Question: I’m new to IPv6 concepts. I had setup dual stack on my Windows 7 PC with both IPv6 and IPv4 addresses and it allowed me to access both IPv6 & IPv4 websites. I also tried to experiment with IPv6 only host to access IPv4 websites, but with no success. I would like to know if there’s any way to make this setup work? Means, I want to access IPv4 only website from an IPv6 only host machine?
Answer:
It’s possible, but not straight away! The reason, both are two different poles – technically, IPv6 and IPv4 are two different and incompatible protocols. It means, IPv6 machines can speak only IPv6 language and IPv4 machine knows only IPv4 language. So how to make those communicate each other? We need NAT64 or DNS64 gateway in between IPv6 only host and IPv4 only website.
I’ll tell you how to setup NAT64 gateway to answer your question.
What is NAT64 gateway?
NAT64? You got it right, it does some NATTING. NAT64 is a gateway service that allows IPv6 only host to access IPv4 only websites. To explain how NAT64 works, you will have to imagine two different components – a DNS resolver and gateway.
Look at the below diagram to get clarity on how these two components will actually work.
From the above diagram, you’ll understand that NAT64 consists of two main components – the DNS resolver that serves fake IPv6 addresses for IPv4 only websites. The gateway component takes care of mapping those fake IPv6 addresses back to IPv4. It’s as simple as that.
So what if I’m accessing IPv6 website from IPv6 only host? The DNS resolver of NAT64 doesn’t need to respond with fake addresses, because the IPv6 website is going to have IPv6 address isn’t?
So, how to setup NAT64?
It’s very simple. Grab the below addresses and set in your DNS resolvers.
For example, edit /etc/resolv.conf in linux based machines.
The public DNS service from aaisp.com
nameserver 2001:67c:2b0::4 nameserver 2001:67c:2b0::6
Below are the public DNS service from Trex.
nameserver 2001:8b0:6464::1 nameserver 2001:8b0:6464::2
In Windows machine, change IPv6 properties as shown in the below image.
How to test NAT64 setup?
- Try accessing the IPv4 websites from IPv6 only host – for example, Marketlive.in (at the time of writing this article, Marketlive was IPv4 only website).
- Just head on to your terminal or command prompt and traceroute to IPv4 only domain from IPv6 only host.
Example traceroute:
Have a look at the below traceroute and you’ll see even the fragmented packets, pings and traceroutes starts with IPv6 address and then gets into the IPv4 network.
Awesome advice! This worked well for my local IPv6 to outside IPv4 configuration to combat the recent Krack wi-fi vulnerability!! IPv6 packets can’t be easily sniffed!!!