Mandatory. | |
# | |
ipv4-addr 100.65.0.1 | |
# | |
# TAYGA's IPv6 address. This is NOT your router's IPv6 address! TAYGA | |
# requires its own address because it acts as an IPv4 and IPv6 router, and | |
# needs to be able to send ICMP messages. TAYGA will also respond to ICMP | |
# echo requests (ping6) at this address. | |
# | |
# Optional if the NAT64 prefix is specified, otherwise mandatory. It is also | |
# mandatory if the NAT64 prefix is 64:ff9b::/96 and ipv4-addr is a private | |
# (RFC1918) address. | |
# | |
# This is set to our system's public IP address to match /etc/netplan/01-netcfg.yaml | |
ipv6-addr 2620:13B:0:1000::4 | |
# | |
# The NAT64 prefix. The IPv4 address space is mapped into the IPv6 address | |
# space by prepending this prefix to the IPv4 address. Using a /96 prefix is | |
# recommended in most situations, but all lengths specified in RFC 6052 are | |
# supported. | |
# | |
# This must be a prefix selected from your organization's IPv6 address space | |
# or the Well-Known Prefix 64:ff9b::/96. Note that using the Well-Known | |
# Prefix will prohibit IPv6 hosts from contacting IPv4 hosts that have private | |
# (RFC1918) addresses, per RFC 6052. | |
# | |
# The NAT64 prefix need not be specified if all required address mappings are | |
# listed in `map' directives. (See below.) | |
# | |
# Optional. | |
# | |
# 64:ff9b is the standard prefix used by public DNS64 servers | |
prefix 64:ff9b::/96 | |
# | |
# Dynamic pool prefix. IPv6 hosts which send traffic through TAYGA (and do | |
# not correspond to a static map or an IPv4-translatable address in the NAT64 | |
# prefix) will be assigned an IPv4 address from the dynamic pool. Dynamic | |
# maps are valid for 124 minutes after the last matching packet is seen. | |
# | |
# If no unassigned addresses remain in the dynamic pool (or no dynamic pool is | |
# configured), packets from unknown IPv6 hosts will be rejected with an ICMP | |
# unreachable error. | |
# | |
# Optional. | |
# | |
# We picked this out of the carrier grade NAT 100.64.0.0/10 pool. | |
# Not that it particularly matters. This pool of addresses never leaves this host | |
# | |
dynamic-pool 100.65.0.0/16 | |
# | |
# Persistent data storage directory. The dynamic.map file, which saves the | |
# dynamic maps that are created from dynamic-pool, is stored in this | |
# directory. Omit if you do not need these maps to be persistent between | |
# instances of TAYGA. | |
# | |
# Optional. | |
# | |
data-dir /var/spool/tayga |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kenneth@kwfnat64:~$ ip route | |
default via 23.152.160.1 dev ens160 proto static | |
23.152.160.0/26 dev ens160 proto kernel scope link src 23.152.160.4 | |
100.65.0.0/16 dev nat64 scope link | |
kenneth@kwfnat64:~$ ip -6 route | |
64:ff9b::/96 dev nat64 metric 1024 pref medium | |
2620:13b:0:1000::/64 dev ens160 proto kernel metric 256 pref medium | |
2620:13b:0:1000::/64 dev ens160 proto ra metric 1024 pref medium | |
fe80::/64 dev ens160 proto kernel metric 256 pref medium | |
fe80::/64 dev nat64 proto kernel metric 256 pref medium | |
default proto static metric 1024 | |
nexthop via 2620:13b:0:1000::1 dev ens160 weight 1 | |
nexthop via fe80::209:7bff:fe9f:580 dev ens160 weight 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment