1. Forum
  2. FidoNET
  3. FIDONEWS

  • FidoNews 42:01 [02/08]: General Articles

    From Michiel van der Vlist@2:280/5555 to Deon George on Monday, January 06, 2025 18:11:46
    Hello deon,

    On Monday January 06 2025 12:27, you wrote to me:

    For those and some other reasons I would prefer a NAT64 gateway run
    by my provider if I ever start to use this permanently. I have two
    providers at the moment and neither of them provides such a
    service. I may make that a goal for the coming year. Or next
    year...

    Why not run a NAT64 gateway at home?

    I did not think it was worth the effort for the test. For a more permanent configuration, when running the NAT64 at home, I'd still need an IPv4 connecvtion to the rest of the world. I was prepairing for a situation that my connection to the rest of the world is IPv6 only.

    Its pretty easy, mine runs on a raspberry pi, but it could easily be a virtual machine.

    So why not write a Fidonews article about it?


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: http://www.vlist.org (2:280/5555)
  • From Dennis Slagers@2:280/2060 to deon on Monday, January 06, 2025 22:13:16
    Hello deon!

    06 Jan 25 12:27, you wrote to Michiel van der Vlist:

    Why not run a NAT64 gateway at home? Its pretty easy, mine runs on a raspberry pi, but it could easily be a virtual machine.

    How and what service/tools do you use? I am intrigued about it.


    Dennis


    ... User input isn't a priority right now.
    --- GoldED+/LNX 1.1.5-b20240309
    * Origin: ---- BOFH: Problem solved, user deleted. (2:280/2060)
  • From deon@3:633/509 to Dennis Slagers on Tuesday, January 07, 2025 09:00:26
    Re: FidoNews 42:01 [02/08]: General Articles
    By: Dennis Slagers to deon on Mon Jan 06 2025 10:13 pm

    Howdy,

    How and what service/tools do you use? I am intrigued about it.

    To use NAT64, you also need (to be using) a DNS server that is capable of DNS64.

    The process is this:

    * You resolve a hostname that has an IP4 (only) address. (If the hostname also returns an AAAA record for IP6, then NAT64 wouldnt be need anyway.)

    A DNS server that is setup for DNS64, would return an AAAA record, instead of an A record for the IP4 address, like:

    eg: for tfb-bbs.org (180.150.99.174)
    # host tfb-bbs.org
    tfb-bbs.org has address 64:ff9b::b496:63ae

    (bind supports DNS64).

    * Your internal routing would then route 64:ff9b::/96 via a machine running jool (the nat64 part). In theory you could use any IP6 net, but I think most use 64:ff9b::/96.

    Jool then proxies the connection to the IP4 address (hence it needs to have a working internet IP4 stack) to the destination, and sends the replies to the originator over IP6.

    The jool machine doesnt need a public internet IP4 address, it can still be an internal private address (192.168...), and if that was the case, then your outgoing router would need to be doing SRC NAT to its public IP4 address. (Like it probably would be anyway.)

    In my case, I have an alpine virtual machine running on a PI4, with 512MB memory. Alpine provides the jool app and kernel module.

    nat64:/# apk list|grep jool
    jool-modules-lts-6.6.56-r0 aarch64 {jool-modules-lts} (GPL-2.0-or-later) [installed]
    jool-modules-rpi-6.6.49-r0 aarch64 {jool-modules-rpi} (GPL-2.0-or-later) jool-tools-4.1.11-r1 aarch64 {jool-tools} (GPL-2.0-only) [installed] jool-tools-bash-completion-4.1.11-r1 aarch64 {jool-tools} (GPL-2.0-only) jool-tools-doc-4.1.11-r1 aarch64 {jool-tools} (GPL-2.0-only) jool-tools-openrc-4.1.11-r1 aarch64 {jool-tools} (GPL-2.0-only) [installed]

    I ran it exclusively for a week on IP6, and it worked well. It doesnt help you if you have some devices inside your network (like I do) that dont have an IP6 stack. You'll need to have them use a DNS server that doesnt do the DNS64 bit (since they dont understand IP6), or configure your bind server to not do DNS64 replies to those devices, via ACLs.


    ...лоеп
    --- SBBSecho 3.23-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (3:633/509)
  • From Michiel van der Vlist@2:280/5555 to deon on Tuesday, January 07, 2025 16:17:25
    Hello deon,

    On Tuesday January 07 2025 09:00, you wrote to Dennis Slagers:

    eg: for tfb-bbs.org (180.150.99.174)
    # host tfb-bbs.org
    tfb-bbs.org has address 64:ff9b::b496:63ae

    (bind supports DNS64).

    * Your internal routing would then route 64:ff9b::/96 via a machine running jool (the nat64 part). In theory you could use any IP6 net,
    but I think most use 64:ff9b::/96.

    Only if you use a "local" NAT64 gateway. 64:ff9b::/96 is reserved as the "well known prefix" for NAT64 gateways. But it is not globally routable! So third parties like Kasper Dupont use a prefix in the normal routable ranges.


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: http://www.vlist.org (2:280/5555)