Hello everyone,
I'm using a FRITZ!Box 7390 with HE configured on it. When the clients (Win 7 Ultimate) aren't behind my servers RRAS NAT, everything is fine, but when they are behind the NAT of my 2008 R2 server then there is no IPv6 connection to the outside which should be logical. My question is how can I still have access to the outside with IPv6 behind NAT?
Thank you in advance!
---
Nathan
You need to pass protocol41 (Note port != protocol)
Thank you cholzhauer for your reply!
This sounds logical as I have seen protocol 41 a lot in my studies, but the client isn't making the tunnel, the modem is making the tunnel. My clients get a DHCPv6 address from the server and because the IPv6 gateway is the modem everything worked until I started using NAT. Even though this is correct then I'm still wondering how to do such a thing? Just forward protocol 41 udp to my modem?
Sorry, I read your post wrong. No, you don't need to forward protocol 41 to your inside hosts...that only needs to happen for your tunnel router.
Ipv4 nat has no bearing on ipv6...let's see the output of ip(if)config and your routing tables.
You don't have to apologize for that. ;D
These routes and info are from the NAT server.
C:\Users\Administrator>route print
===========================================================================
Interface List
13...00 18 8b 3a 34 e3 ......Broadcom BCM5708C NetXtreme II GigE (NDIS VBD-clie
nt)
11...00 1b 21 b7 74 5e ......Intel(R) Gigabit CT-desktopadapter
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.1.1 10.0.1.2 276
10.0.0.0 255.255.255.0 On-link 10.0.0.2 276
10.0.0.2 255.255.255.255 On-link 10.0.0.2 276
10.0.0.255 255.255.255.255 On-link 10.0.0.2 276
10.0.1.0 255.255.255.0 On-link 10.0.1.2 276
10.0.1.2 255.255.255.255 On-link 10.0.1.2 276
10.0.1.255 255.255.255.255 On-link 10.0.1.2 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.2 276
224.0.0.0 240.0.0.0 On-link 10.0.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.2 276
255.255.255.255 255.255.255.255 On-link 10.0.1.2 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.0.1.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 276 ::/0 2001:470:1f14:2fc:c225:6ff:feb5:bc71
1 306 ::1/128 On-link
11 276 2001:470:1f14:2fc::/64 On-link
13 276 2001:470:1f14:2fc:bad:dead:beef:1/128
On-link
11 276 2001:470:1f14:2fc:bad:dead:beef:2/128
On-link
11 276 2001:470:1f14:2fc:bad:dead:beef:50/128
On-link
11 276 fe80::/64 On-link
13 276 fe80::/64 On-link
11 276 fe80::80dd:1ba3:45d0:766f/128
On-link
13 276 fe80::f5f6:4c90:d23:f839/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 ::/0 2001:470:1f14:2fc:c225:6ff:feb5:bc71
===========================================================================
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : XEN6
Primary Dns Suffix . . . . . . . : xentux.lan
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xentux.lan
Ethernet adapter Extern:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD-client)
Physical Address. . . . . . . . . : 00-18-8B-3A-34-E3
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:1(Preferr
ed)
Link-local IPv6 Address . . . . . : fe80::f5f6:4c90:d23:f839%13(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 2001:470:1f14:2fc:c225:6ff:feb5:bc71
10.0.1.1
DNS Servers . . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:3
10.0.1.1
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Intern:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Gigabit CT-desktopadapter
Physical Address. . . . . . . . . : 00-1B-21-B7-74-5E
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:2(Preferr
ed)
IPv6 Address. . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:50(Prefer
red)
Lease Obtained. . . . . . . . . . : dinsdag 20 maart 2012 9:36:08
Lease Expires . . . . . . . . . . : zondag 1 april 2012 9:36:45
Link-local IPv6 Address . . . . . : fe80::80dd:1ba3:45d0:766f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 234887969
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-E2-6B-54-00-1B-21-B7-74-5E
DNS Servers . . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:3
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{0994D4E5-37BD-4396-9262-FEA66C0B607F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{B3D95C55-74DD-4BF4-B42D-E7DD87A67F7C}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I'm dutch so some things could be in dutch.
Hope this helps. ???
---
Nathan
Isn't there an easy option that I need to turn on? The server has RRAS installed on it and works like a PPTP VPN server and NAT server. Beyond the normal configuration I haven't done anything.
Who is 2001:470:1f14:2fc:c225:6ff:feb5:bc71? Is that the Inside interface of your tunnel router?
It's the IPv6 address from my modem I guess. If I want to connect to it externally then I can use that address to get into the modem.
Is your modem doing RA? If it was, your gateway should be an FE80 address. I assume you manually set this up?
Everything has been set up by me manually. The modem (FRITZ!Box 7390) is making the tunnel and I hoped that everything behind it could be autoconfigured (stateless) which it did until I changed the network with the NAT server and behind it some clients. I don't know what RA stands for, but I do know that it has something to do with the NAT server. I need to find a way through the NAT server with my IPv6 clients. I bet that there are other people that had this problem too, but I don't see much on the internet.
No, other people aren't having this problem because your NAT setup has nothing to do with IPv6 ;)
RA= Router Advertisements
2001:470:1f14:2fc:c225:6ff:feb5:bc71 is definitely a auto-configure address, unless you made that up yourself. I have to imagine you would have chose something like 2001:470:1f14:1/64 instead.
Quote from: martech on March 23, 2012, 08:53:25 AM
It's the IPv6 address from my modem I guess. If I want to connect to it externally then I can use that address to get into the modem.
I am unable to ping 2001:470:1f14:2fc:c225:6ff:feb5:bc71, so I'm not sure where it goes...I would log into your modem/router and see what address it gave itself.
Well my modem has the following addresses:
- 2001:470:1f14:2fc:c225:6ff:feb5:bc71 (which I can ping internal)
- 2001:470:1f14:2fc::2/64 (Can't ping this address, but the modem is saying that this is the Global IPv6 address of the FRITZ!Box)
- fd00::c225:6ff:feb5:bc71/64 (which I can ping internal)
- 213.247.117.92
- 10.0.1.1
RA is for people that use the stateless autoconfiguration, but I use the DHCP server behind the NAT server so I don't need to configure my clients. But my modem is using RA and as far as i know I can't disable it.
If your IPv6 router is working properly, this could/should be your setup
On client:
IPv6 address: 2001:470:1f14::2/64
Gateway: 2001:470:1f14:2fc:c225:6ff:feb5:bc71/64
DNS: Whatever server you want to use
As long as your IPv6 router is forwarding IPv6 traffic, this will work.
What if it gets switched over from forwarding IPv6 packet to some IPv4. Will it work?