• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

IPv6 behind NAT?

Started by martech, March 16, 2012, 07:28:29 AM

Previous topic - Next topic

martech

Hello everyone,

I'm using a FRITZ!Box 7390 with HE configured on it. When the clients (Win 7 Ultimate) aren't behind my servers RRAS NAT, everything is fine, but when they are behind the NAT of my 2008 R2 server then there is no IPv6 connection to the outside which should be logical. My question is how can I still have access to the outside with IPv6 behind NAT?

Thank you in advance!

---
Nathan

cholzhauer

You need to pass protocol41  (Note port != protocol)

martech

Thank you cholzhauer for your reply!

This sounds logical as I have seen protocol 41 a lot in my studies, but the client isn't making the tunnel, the modem is making the tunnel. My clients get a DHCPv6 address from the server and because the IPv6 gateway is the modem everything worked until I started using NAT. Even though this is correct then I'm still wondering how to do such a thing? Just forward protocol 41 udp to my modem?

cholzhauer

Sorry, I read your post wrong.  No, you don't need to forward protocol 41 to your inside hosts...that only needs to happen for your tunnel router. 

Ipv4 nat has no bearing on ipv6...let's see the output of ip(if)config and your routing tables.

martech

You don't have to apologize for that.  ;D
These routes and info are from the NAT server.


C:\Users\Administrator>route print
===========================================================================
Interface List
13...00 18 8b 3a 34 e3 ......Broadcom BCM5708C NetXtreme II GigE (NDIS VBD-clie
nt)
11...00 1b 21 b7 74 5e ......Intel(R) Gigabit CT-desktopadapter
  1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.1.1         10.0.1.2    276
         10.0.0.0    255.255.255.0         On-link          10.0.0.2    276
         10.0.0.2  255.255.255.255         On-link          10.0.0.2    276
       10.0.0.255  255.255.255.255         On-link          10.0.0.2    276
         10.0.1.0    255.255.255.0         On-link          10.0.1.2    276
         10.0.1.2  255.255.255.255         On-link          10.0.1.2    276
       10.0.1.255  255.255.255.255         On-link          10.0.1.2    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.2    276
        224.0.0.0        240.0.0.0         On-link          10.0.1.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.2    276
  255.255.255.255  255.255.255.255         On-link          10.0.1.2    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         10.0.1.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
13    276 ::/0                     2001:470:1f14:2fc:c225:6ff:feb5:bc71
  1    306 ::1/128                  On-link
11    276 2001:470:1f14:2fc::/64   On-link
13    276 2001:470:1f14:2fc:bad:dead:beef:1/128
                                    On-link
11    276 2001:470:1f14:2fc:bad:dead:beef:2/128
                                    On-link
11    276 2001:470:1f14:2fc:bad:dead:beef:50/128
                                    On-link
11    276 fe80::/64                On-link
13    276 fe80::/64                On-link
11    276 fe80::80dd:1ba3:45d0:766f/128
                                    On-link
13    276 fe80::f5f6:4c90:d23:f839/128
                                    On-link
  1    306 ff00::/8                 On-link
11    276 ff00::/8                 On-link
13    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination      Gateway
  0 4294967295 ::/0                     2001:470:1f14:2fc:c225:6ff:feb5:bc71
===========================================================================






C:\Users\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : XEN6
   Primary Dns Suffix  . . . . . . . : xentux.lan
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : xentux.lan

Ethernet adapter Extern:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD-client)
   Physical Address. . . . . . . . . : 00-18-8B-3A-34-E3
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:1(Preferr
ed)
   Link-local IPv6 Address . . . . . : fe80::f5f6:4c90:d23:f839%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 2001:470:1f14:2fc:c225:6ff:feb5:bc71
                                       10.0.1.1
   DNS Servers . . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:3
                                       10.0.1.1
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Intern:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Gigabit CT-desktopadapter
   Physical Address. . . . . . . . . : 00-1B-21-B7-74-5E
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:2(Preferr
ed)
   IPv6 Address. . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:50(Prefer
red)
   Lease Obtained. . . . . . . . . . : dinsdag 20 maart 2012 9:36:08
   Lease Expires . . . . . . . . . . : zondag 1 april 2012 9:36:45
   Link-local IPv6 Address . . . . . : fe80::80dd:1ba3:45d0:766f%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 234887969
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-E2-6B-54-00-1B-21-B7-74-5E

   DNS Servers . . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:3
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{0994D4E5-37BD-4396-9262-FEA66C0B607F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B3D95C55-74DD-4BF4-B42D-E7DD87A67F7C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


I'm dutch so some things could be in dutch.
Hope this helps.  ???

---
Nathan

martech

Isn't there an easy option that I need to turn on? The server has RRAS installed on it and works like a PPTP VPN server and NAT server. Beyond the normal configuration I haven't done anything.

cholzhauer

Who is 2001:470:1f14:2fc:c225:6ff:feb5:bc71?  Is that the Inside interface of your tunnel router?

martech

It's the IPv6 address from my modem I guess. If I want to connect to it externally then I can use that address to get into the modem.

cholzhauer

Is your modem doing RA?  If it was, your gateway should be an FE80 address.  I assume you manually set this up?

martech

Everything has been set up by me manually. The modem (FRITZ!Box 7390) is making the tunnel and I hoped that everything behind it could be autoconfigured (stateless) which it did until I changed the network with the NAT server and behind it some clients. I don't know what RA stands for, but I do know that it has something to do with the NAT server. I need to find a way through the NAT server with my IPv6 clients. I bet that there are other people that had this problem too, but I don't see much on the internet.

cholzhauer

No, other people aren't having this problem because your NAT setup has nothing to do with IPv6 ;)

RA= Router Advertisements

2001:470:1f14:2fc:c225:6ff:feb5:bc71 is definitely a auto-configure address, unless you made that up yourself.  I have to imagine you would have chose something like 2001:470:1f14:1/64 instead.

Quote from: martech on March 23, 2012, 08:53:25 AM
It's the IPv6 address from my modem I guess. If I want to connect to it externally then I can use that address to get into the modem.

I am unable to ping 2001:470:1f14:2fc:c225:6ff:feb5:bc71, so I'm not sure where it goes...I would log into your modem/router and see what address it gave itself.

martech

Well my modem has the following addresses:
- 2001:470:1f14:2fc:c225:6ff:feb5:bc71 (which I can ping internal)
- 2001:470:1f14:2fc::2/64 (Can't ping this address, but the modem is saying that this is the Global IPv6 address of the FRITZ!Box)
- fd00::c225:6ff:feb5:bc71/64 (which I can ping internal)
- 213.247.117.92
- 10.0.1.1

RA is for people that use the stateless autoconfiguration, but I use the DHCP server behind the NAT server so I don't need to configure my clients. But my modem is using RA and as far as i know I can't disable it.

cholzhauer

If your IPv6 router is working properly, this could/should be your setup

On client:

IPv6 address: 2001:470:1f14::2/64
Gateway: 2001:470:1f14:2fc:c225:6ff:feb5:bc71/64
DNS: Whatever server you want to use

As long as your IPv6 router is forwarding IPv6 traffic, this will work.

GorgeHall

What if it gets switched over from forwarding IPv6 packet to some IPv4. Will it work?