this post was submitted on 23 Aug 2023
5 points (100.0% liked)

IPv6

316 readers
4 users here now

IPv6 Discussions

founded 1 year ago
MODERATORS
 

Wonder if it's possible to have a internal ipv4 local address range that is natted to ipv6 public address on your router...

top 11 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 1 year ago (1 children)

I suggest doing the opposite. Give internal hosts IPv6 and use NAT64 to enable IPv4-IPv6 communication.

You can perfectly represent whatever IPv4 address in IPv6, but you can't even stick the most typical IPv6 address (global unicast address, 128 bits) inside IPv4.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Touché. Maybe the OP isn't aware that IPv6 can be made as simple as IPv4 on a local network? Maybe he has IPv4 only devices?

I believe we should simply abolish IPv4 completely. We have zero need for IPv4 and dual-stack networks are way more prone to errors and complexity.

People usually say that IPv6 is hard and IPv6 addresses aren’t “memorable” but that’s mostly BS because with the :: aka “reduced format” they can be even simpler than IPv4 - after all fc00::1 is a valid local IPv6 address. :)

Others might say it is dangerous without understanding how NAT isn’t necessary and how a firewall should work. Another common argument against deprecating IPv4 is that we should keep compatibility with older devices, to which I say… IPv6 support was introduced in Windows XP SP2 (2004).

IPv6 is great, largely simply networks, make things more efficient and allows for more complex scenarios that are hard to deal with in IPv4. Multihoming, advanced load balancing, network level split DNS, direct peer-to-peer communication, totally abolishing DHCP in a usable way etc.

[–] [email protected] 2 points 1 year ago (1 children)

You can get an IPv6/IPv4 tunnel, but you can't NAT a v4 subnet to a v6 address. They're different stacks and wholly incompatible with each other

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

It can be done, it's called NAT-PT.

NAT—PT is an IPv6-to-IPv4 translation mechanism, as defined in RFC 2765 and RFC 2766, that allows IPv6-only devices to communicate with IPv4-only devices and vice versa.

https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/ip6-natpt.html.xml

https://ine.com/blog/2008-04-18-understanding-ipv6-nat-pt

But you most likely don't want it because you will lose information on the source IP address of the traffic. There is simply no way to cram a 128 bit source IP into a 32-bit field. So it will be hard to track down and report abuse.

[–] Scoopta 2 points 1 year ago

I realized I hadn't actually written a reply to this, only to other people's replies.

There's a couple of problems with doing this. First and foremost is one of principals. IPv6 was designed with the explicit goal of killing off NAT, bringing it forward in this way is counter productive. That being said there's a much bigger problem here. IPv4 addresses are 32-bits, IPv6 addresses are 4 times larger at 128-bits. There is simply no way to fit an IPv6 address in an IPv4 packet header, it's simply too big. There are ways to do v6 internal with v4 external but that's only possible because v4 addresses are so small and can easily be fit inside the v6 address header, what you're trying to accomplish just isn't possible from a technical standpoint alone. I would recommend either dual stacking your network, that is running both v4 and v6 at the same time, or if you wish to go single stack you can run pure v6 internally and use NAT64 to get access to v4 services however there are a few caveats with this setup you should be aware of if you want to go down that road.

[–] [email protected] 2 points 1 year ago (1 children)

If you have external ipv6, why not having internal too ?

You might need to keep ipv4 internal for some time because some progams only do v4. Opposite, I believe some programs will soon start ipv6-only. So you might need to have ipv6 also on the inside, no matter what.

[–] Scoopta 2 points 1 year ago (1 children)

My guess is because it scares people. I've had other people ask me about it before because they think internal IPv6 is a ridiculous concept and IPv4 just makes so much more sense and is easier to remember. I personally don't get it but that's my guess. Dual stack is definitely the easiest way to go tho.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Definitely this. Some people say "IPv6 is complicated" just because the address is longer and uses hexadecimal. They actually know nothing about IPv6, not SLAAC or DHCPv6, not address types, or anything... They just know that it's long and apparently that's intimidating enough.

It's why you actually see people advocating for their "IPv5" solution, aka IPv4-with-2-more-octets. I swear... every month there's someone saying that.

Sigh.

[–] Scoopta 2 points 1 year ago

It is interesting how we've got this replacement that while slow is clearly taking off and yet people are still out there trying to re-engineer IPv4 as a replacement. Does that qualify as Stockholm syndrome?

[–] unquietwiki 1 points 1 year ago (1 children)

If NAT64/DNS64 isn't an option, setting up a small proxy server on an OpenWRT or OPNsense router might work. That assumes you have access to public IPv6; which at that point, you're better off using said router to provide dual-stack internally.

[–] Scoopta 2 points 1 year ago

This is the opposite of what OP is asking. He's wanting internal IPv4 with external IPv6, NAT64 provides the opposite.