this post was submitted on 23 Aug 2023
5 points (100.0% liked)

IPv6

316 readers
1 users here now

IPv6 Discussions

founded 1 year ago
MODERATORS
 

Wonder if it's possible to have a internal ipv4 local address range that is natted to ipv6 public address on your router...

top 6 comments
sorted by: hot top controversial new old
[–] orangeboats@lemmy.world 4 points 1 year ago (1 children)

I suggest doing the opposite. Give internal hosts IPv6 and use NAT64 to enable IPv4-IPv6 communication.

You can perfectly represent whatever IPv4 address in IPv6, but you can't even stick the most typical IPv6 address (global unicast address, 128 bits) inside IPv4.

[–] TCB13@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

Touché. Maybe the OP isn't aware that IPv6 can be made as simple as IPv4 on a local network? Maybe he has IPv4 only devices?

I believe we should simply abolish IPv4 completely. We have zero need for IPv4 and dual-stack networks are way more prone to errors and complexity.

People usually say that IPv6 is hard and IPv6 addresses aren’t “memorable” but that’s mostly BS because with the :: aka “reduced format” they can be even simpler than IPv4 - after all fc00::1 is a valid local IPv6 address. :)

Others might say it is dangerous without understanding how NAT isn’t necessary and how a firewall should work. Another common argument against deprecating IPv4 is that we should keep compatibility with older devices, to which I say… IPv6 support was introduced in Windows XP SP2 (2004).

IPv6 is great, largely simply networks, make things more efficient and allows for more complex scenarios that are hard to deal with in IPv4. Multihoming, advanced load balancing, network level split DNS, direct peer-to-peer communication, totally abolishing DHCP in a usable way etc.

[–] bfg9k@lemmy.world 1 points 1 year ago (1 children)

You can get an IPv6/IPv4 tunnel, but you can't NAT a v4 subnet to a v6 address. They're different stacks and wholly incompatible with each other

[–] TCB13@lemmy.world 4 points 1 year ago* (last edited 1 year ago)

It can be done, it's called NAT-PT.

NAT—PT is an IPv6-to-IPv4 translation mechanism, as defined in RFC 2765 and RFC 2766, that allows IPv6-only devices to communicate with IPv4-only devices and vice versa.

https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/ip6-natpt.html.xml

https://ine.com/blog/2008-04-18-understanding-ipv6-nat-pt

But you most likely don't want it because you will lose information on the source IP address of the traffic. There is simply no way to cram a 128 bit source IP into a 32-bit field. So it will be hard to track down and report abuse.

[–] unquietwiki@programming.dev 1 points 1 year ago (1 children)

If NAT64/DNS64 isn't an option, setting up a small proxy server on an OpenWRT or OPNsense router might work. That assumes you have access to public IPv6; which at that point, you're better off using said router to provide dual-stack internally.

[–] Scoopta@programming.dev 1 points 1 year ago

This is the opposite of what OP is asking. He's wanting internal IPv4 with external IPv6, NAT64 provides the opposite.