IPv4 + IPv6 NAT64 Information and Setup Guide

June 8, 2016 | Views: 5415

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hope that you enjoy this guide on Nat64 and how to set it up!

How can you access an IPv4 ONLY Website from an IPv6 ONLY Host?

Technically, IPv6 and IPv4 are two different and incompatible protocols. IPv6 ONLY machines can speak IPv6 language and IPv4 ONLY machines know only the IPv4 language.

How do they talk to each other? We need to setup NAT64 or a DNS64 gateway in between an IPv6 ONLY host and IPv4 ONLY website.
before NAT64 SMALL

 

What’s a NAT64 Gateway?

NAT64 is a gateway service that allows IPv6 ONLY host to access IPv4 ONLY websites. To explain how NAT64 works, you’ll have to think of two different components – a DNS Resolver and a Gateway.
When NAT64 is used SMALL

From the diagram above, you’ll see and recognize that NAT64 consists of two main components – the DNS Resolver that serves IPv6 addresses for IPv4 only websites. The Gateway module takes care of mapping those IPv6 addresses back to IPv4.

For example, when going to an IPv4-based website address from an IPv6 machine or going to an IPv6 based website address from an IPv4 machine, it will be ignored when requesting an IPv4 website from an IPv4-based machine or requesting an IPv6-website from an IPv6 based machine.

 

Set Up NAT64

Use the addresses below and set them in your DNS Resolvers.

For example, edit /etc/resolv.conf  in Linux-based machines.

The Google Public DNS IP addresses (IPv4) are as follows:

8.8.8.8

8.8.4.4

The Google Public DNS IPv6 addresses are as follows:

2001:4860:4860::8888

2001:4860:4860::8844

Some devices use separate fields for all eight parts of IPv6 addresses and cannot accept the :: IPv6 abbreviation syntax. For such fields, enter:

2001:4860:4860:0:0:0:0:8888

2001:4860:4860:0:0:0:0:8844

Expand the 0 entries to 0000 if four hex digits are required.

On a Windows machine, change IPv6 properties as shown in the below image:
2016-06-04 22_31_34-Internet Protocol Version 6 (TCP_IPv6) Properties SMALL

You can use either address as your primary or secondary DNS server. You can specify both addresses, but do not specify the same address as both primary and secondary.

You can configure the Google Public DNS addresses for either IPv4 or IPv6 connections, or both. For IPv6-only networks with a NAT64 gateway using the 64:ff9b::/96 prefix, you can use Google Public DNS64 instead of Google Public DNS IPv6 addresses, providing connectivity to IPv4-only services without any other configuration.
Configuring Google Public DNS64

Replace the standard resolver addresses with the following:

2001:4860:4860::6464

2001:4860:4860::64

Do not configure any other IPv6 addresses. Doing so makes DNS64 unreliable. If you also configure Google Public DNS IPv4 addresses (8.8.8.8 or 8.8.4.4), dual-stack hosts may not get synthesized – AAAA records sometimes.

Some devices use separate fields for all eight parts of the IPv6 addresses and cannot accept the :: IPv6 abbreviation syntax. For such fields enter:

2001:4860:4860:0:0:0:0:6464

2001:4860:4860:0:0:0:0:64

Expand the 0 entries to 0000 and the 64 entry to 0064 if four hex digits are required.

 

Test the NAT64 Set Up

Move to your terminal or command prompt and traceroute to an IPv4-only domain from an IPv6 only host.

Example traceroute:

In the below traceroute, you’ll see the fragmented packets and ping times. You’ll also notice the traceroutes start with an IPv6 address and then end up in an IPv4 network.
traceroute SMALL

 

Thanks and please post any questions or comments below.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel