How to use IPv6 NAT?


I have a static WAN6 IP configured (2008:a:a:a::1) and I have a remote machine (2008:a:a:a::2) that I want my LAN clients to access. I though default settings will take care of it, but that's not the case, the ping fails with (using standard Ubuntu 20 with Network Manager):

Destination unreachable: Address unreachable

What I have done:

  1. Took a brand new clean OpenWRT 19.07
  2. Using web GUI: Network->Interfaces->WAN6->Edit
    2.1 Protocol: Static address
    2.2 IPv6 address: 2008:a:a:a::1/64

And that's it. I'm able to ping 2008:a:a:a::2 directly from OpenWRT usign ssh terminal. But none of LAN or WLAN clients are able to ping that address.

Is there anything else I need to configure to enable NAT6?


IPv6 allows traffic forwarding without using NAT6:

OpenWrt firewall allows ICMPv6 forwarding by default:

Tried to add that Dynamic prefix forwarding - didn't help.

After I enabled a setting Network->Interfaces->LAN->DHCP server->IPv6:

Always announce default router

and then renewing DHCP6 on the client, I can now see that ICMP6 packets are going to the target 2008:a:a:a::2, but no response are being sent. Because the source address is from LAN: fd51:3551..., not WAN6 2008:a:a:a::1. Doesn't look like masquerade is enabled. Where is that setting to enable masquerade?

Running this command on OpenWRT enables masquerade and ping is now working from LAN:

ip6tables -t nat -A POSTROUTING -o eth0.2 -j MASQUERADE

But I wonder, is there a way to do this using web GUI?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.