# NAT64 464XLAT



## dewadragoon (Jan 19, 2020)

Hello All,

i am trying to do NAT464 XLAT similar with below diagram (taken from RFC6877)




I have 2 VM using FreeBSD 12.1 Release as CLAT and PLAT with the following Kernel Option :
IPFIREWALL
IPFIREWALL_VERBOSE
IPFIREWALL_DEFAULT_TO_ACCEPT
IPFIREWALL_NAT
IPFIREWALL_NAT64
LIBALIAS

on both VM i have enabled the following :
gateway_enable="YES"
ipv6_gateway_enable="YES"

CLAT Specific configuration :
em0: 192.168.1.1/24 --> toward ipv4 LAN
em1: 2001:db8:1234::2/64 --> toward PLAT
inet6 default route is 2001:db8:1234::1 --> IP of PLAT

ipfw nat64clat NAT64 create clat_prefix 2001:db8:1234:1000::/96 plat_prefix 64:ff9b::/96 log allow_private
ipfw add allow log icmp6 from any to any icmp6types 135,136
ipfw add nat64clat NAT64 ip from any to any
-------------------------------------------------------------------------------------------------------------------

PLAT Specific configuration :
em0: 2001:db8:1234::1/64 --> toward CLAT
em1: 172.16.1.2/30 --> toward Server A
route -6 add 2001:db8:1234:1000::/96 2001:db8:1234::2 --> return route for CLAT PREFIX

ipfw nat64lsn NAT64 create prefix4 10.0.0.0/24 prefix6 64:ff9b::/96
ipfw add allow log icmp6 from any to any icmp6types 135,136
ipfw add nat64lsn NAT64 ip from 2001:db8:1234:1000::/96 to 64:ff9b::/96 in
ipfw add nat64lsn NAT64 ip from any to 10.0.0.0/24 in

_sysctl net.inet.ip.fw.nat64___direct___output=1_
---------------------------------------------------------------------------------------------------------------------

i also been reading the following  thread NAT64 for stateful NAT64.

However, i am still unable to make it work.

From CLAT



the above packet statistic when i am trying to ping from ipv4 LAN to Server A

From PLAT




I know i am probably missing a lot of thing on the config, any advise how to do NAT 464 XLAT in the right/proper way ?


----------



## dewadragoon (Jan 19, 2020)

Haha... Managed to get it to work..!!

few things need to be verify tomorrow.


----------



## dewadragoon (Jan 20, 2020)

Hi All,

As per my understanding of RFC6877, CLAT shall create 1 to 1 map from IPv4 to IPv6. Does this 1 to 1 NAT have the same behavior as 1 to 1 NAT IPv4 Private to IPv4 Public ?. 

i mean can i ping the IPv6 (which mapped to the IPv4) from the Internet ? i am looking for similar concept as NAT44 Private to Public.
Please advise..


----------



## driesm (Jan 20, 2020)

dewadragoon said:


> Hi All,
> Does this 1 to 1 NAT have the same behavior as 1 to 1 NAT IPv4 Private to IPv4 Public ?.
> I am looking for similar concept as NAT44 Private to Public.



NAT44 does not exist on FreeBSD (IIRC). NAT has a many to one foundation because of the global IPv4 address exhaustion.
Many clients using private addresses can access the internet through one global IPv4 address.
What is your use case that you want NAT44? You can use your global IPv4 addresses internally given you have enough of them.


----------



## dewadragoon (Jan 20, 2020)

Duffyx said:


> NAT44 does not exist on FreeBSD (IIRC). NAT has a many to one foundation because of the global IPv4 address exhaustion.
> Many clients using private addresses can access the internet through one global IPv4 address.
> What is your use case that you want NAT44? You can use your global IPv4 addresses internally given you have enough of them.


Hi Duffyx, 

Thank you.

That part i understand. 

i am trying to find out whether IPv6 (which is a translation of IPv4 - CLAT) as stated on RFC6877 is reachable from the internet.

From my current test, the IPv4 Host able to reach IPv4 Server over IPv6 Network by using 464 XLAT. Now, i am want to know whether reverse connection is do-able, means the connection is trigger from  Server side ( with the assumption the server have ipv6 address as well ).


----------

