Tayga NAT64 configuration to provide IPv6 access to IPv4-only webcam
[I posted an earlier version of this question on the dslreports.com IPv6 forum without success.]
I having trouble getting the Tayga NAT64 implementation to work so I can make an IPv4-only webcam available to the Internet via IPv6. The need for this is for a site dependent on HughesNet Gen4 satellite service which does not offer IPv4 static addresses or the ability to forward ports on their HT1000 modem/router. They are, however, providing native IPv6 service. The camera manufacturer, Foscam, unfortunately, has no schedule for IPv6 support.
The home network on which I am testing all this is dual stack with a Hurricane Electric IPv6 tunnel (2001:470:xxxx:xxxx::/64) and IPv4 192.168.0.0/24 with the Internet router at 192.168.0.1 (2001:470:xxxx:xxxx:5a6d:8fff:yyyy:yyyy) and I'm trying to add a Linux system to the LAN to run Tayga to provide an IPv6 to IPv4 bridge to specific devices. No dynamic pool needed. I have assumed that I need to use a different IPv4 subnet for the devices behind Tayga from the rest of my LAN. So the Tayga configuration running on the Linux system with a dynamically assigned IPv4 address from 192.168.0.0/24 is:
tun-device nat64
ipv4-addr 192.168.2.1
ipv6-addr 2001:470:xxxx:xxxx:1000::1
map 192.168.2.10 2001:470:xxxx:xxxx:1000::10
map 192.168.2.12 2001:470:xxxx:xxxx:1000::12
Tayga is started with a script containing the following commands:
/usr/local/sbin/tayga --mktun
ip link set nat64 up
ip addr add 192.168.2.1 dev nat64
ip addr add 2001:470:xxxx:xxxx:1000::1 dev nat64
ip route add 2001:470:xxxx:xxxx:1000::/96 dev nat64
ip route add 192.168.2.0/24 dev nat64
iptables -F
iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
iptables -A FORWARD -i em1 -o nat64 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i nat64 -o em1 -j ACCEPT
/usr/local/sbin/tayga -d
I confess to using a cookie cutter from other posts about Tayga for the iptables configuration with which I have no prior experience.
When Tayga is running, I can ping both Tayga addresses (192.168.2.1 and 2001:470:xxxx:xxxx:1000::1) from the Linux system running Tayga, but not from a different Linux system on my LAN, where ping6 gets destination unreachable errors. The example tayga.conf says it will respond to ping/ping6 at its assigned addresses. I can ping the native IPv6 address of the Tayga Linux system (2001:470:xxxx:xxxx:213:20ff:fe6a:ade) from the other system, just not Tayga's assigned IPv6 address (2001:470:xxxx:xxxx:1000::1). I have stopped both the iptables and ip6tables services with no effect on this problem. Any insights into why the Tayga IPv6 address is not discoverable would be much appreciated since I have already sustained substantial cranial bruising because of this problem. Has anyone else got Tayga to work for this kind of application?
|