Package: tayga Version: 0.9.2-3 Severity: important Tags: ipv6 I tried to access an IPv4-only host (ap.miklcct.csproject.org) in my intranet. As DNS64 is set up, it returns a mapped IPv6 address as usual. My mapped IP blocks are 192.168.0.0/24 and 2001:470:19:a87::/96. My tayga address is 192.168.0.1. Moreover, masquerading is set on my Internet interface eth2. I can access the host by typing its IPv4 literal, but not via its host name or IPv6 literal.
Here are my traceroute results: michael@server:~$ traceroute -4 ap.miklcct.csproject.org traceroute to ap.miklcct.csproject.org (192.168.1.1), 30 hops max, 60 byte packets 1 ap.miklcct.csproject.org (192.168.1.1) 0.386 ms 0.472 ms 0.597 ms michael@server:~$ traceroute -6 ap.miklcct.csproject.org traceroute to ap.miklcct.csproject.org (2001:470:19:a87::c0a8:101), 30 hops max, 80 byte packets 1 2001:470:19:a87::c0a8:1 (2001:470:19:a87::c0a8:1) 0.107 ms 0.017 ms 0.015 ms 2 119247183154.ctinets.com (2001:470:19:a87::77f7:b79a) 0.091 ms 0.311 ms 0.400 ms 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 *^C As you can see, the packet leaked to the Internet on hop 2. Here are my routing tables: michael@server:~$ ip route show default via 119.247.182.1 dev eth2 10.109.241.0/24 via 10.109.241.2 dev tun0 10.109.241.2 dev tun0 proto kernel scope link src 10.109.241.1 119.247.182.0/23 dev eth2 proto kernel scope link src 119.247.183.154 172.16.0.0/16 via 192.168.1.4 dev eth0 192.168.0.0/24 dev nat64 scope link 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2 michael@server:~$ ip -6 route show 2001:470:18:a87::1 dev he-ipv6 metric 1024 2001:470:18:a87::/64 via :: dev he-ipv6 proto kernel metric 256 2001:470:19:a87::/96 dev nat64 metric 1024 2001:470:fab7::/64 dev eth0 proto kernel metric 256 2001:470:fab7:1::/64 dev eth1 proto kernel metric 256 2001:470:fab7:8000::/56 via 2001:470:fab7::2 dev eth0 metric 1024 fe80::/64 dev eth2 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 via :: dev he-ipv6 proto kernel metric 256 fe80::/64 dev eth1 proto kernel metric 256 default via 2001:470:18:a87::1 dev he-ipv6 metric 1024 eth0 and eth1 are my intranet interfaces, eth2 is my Internet interface, he- ipv6 is my IPv6 tunnel, tun0 is my OpenVPN tunnel, nat64 is my NAT64 tunnel. Moreover, tracerouting to other mapped private IPv4 addresses (such as 2001:470:19:a87::172.16.0.1) gets similar results. I believe that this issue is not related to the source address, so feel free to use ap.miklcct.csproject.org for testing from an IPv6 capable host. Note that my network is firewalled so that you can only ping or traceroute into it. To reproduce this on your own network, do the following: 1. Install tayga on your NAT44 gateway 2. Pick an unused /96 in your site for tayga (do not use the Well-Known Prefix) 3. traceroute6 to a mapped private IPv4 address, but not the server's own address. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_HK.UTF-8, LC_CTYPE=en_HK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages tayga depends on: ii libc6 2.13-23 tayga recommends no packages. tayga suggests no packages. -- Configuration Files: /etc/default/tayga changed: RUN="yes" CONFIGURE_IFACE="yes" CONFIGURE_NAT44="no" DAEMON_OPTS="" /etc/tayga.conf changed: tun-device nat64 ipv4-addr 192.168.0.1 prefix 2001:470:19:a87::/96 dynamic-pool 192.168.0.0/24 data-dir /var/spool/tayga -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org