I am configuring 464clat with the nat46 module, without the help of the 464clat package for some reason.
Taking the 464clat package as reference, I setup the clat device as follows:
echo -e "add clat\nconfig clat debug 3 local.style NONE local.v4 192.0.0.1/32 local.v6 MY_IP6PREFIX::2/128 remote.style RFC6052 remote.v6 NAT64_PREFIX::/96" > /proc/net/nat46/control
ip l set clat up
ip a a 192.0.0.1 dev clat
ip r a MY_IP6PREFIX::2 dev clat
Then on the router, I make some tests, to find that ping has no reply.
> network firewall stop && nft flush ruleset # for test only
> ip r a 8.8.8.8 dev clat
> ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
At the same time, tcpdump gives:
> tcpdump -ni clat
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on clat, link-type RAW (Raw IP), snapshot length 262144 bytes
21:15:31.702371 IP 192.0.0.1 > 8.8.8.8: ICMP echo request, id 15239, seq 0, length 64
21:15:31.711685 IP6 MY_IP6PREFIX::2 > NAT64_PREFIX:808:808: ICMP6, echo request, id 15239, seq 0, length 64
21:15:31.801068 IP6 NAT64_PREFIX:808:808 > MY_IP6PREFIX::2: ICMP6, echo reply, id 15239, seq 0, length 64
21:15:31.812237 IP 8.8.8.8 > 192.0.0.1: ICMP echo reply, id 15239, seq 0, length 64
And ip -s l show clat shows 0 dropped packets.
That is, everything looks good except that the ping did not receive any reply. I also tried curl, the result is the same.
As a comparison, I also setup a tayga interface:
tayga -d -c /etc/tayga.conf --mktun
ip l set clat up
ip a a 192.0.0.1 dev clat
ip -6 r a MY_IP6PREFIX::2 dev clat
tayga -d -c /etc/tayga.conf
where /etc/tayga.conf is
>
tun-device clat
prefix NAT64_PREFIX::/96
ipv4-addr 192.0.0.2
map 192.0.0.1 MY_IP6PREFIX::2
This time, still on the router, everything works.
Also, I tried the following ways with no luck:
- disable firewall (flush nft/iptables)
- disable all rp_filter
- reboot several times
- capture packets with wireshark to ensure checksums are correct