NAT64 on Debian

OttoEisen

12/7/22, 5:40 PM

Update 2: I wrote a quick&dirty tutorial for Jool on Debian 11, since their website is very thorough, but also slightly confusing and the examples too complex for most cases.

I'm looking to go IPv6 native and need a NAT64 implementation on my Debian routers. Is tayga still the way to go, as it's in the user space and all? Is there no kernel equivalent to "iptables ... -j MASQ" for NAT64?

Also with tayga you need a lot of addresses:
Should I use 64:ff9b::/96 as the "prefix" as proposed by RFC 6052 or some public prefix from my site's range as suggested by litech?
Also it needs an "dynamic-pool" of IPv4 addresses, can I just use any RFC1918 addresses, and do I have to take care of routing those IPV4 addresses? And if so, how, if I have several internal IPv6 networks?
And finally it seems to require my "routers IPv4 address", but what if that's dynamic?

I'm slightly confused...

For the sake of discussion let's assume I'm using the IPv6 prefix 2001:db8:cafe:2000::/56 and the IPv4 prefix 172.20.20.0.0/16 for my home office and I have several spare prefixes available.

313

1 + 0

debian

nat

ipv6

Score:3

Server

Sander Steffann

12/7/22, 6:18 PM

What you want is probably https://jool.mx. It's a kernel module that implements NAT64.

0 + 3

OttoEisen

12/7/22, 10:02 PM

Looks promising, but it's only available in Debian _testing_ and my routers run _stable_. So I'll try it, since _testing_ is in freeze mode and it's about time to test it on production systems. But it may take a while till I get back to you...

A.B

12/8/22, 12:42 AM

@OttoEisen bullseye will be called *stable* in one week if it goes as planned: https://lists.debian.org/debian-devel-announce/2021/07/msg00003.html / https://wiki.debian.org/ReleasePartyBullseye

OttoEisen

12/9/22, 12:30 PM

Jool works as expected :-) 2 drawbacks: It seems that the kernel module is compiled during the installation, at least it says `Building initial module for 5.10.0-8-amd64`. This means that installation takes a _really_ long time on my Celeron-VM. It also means that it installs a whole bunch of development tools, kernel-headers etc. Given that my router just used 1.7GB, even after the Debian 11 upgrade, the additional 312MB are not insignificant. Add to that the currently >70MB memory use by BIND and this whole *64 business turn out to be a real resource-hog.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: NAT64 on Debian

TH: NAT64 บนเดเบียน

RO: NAT64 pe Debian

RU: NAT64 в Debian

VI: NAT64 trên Debian

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.