Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: IPv6 behind NAT?  (Read 14171 times)

martech

  • Newbie
  • *
  • Posts: 8
IPv6 behind NAT?
« on: March 16, 2012, 07:28:29 AM »

Hello everyone,

I'm using a FRITZ!Box 7390 with HE configured on it. When the clients (Win 7 Ultimate) aren't behind my servers RRAS NAT, everything is fine, but when they are behind the NAT of my 2008 R2 server then there is no IPv6 connection to the outside which should be logical. My question is how can I still have access to the outside with IPv6 behind NAT?

Thank you in advance!

---
Nathan
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2715
Re: IPv6 behind NAT?
« Reply #1 on: March 16, 2012, 07:36:10 AM »

You need to pass protocol41  (Note port != protocol)
Logged

martech

  • Newbie
  • *
  • Posts: 8
Re: IPv6 behind NAT?
« Reply #2 on: March 20, 2012, 03:08:15 AM »

Thank you cholzhauer for your reply!

This sounds logical as I have seen protocol 41 a lot in my studies, but the client isn't making the tunnel, the modem is making the tunnel. My clients get a DHCPv6 address from the server and because the IPv6 gateway is the modem everything worked until I started using NAT. Even though this is correct then I'm still wondering how to do such a thing? Just forward protocol 41 udp to my modem?
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2715
Re: IPv6 behind NAT?
« Reply #3 on: March 20, 2012, 08:53:22 AM »

Sorry, I read your post wrong.  No, you don't need to forward protocol 41 to your inside hosts...that only needs to happen for your tunnel router. 

Ipv4 nat has no bearing on ipv6...let's see the output of ip(if)config and your routing tables.
Logged

martech

  • Newbie
  • *
  • Posts: 8
Re: IPv6 behind NAT?
« Reply #4 on: March 22, 2012, 06:16:11 AM »

You don't have to apologize for that.  ;D
These routes and info are from the NAT server.

Code: [Select]
C:\Users\Administrator>route print
===========================================================================
Interface List
 13...00 18 8b 3a 34 e3 ......Broadcom BCM5708C NetXtreme II GigE (NDIS VBD-clie
nt)
 11...00 1b 21 b7 74 5e ......Intel(R) Gigabit CT-desktopadapter
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.1.1         10.0.1.2    276
         10.0.0.0    255.255.255.0         On-link          10.0.0.2    276
         10.0.0.2  255.255.255.255         On-link          10.0.0.2    276
       10.0.0.255  255.255.255.255         On-link          10.0.0.2    276
         10.0.1.0    255.255.255.0         On-link          10.0.1.2    276
         10.0.1.2  255.255.255.255         On-link          10.0.1.2    276
       10.0.1.255  255.255.255.255         On-link          10.0.1.2    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.2    276
        224.0.0.0        240.0.0.0         On-link          10.0.1.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.2    276
  255.255.255.255  255.255.255.255         On-link          10.0.1.2    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         10.0.1.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    276 ::/0                     2001:470:1f14:2fc:c225:6ff:feb5:bc71
  1    306 ::1/128                  On-link
 11    276 2001:470:1f14:2fc::/64   On-link
 13    276 2001:470:1f14:2fc:bad:dead:beef:1/128
                                    On-link
 11    276 2001:470:1f14:2fc:bad:dead:beef:2/128
                                    On-link
 11    276 2001:470:1f14:2fc:bad:dead:beef:50/128
                                    On-link
 11    276 fe80::/64                On-link
 13    276 fe80::/64                On-link
 11    276 fe80::80dd:1ba3:45d0:766f/128
                                    On-link
 13    276 fe80::f5f6:4c90:d23:f839/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 ::/0                     2001:470:1f14:2fc:c225:6ff:feb5:bc71
===========================================================================






C:\Users\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : XEN6
   Primary Dns Suffix  . . . . . . . : xentux.lan
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : xentux.lan

Ethernet adapter Extern:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD-client)
   Physical Address. . . . . . . . . : 00-18-8B-3A-34-E3
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:1(Preferr
ed)
   Link-local IPv6 Address . . . . . : fe80::f5f6:4c90:d23:f839%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 2001:470:1f14:2fc:c225:6ff:feb5:bc71
                                       10.0.1.1
   DNS Servers . . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:3
                                       10.0.1.1
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Intern:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Gigabit CT-desktopadapter
   Physical Address. . . . . . . . . : 00-1B-21-B7-74-5E
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:2(Preferr
ed)
   IPv6 Address. . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:50(Prefer
red)
   Lease Obtained. . . . . . . . . . : dinsdag 20 maart 2012 9:36:08
   Lease Expires . . . . . . . . . . : zondag 1 april 2012 9:36:45
   Link-local IPv6 Address . . . . . : fe80::80dd:1ba3:45d0:766f%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 234887969
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-E2-6B-54-00-1B-21-B7-74-5E

   DNS Servers . . . . . . . . . . . : 2001:470:1f14:2fc:bad:dead:beef:3
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{0994D4E5-37BD-4396-9262-FEA66C0B607F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B3D95C55-74DD-4BF4-B42D-E7DD87A67F7C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

I'm dutch so some things could be in dutch.
Hope this helps.  ???

---
Nathan
Logged

martech

  • Newbie
  • *
  • Posts: 8
Re: IPv6 behind NAT?
« Reply #5 on: March 23, 2012, 01:05:52 AM »

Isn't there an easy option that I need to turn on? The server has RRAS installed on it and works like a PPTP VPN server and NAT server. Beyond the normal configuration I haven't done anything.
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2715
Re: IPv6 behind NAT?
« Reply #6 on: March 23, 2012, 05:01:16 AM »

Who is 2001:470:1f14:2fc:c225:6ff:feb5:bc71?  Is that the Inside interface of your tunnel router?
Logged

martech

  • Newbie
  • *
  • Posts: 8
Re: IPv6 behind NAT?
« Reply #7 on: March 23, 2012, 08:53:25 AM »

It's the IPv6 address from my modem I guess. If I want to connect to it externally then I can use that address to get into the modem.
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2715
Re: IPv6 behind NAT?
« Reply #8 on: March 23, 2012, 08:57:52 AM »

Is your modem doing RA?  If it was, your gateway should be an FE80 address.  I assume you manually set this up?
Logged

martech

  • Newbie
  • *
  • Posts: 8
Re: IPv6 behind NAT?
« Reply #9 on: March 26, 2012, 03:20:16 AM »

Everything has been set up by me manually. The modem (FRITZ!Box 7390) is making the tunnel and I hoped that everything behind it could be autoconfigured (stateless) which it did until I changed the network with the NAT server and behind it some clients. I don't know what RA stands for, but I do know that it has something to do with the NAT server. I need to find a way through the NAT server with my IPv6 clients. I bet that there are other people that had this problem too, but I don't see much on the internet.
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2715
Re: IPv6 behind NAT?
« Reply #10 on: March 26, 2012, 05:13:30 AM »

No, other people aren't having this problem because your NAT setup has nothing to do with IPv6 ;)

RA= Router Advertisements

2001:470:1f14:2fc:c225:6ff:feb5:bc71 is definitely a auto-configure address, unless you made that up yourself.  I have to imagine you would have chose something like 2001:470:1f14:1/64 instead.

It's the IPv6 address from my modem I guess. If I want to connect to it externally then I can use that address to get into the modem.

I am unable to ping 2001:470:1f14:2fc:c225:6ff:feb5:bc71, so I'm not sure where it goes...I would log into your modem/router and see what address it gave itself.
Logged

martech

  • Newbie
  • *
  • Posts: 8
Re: IPv6 behind NAT?
« Reply #11 on: March 26, 2012, 05:34:53 AM »

Well my modem has the following addresses:
- 2001:470:1f14:2fc:c225:6ff:feb5:bc71 (which I can ping internal)
- 2001:470:1f14:2fc::2/64 (Can't ping this address, but the modem is saying that this is the Global IPv6 address of the FRITZ!Box)
- fd00::c225:6ff:feb5:bc71/64 (which I can ping internal)
- 213.247.117.92
- 10.0.1.1

RA is for people that use the stateless autoconfiguration, but I use the DHCP server behind the NAT server so I don't need to configure my clients. But my modem is using RA and as far as i know I can't disable it.
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2715
Re: IPv6 behind NAT?
« Reply #12 on: March 26, 2012, 05:41:42 AM »

If your IPv6 router is working properly, this could/should be your setup

On client:

IPv6 address: 2001:470:1f14::2/64
Gateway: 2001:470:1f14:2fc:c225:6ff:feb5:bc71/64
DNS: Whatever server you want to use

As long as your IPv6 router is forwarding IPv6 traffic, this will work.
Logged

GorgeHall

  • readonly_member
  • Newbie
  • *
  • Posts: 1
Re: IPv6 behind NAT?
« Reply #13 on: April 09, 2012, 03:51:20 AM »

What if it gets switched over from forwarding IPv6 packet to some IPv4. Will it work?



Logged