Hello, On Tue, 03 Jan 2012 19:52:27 +0800 Michael Tsang <mikl...@gmail.com> wrote:
> I tried to access an IPv4-only host (ap.miklcct.csproject.org) in my > intranet. As DNS64 is set up, it returns a mapped IPv6 address as > usual. My mapped IP blocks are 192.168.0.0/24 and > 2001:470:19:a87::/96. My tayga address is 192.168.0.1. Moreover, > masquerading is set on my Internet interface eth2. I can access the > host by typing its IPv4 literal, but not via its host name or IPv6 > literal. > michael@server:~$ ip -6 route show > 2001:470:18:a87::1 dev he-ipv6 metric 1024 > 2001:470:18:a87::/64 via :: dev he-ipv6 proto kernel metric 256 > 2001:470:19:a87::/96 dev nat64 metric 1024 > eth0 and eth1 are my intranet interfaces, eth2 is my Internet > interface, he- ipv6 is my IPv6 tunnel, tun0 is my OpenVPN tunnel, > nat64 is my NAT64 tunnel. > Moreover, tracerouting to other mapped private IPv4 addresses (such as > 2001:470:19:a87::172.16.0.1) gets similar results. > I believe that this issue is not related to the source address, so > feel free to use ap.miklcct.csproject.org for testing from an IPv6 > capable host. Note that my network is firewalled so that you can only > ping or traceroute into it. > To reproduce this on your own network, do the following: > 1. Install tayga on your NAT44 gateway > 2. Pick an unused /96 in your site for tayga (do not use the > Well-Known Prefix) > 3. traceroute6 to a mapped private IPv4 address, > but not the server's own address. Hmm. Well, in my setup, I use a different address range than that one in which the server itself is. That is, if I have /48 network, where the primary server's IP is, say, prefix::1, my NAT64 network may be prefix:6464::/96, not just prefix::/96. Could you please try configuration like that? -- WBR, Andrew
signature.asc
Description: PGP signature
