I'm trying to get NAT-PT support working on a Cisco DSL router to support native ipv6 clients behind it. I've done a lot of searching, and can't find the answers to what I'm doing wrong. I have two problems. First, I can't get them to grab additional parameters from DHCP. I'm using: ipv6 dhcp pool dhcppool dns-server ::210.55.12.1 - I know the above is not likely to answer AAAA requests, but I plan to use DNS-ALG domain-name local.arpa Interface Ethernet0 ipv6 enable ipv6 nd other-config-flag ipv6 dhcp server dhcppool The second problem is I can't NAT-PT to work at all. It doesn't even attempt to do translations. Snippits I'm using are: Interface Dialer0 description ipv4 Interface connecting to Internet ipv6 nat Interface Ethernet0 description ipv6 Interface connection to local lan (aka LINK-LOCAL) ipv6 address 3FFE:AAAA:BBBB:1::9/64 - An address copied from an example, hope to use LINK-LOCAL addresses later ipv6 enable ipv6 nat ipv6 nat translation udp-timeout 600 ipv6 nat v6v4 source list pt-list1 interface Dialer0 overload ipv6 nat prefix 3FFE:B00:1::/96 ipv6 access-list pt-list1 permit ipv6 3FFE:AAAA:BBBB:1::/64 any
On 26/02/2005, at 1:25 PM, Philip D'Ath wrote:
I'm trying to get NAT-PT support working on a Cisco DSL router to support native ipv6 clients behind it. I've done a lot of searching, and can't find the answers to what I'm doing wrong. I have two problems.
Why are you using NAT with IPv6? There is very little reason pros for using IPv6 with NAT, and many cons. Afterall, NAT is just a hack for IPv4 to prevent address exhaustion. IIRC, ISPs are not to give out single IP addresses, but rather /64 allocations. Anyone care to correct me on this? -- Cameron Kerr Telecommunications Teaching Fellow & SysAdmin ckerr(a)cs.otago.ac.nz
Cameron Kerr
On 26/02/2005, at 1:25 PM, Philip D'Ath wrote:
I'm trying to get NAT-PT support working on a Cisco DSL router to support native ipv6 clients behind it. I've done a lot of searching, and can't find the answers to what I'm doing wrong. I have two problems.
Why are you using NAT with IPv6? There is very little reason pros for using IPv6 with NAT, and many cons. Afterall, NAT is just a hack for IPv4 to prevent address exhaustion. IIRC, ISPs are not to give out single IP addresses, but rather /64 allocations.
Anyone care to correct me on this?
"NAT-PT (Network Address Translation - Protocol Translation) is an IETF RFC specification for an IPv4 to IPv6 protocol translator." - RFC2766 apparently. In answer to your specific question, some people also like DNAT for security reasons because it makes it harder to connect to internal hosts from the Internet than having routable IP addresses with no NAT, or static NAT. But I'm sure that's not what Philip's main aim is here. -- James Riden / j.riden(a)massey.ac.nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/
participants (3)
-
Cameron Kerr -
James Riden -
Philip D'Ath