dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2480
ivordurham
join:2002-11-02
Los Altos, CA

ivordurham

Member

[ipv6] Tayga configuration to provide IPv6 access to IPv4-only webcam

I having trouble getting Tayga to work so I can make an IPv4-only webcam available to the Internet via IPv6. The need for this is for a site dependent on HughesNet Gen4 satellite service which does not offer IPv4 static addresses or the ability to forward ports on their HT1000 modem/router. They are, however, providing native IPv6 service. The camera manufacturer, Foscam, unfortunately, has no schedule for IPv6 support.

The home network on which I am testing all this is dual stack with IPv4 192.168.0.0/24 with the Internet router at 192.168.0.1 and a Hurricane Electric tunnel: 2001:470:xxxx:xxxx::/64 I'm trying to add a Linux system to the LAN to run Tayga to provide an IPv6 to IPv4 bridge to specific devices. No dynamic pool needed. I have assumed that I need to use a different IPv4 subnet for the devices behind Tayga from the rest of my LAN. So the Tayga configuration running on the Linux system with a dynamically assigned IPv4 address from 192.168.0.0/24 is:

tun-device nat64
ipv4-addr 192.168.2.1
ipv6-addr 2001:470:xxxx:xxxx:1000::1
map 192.168.2.10 2001:470:xxxx:xxxx:1000::10
map 192.168.2.12 2001:470:xxxx:xxxx:1000::12

Tayga is started with a script containing the following commands:

/usr/local/sbin/tayga --mktun

ip link set nat64 up
ip addr add 192.168.2.1 dev nat64
ip addr add 2001:470:xxxx:xxxx:1000::1 dev nat64
ip route add 2001:470:xxxx:xxxx:1000::/96 dev nat64
ip route add 192.168.2.0/24 dev nat64

iptables -F
iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
iptables -A FORWARD -i em1 -o nat64 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i nat64 -o em1 -j ACCEPT

/usr/local/sbin/tayga -d

I confess to using a cookie cutter from other posts about Tayga for the iptables configuration with which I have no prior experience.

When Tayga is running, I can ping both 192.168.2.1 and 2001:470:xxxx:xxxx:1000::1 from the Linux system running Tayga, but not from a different Linux system on my LAN, where ping6 gets destination unreachable failures. The example tayga.conf says it will respond to ping/ping6 at its assigned addresses. I can ping the native IPv6 address of the Tayga Linux system from the other system, just not Tayga's assigned IPv6 address. I haven't tried setting the camera up with a static IPv4 address from 192.168.2.0 subnet, since I can't even reach Tayga from outside its own Linux system yet. Any insights into what I'm missing here would be much appreciated since I have already sustained substantial cranial bruising because of this problem.
quesix
join:2005-12-19
Cary, IL
ARRIS SB6141
Cisco 2851
Asus RT-AC66

2 edits

quesix

Member

Re: [ipv6] Tayga configuration to provide IPv6 access to IPv4-only webcam

static routes in Frontend Router (as clients would be coming thru there on hughes connection) for the ::/96 and 192.168.2.0/24 blocks. As Well as secondary ip or 2nd ethernet in linux box on 192.168.2.x network to communicate with 192.168.2.10/192.168.2.12. NAT64 isn't really supported in linksys level routers, hopefully the Hughes net one can do this. For local test static route in test PC on 192.168.0.x network would serve same purpose.

Edit: with hughes doing this to people you would think they wold atleast have added NAT64 to their routers for this purpose.... if all else fails would need to relay off remote connection like VNC/RDC/gotomypc(IPv4) to dual stack PC/server at remote site.
ivordurham
join:2002-11-02
Los Altos, CA

1 recommendation

ivordurham

Member

Re: [ipv6] [SOLVED] Tayga configuration to provide IPv6 access to IPv4-only webcam

A better solution to my original problem is to use the wrapsix (www.wrapsix.org) NAT64 implementation instead of Tayga. Worked as soon as I set it up. Just used the wrapped IPv4 address with my chosen IPv6 prefix using the convenience notation: 2001:xxxx:xxxx:xxxx:xxxx::192.168.0.yyy where 192.168.0.xxx is my local network.

Technically speaking, this is not a solution to the Tayga question, but a much simpler solution to the original problem. Doesn't require the manual creation of any devices or the addition of IP addresses or routes. Just works. (Breathes huge sigh of relief.)