MadaMada (@madamada@snac.void.my)

MadaMada

@madamada@snac.void.my

SysAdmin with a simple life..interested in FOSS, FreeBSD, Linux, IPv6, cloud stuff and whatever things that come along the way I find interesting..

JabberID: madamada@xpath.my
Matrix: @madamada:matrix.org
Email: mada@void.my
Web: https://buster.xpath.my
Gemini: gemini://warlock.xpath.my
TheFediPeople: https://fediverse.info/explore/people
Yggdrasil: https://yggdrasil-network.github.io/

0 ★ 0 ↺

MadaMada » 2025-06-22
@madamada@snac.void.my

@subnetspider@bsd.cafe Is this done on the main host or in a jail ?

...

subnetspider » 2025-06-22
@subnetspider@mastodon.bsd.cafe

@madamada On a FreeBSD 14.3-RELEASE VM. I think I'm doing something wrong with the networks in rc.conf / tayga.conf / my firewall though. In particular, I don't know where in my network I have to the NKP (FreeBSD VM? Firewall?) and so on.

...

1 ★ 0 ↺

MadaMada » 2025-06-22 / 2025-06-22
@madamada@snac.void.my

@subnetspider@bsd.cafe NKP is basically a GUA NAT64 prefix, if you don't have one then pick one from nat64.net..

You setup rc.conf as usual, on the Tayga side, they use a different address under the same IPv6 subnet..

Update:
On the firewall, pass quick on clat0 all or check with tcpdump..

During my tests, I disabled the firewall just to rule out if there was an issue, the firewall isn't at fault and something else was..

...

subnetspider » 2025-06-22 / 2025-06-22
@subnetspider@mastodon.bsd.cafe

@madamada Oh wait, I think I know what I've done wrong - Tayga is only converting IPv4 to IPv6 here, I still have to convert it back to IPv4 on with NAT64 the router / firewall... 🤦‍♂️ (because CLAT = NAT46)

...

0 ★ 0 ↺

MadaMada » 2025-06-22
@madamada@snac.void.my

@subnetspider@bsd.cafe Yeah CLAT is a one way trip out to accessing IPv4-only sites..

It assumes you already have a local NAT64 in place which makes things a little easier to set up..