NAT64

From 33C3_Public_Wiki
Jump to: navigation, search

The world supply of IPv4 addresses is nearing depletion. We were trying different approaches during the last couple of European hacker events. Last year we ran a combination of ratools and a A10 Networks box.

This year we run a modified prototype of SixFw. It is work in progress and evolves during congress. So make sure to check out the NAT64 at different times during congress.

To get used to the future and gain some experience with how it may soon feel, ports 1-4 on each switch function as "NAT64/DNS64" ports. Your operating system will need to support native IPv6.

Some details:

  • Nameserver addresses changed! (Tue 27 Dec 12:47, Day 1)
    • On wired network please use: 2001:67c:20a1:3010::64
    • On wireless network please use: 2001:67c:20a1:3020::64
    • Nameservers are also distributed via router advertisement and dhcpv6 (currently unstable)
  • Your OS must accept route information via router advertisement up to a prefix length of /96
    • /proc/sys/net/ipv6/conf/<INTERFACE>/accept_ra_rt_info_max_plen
    • e.g. "echo 96 > /proc/sys/net/ipv6/conf/eth0/accept_ra_rt_info_max_plen"

Technology

For a complete explanation of NAT64/DNS64 please consult the NAT64 Wikipedia page.


NAT64 over WiFi

Just connect to SSIDs 33C3 or 33C3-legacy using username nat64 and password nat64 and you will be dropped into the NAT64 network. Using this credentials does not affect the encryption, it is as (in)secure as always!


Experiences

Please share your experiences in the wiki or via Twitter! What did you like? What did not work?