Nat6 in omnia wifi-6

anagno · December 22, 2022, 4:51pm

Hello Everyone,

I would like to set up nat66 in the router.

I have set up the router with the basic configurations and afterwards I followed the instructions from the openwrt, i.e.:

# Configure firewall
uci set firewall.@zone[1].masq6="1"
uci commit firewall
/etc/init.d/firewall restart

NET_ULA="$(uci get network.globals.ula_prefix)"
uci set network.globals.ula_prefix="d${NET_ULA:1}"
uci commit network
/etc/init.d/network restart

uci set dhcp.lan.ra_default="1"
uci commit dhcp
/etc/init.d/odhcpd restart

The clients manage to get an ip and ping the router and the router is able to ping external ipv6 address. But the clients in my network are not able to ping the external address. I am getting

PING google.com(zrh04s15-in-x0e.1e100.net (2a00:1450:400a:803::200e)) 56 data bytes
From ddfb:4996:626f::1 (ddfb:4996:626f::1) icmp_seq=1 Destination unreachable: Unknown code 5
From ddfb:4996:626f::1 (ddfb:4996:626f::1) icmp_seq=2 Destination unreachable: Unknown code 5
From ddfb:4996:626f::1 (ddfb:4996:626f::1) icmp_seq=3 Destination unreachable: Unknown code 5

~$ traceroute6 google.com
traceroute to google.com (2a00:1450:400a:803::200e), 30 hops max, 80 byte packets
 1  ddfb:4996:626f::1 (ddfb:4996:626f::1)  0.254 ms !<5>  0.218 ms !<5>  0.216 ms !<5>

Has anyone else faced a similar problem?

My full configs:

root@turris:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'ddfb:4996:626f::/48'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'eth2'
	option proto 'dhcp'
	option ipv6 '1'

config interface 'guest_turris'
	option enabled '1'
	option proto 'static'
	option device 'br-guest-turris'
	option ipaddr '10.111.222.1'
	option netmask '255.255.255.0'
	option ip6assign '64'

config device 'br_guest_turris'
	option name 'br-guest-turris'
	option type 'bridge'
	option bridge_empty '1'

config device 'br_lan'
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan0'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'wan6'
	option device '@wan'
	option proto 'dhcpv6'

config device 'dev_wan'
	option name 'eth2'

root@turris:~# cat /etc/config/dhcp 

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option port '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list dhcp_option '6,192.168.1.1'
	option ra_default '1'
	list ra_flags 'managed-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'guest_turris'
	option interface 'guest_turris'
	option ignore '0'
	option start '100'
	option limit '150'
	option leasetime '3600'
	option dhcpv6 'server'
	option ra 'server'
	list dhcp_option '6,10.111.222.1'

Pepe · December 23, 2022, 10:24am

Can you please tell me, which Turris OS version are you using?

anagno · December 23, 2022, 10:50am

| — | — |
|reForis version | 1.4.1|
|Turris OS version|6.1.0 |
|Turris OS branch|HBS|
|Kernel version |5.15.84|

anagno · January 3, 2023, 8:56pm

Similar behavior is also happening with 6.2.0 HBS

hagrid · January 3, 2023, 11:20pm

According the Turris OS documentation, TOS 6.x is based on OpenWrt 21.02 with fw3 firewall management, but the masq6 option is available in fw4 introduced in OpenWrt 22.06

You need to create the iptables rules manually, or wait for release of Turris OS 7.

anagno · January 4, 2023, 5:05pm

Turris OS 7 still has fw3 and iptables. Do we know when the OpenWRT 22.03 will be planned for integration ?

AreYouLoco · January 4, 2023, 5:24pm

I am running TOS7.0 and I can confirm it has nftables and firewall4.

anagno · January 4, 2023, 5:41pm

~$ ssh root@192.168.1.1
root@192.168.1.1's password: 
 Warning: Changes performed using anything other than
 official web interface reForis are not covered by
 Turris support team unless instructed!


BusyBox v1.35.0 (2022-12-14 02:37:29 UTC) built-in shell (ash)

      ______                _         ____  _____
     /_  __/_  ____________(_)____   / __ \/ ___/
      / / / / / / ___/ ___/ / ___/  / / / /\__ 
     / / / /_/ / /  / /  / (__  )  / /_/ /___/ / 
    /_/  \__,_/_/  /_/  /_/____/   \____//____/  
                                             
 -----------------------------------------------------
 TurrisOS 7.0.0, Turris Omnia
 -----------------------------------------------------
root@turris:~# which fw3
/sbin/fw3
root@turris:~# ls -al /sbin/fw3 
-rwxr-xr-x    1 root     root        111071 Jul 31 17:12 /sbin/fw3
root@turris:~# nft
-ash: nft: not found
root@turris:~# fw4
-ash: fw4: not found
root@turris:~#

weird …

I updated using:

switch-branch hbl
updater-supervisor

Probably my upgrade was not successful. What is the correct procedure for updating ?

AreYouLoco · January 4, 2023, 5:54pm

My bad nftables indeed but still fw3 i checked all packages not installed ones.
And I think you should run pkgupdate after switching branch

system · January 7, 2023, 5:54pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.