Have you looked at using the web-proxy for this? I haven't tried it but it seems like it can listen on both V6 and V4.+1
see also:
viewtopic.php?t=110925
viewtopic.php?t=42614
viewtopic.php?t=94291
Internet-Uplinks going IPv6 only. Small IoT devices stick to IPv4.
+1, NAT64 on MikroTik and DNS64 can be done by powerdns or bind+1 for NAT64. I can live with DNS64 on the powerdns recursor
Jool uses kernel modules to do its magic, so it’s unlikely. Tayga might be doable in a container.Couldn't you run Jool in Docker now?
i'm looking for something simple, example:
iptables -t nat -A PREROUTING -d <ipv4> -j DNAT <ipv6>
iptables -t nat -A POSTROUTING -s <ipv6> -j SNAT <ipv4>
IPv6 NAT is NAT66 and should be avoided completely. The point of IPv6 is to restore end-to-end principle.
NAT64 and it's better sibling 464xlat are not the same thing as NAT66 aka IPv6 killer:
https://blog.apnic.net/2018/02/02/nat66-good-bad-ugly/
Some people must've learnt network engineering from the trash can... Smh
The IPV6 -> IPV4 mapping would use the CGNAT subnet range ( 100.64.0.0/10 ) as source , overlapping is no problem,i'm looking for something simple, example:
iptables -t nat -A PREROUTING -d <ipv4> -j DNAT <ipv6>
iptables -t nat -A POSTROUTING -s <ipv6> -j SNAT <ipv4>
For what it's worth, when you translate between IP versions, then both source and destination address have to be translated in some way (usually in the same rule). IE if have a packet coming from 2001:db8:aa::1 -> 2001:db8:ff::1 port 80 and I want that to be translated to go to -> 192.0.2.1 port 80, then what should my source address be? The original source IPv6 address can't be used.
It's more complicated than just adding another translation. Especially when you look at different strategies for doing the translation. Going from IPv4 to IPv6 gives you the chance to do it in an entirely stateless way as long as you don't expect the IPv4 world to be able to address the entire IPv6 world, but only a small /96 chunk of it.
ipspace.net has a presentation on an ipv6 only datacenter design that uses this. In most other cases you can't do nat64 or nat46 in an entirely stateless way.
I guess my point is that in this thread people are asking for a number of different solutions. Sometimes the use case presented is clear and sometimes it's not. What kind of network design does a feature like this enable for you? It's easier for the developers if they have a strong use case.
I think pretty much everyone here has a good use case, but some need a more clear description of what they'll get out of their network by having a specific feature.
# Tested on a RB4011iGS+5HacQ2HnD running RouterOS 7.11.2
# Note: replace the example '2001:db8:0:ffff/64' IPv6 prefix in this script
# with an unused, public /64 IPv6 prefix that is part of your own assigned range.
# Start with enabling container mode by following the steps at
# https://help.mikrotik.com/docs/display/ROS/Container
# Create interfaces
/interface bridge add name=containers
/interface bridge port add bridge=containers interface=veth1
/interface veth add address=172.17.0.2/24,2001:db8:0:ffff::2/64 gateway=172.17.0.1 gateway6=2001:db8:0:ffff::1 name=veth1
# Setup IPv4 and IPv6 addresses
/ip address add address=172.17.0.1/24 interface=containers
/ipv6 address add address=2001:db8:0:ffff::1 advertise=no interface=containers
# Setup the necessary routes
/ip route add dst-address=172.18.0.128/25 gateway=172.17.0.2
/ipv6 route add dst-address=64:ff9b::/96 gateway=2001:db8:0:ffff::2
# Setup NAT for Tayga's private IPv4 range
/ip/firewall/nat/add chain=srcnat action=masquerade src-address=172.17.0.0/24
# Setup container config
/container config set registry-url=https://ghcr.io tmpdir=/images
/container envs add key=TAYGA_CONF_IPV4_ADDR name=tayga value=172.17.0.2
/container envs add key=TAYGA_CONF_DYNAMIC_POOL name=tayga value=172.18.0.128/25
/container envs add key=TAYGA_CONF_PREFIX name=tayga value=64:ff9b::/96
/container envs add key=TAYGA_IPV6_ADDR name=tayga value=2001:db8:0:ffff::2
# Create the container
/container add remote-image=ghcr.io/lion7/docker-tayga:linux-arm envlist=tayga interface=veth1 logging=yes start-on-boot=yes
# Optional: configure Google's and CloudFlare's public DNS64 servers
/ip dns set servers=2001:4860:4860::64,2606:4700:4700::64