Thomas Schäfer8h ago

Jool(stateful and stateless), NAT46 (OpenWRT only), CLAT with eBPF, now ipxlat within Kernel, tayga outside....

I am getting confused.

#nat64 #linux

Show threadThomas SchäferMar 14

@debian

still without the recent version of tayga

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107302

#ipv6only #nat64 #tayga #debian #ipv6 #ipv6mostly

#1107302 - New upstream fork - Debian Bug report logs

LarvitzMar 8

Nice! NAT64 in action, My IPv6-only jail can successfully talk with Github. No tayga, just the new "af-to" feature, that the "pf" firewall got in 15.0-RELEASE:

pass in quick on bastille0 inet6 from $jail_net to 64:ff9b::/96 \
af-to inet from ($ext_if) keep state

This is genuinly nice! 🙂

#freebsd #networking #pf #nat64 #ipv6

Show threadRichard "RichiH" HartmannFeb 16

@T_X @axx I made the switch to #NAT64-only on the default network of #FOSDEM 13(?) years ago. It broke So. Much. Stuff.

I knew the former maintainer of the network tooling from the Linux Kernel Summit, and ran into him by chance that year. #Ubuntu was completely broken on NAT64-only, it did not even bring up the network interfaces, and we sent people who came to the NOC to their booth.

I also sent that former maintainer over there.

They fixed things very quickly.

Freifunk KarlsruheJan 16

Nachdem unser IPv6-Mostly Setup endlich halbwegs rund läuft, sind unsere NAT64 Server regelmäßig ans Limit der möglichen Verbindungen gekommen, die sie übersetzten können.

Wir haben deswegen noch, pro Server, 8 weitere IPv4 Adressen in unseren Pool geholt.
Da diese Adressen exklusiv für das das NAT64 sind, steigt die Kapazität auf fast das 10-fache.

So ist auch Stoßzeiten nun mehr als genug Luft nach oben und ihr könnt ohne Probleme weiter surfen!

#IPv6mostily #ipv6 #nat64

Peter N. M. HansteenJan 16
pf: make af-to less magical https://undeadly.org/cgi?action=article;sid=20260116085115 #openbsd #pf #packetfilter #ipv6 #ipv4 #afto #addressfamilytranslation #nat64 #networking #current #developement
pf: make af-to less magical

goetzDec 27

#464XLAT and #NAT64 on #Mikrotik routers.

https://forum.mikrotik.com/t/nat64-and-464xlat-on-ros-how-to/267046

Please have this out of the box available?
@[email protected] @mikrotik

#IPv6 #IPv6mostly

NAT64 and 464XLAT on ROS how-to

Here is a working NAT64 solution for homelab folks wanting to experiment with IPv6-only, or their provider only offers IPv6 with IPv4 over CG-NAT. Full 464XLAT operation is achieved when the client devices include a CLAT, such as Apple devices. This solution does require the ISP provide an IPv4 address, so it won’t work if the provider is IPv6-only and doesn’t provide NAT64 in their network, Ive read that some do. My network is a fairly typical dual-stack setup where my ISP offers CG-NATed IPv4...

MikroTik community forum
Brett Sheffield (he/him)Dec 10

@nuintari It's been interesting to try #IPv6only with #NAT64 these past few months after running dual stack on home, office and datacenter networks for nearly two decades. I've rarely ever encountered NAT64 except in special circumstances (eg. FOSDEM).

It's been interesting to see what breaks. eg. #Tor

Most stuff is fine, except where someone has half-enabled #IPv6

Brett Sheffield (he/him)Dec 10

One of the annoyances with #NAT64 is that when some site publishes an #IPv6 AAAA record, but their IPv6 server is down and the IPv4 server is up, there's no "happy eyeballs" fallback to IPv4. Because the AAAA record exists, #DNS64 doesn't provide a mapping to IPv4.

It can be worked around by manually adding an /etc/hosts entry for the broken site.

Today's broken site is www.fsf.org. Hey @fsf - your IPv6 server is refusing connections 😉

Beni HB9HNTNov 30
Great, the website of the airport of Zürich doesn't work on #ipv6 even though www.flughafen-zuerich.ch resolves to an ipv6 address (via a couple of CNAMEs). That's the worst type of #ipv6 fail, because it also breaks #dns64 and #nat64 on my ipv6 only network.