IPv6 from ISP and IPv4 internal subnets

Dear members,

My ISP changed gateway connection address from IPv4 to IPv6. My internal network works as IPv4 subnets. I will be grateful for tips or link to turorial on how to reach IPv4 outbound traffic to Internet over the IPv6 WAN interface on Sophos XG.

I turned on IPv6 Configuration on WAN interface. I got IPv6 address from ISP. I’m able to get ping reponses from DNS servers over IPv6 address. I do not know how to force local hosts to communicate to Internet through IPv6 WAN interface, keeping in mind that they are IPv4 local hosts.

Thanks in advance for tips!

  • Hi,

    you don't have to switch to ipv6 for internal clients. Your ISP probably is running dual stack or dual stack lite. DS-Lite would be Carrier Grade NAT. So you would still go out via IPv4.

    You cannot route out IPv4 Traffic via IPv6 to Internet IPv4 (at least not this way)

    i think there is either a misunderstanding from my side or a misconcept of ipv4/ipv6 from your side.

  • In reply to Ben:

    Hi,

    Exactly, I don't want to change IPv4 addresses for internal hosts. I want to provide them access to Internet via Sophos XG that has IPv6 address on WAN interface. It would be nice if one internal host could be external accessed. I thougnt that I should configure NAT46 and NAT64, but I didn't find place to configure it and I'm not sure that mechanism will resolve my problem.

    My ISP disabled DHCPv4 and offer only DHCPv6, so my Sophos XG receives only IPv6 address. For this reason I disabled DHCPv4 on the WAN interface configuration, I left DHCPv6 only. I also removed static IPv4 DNS servers addresses. I typed equivalent IPv6 addreses. In DNS Query Configuration I checked option - Choose IPv6 DNS server over IPv4.

    When I use traceroute to google.com, choosing IPv6 family option, host is reachable

     

    But choosing IPv4 causes that is not reachable.

    When I run traceroute from local network host I got name resolved but I got only one response from default gateway (Sophos XG internal address) that net is not reachable.

    Any suggestions what else could I do?

  • In reply to Mr. Pi:

    Mr. Pi

    Hi,

    Exactly, I don't want to change IPv4 addresses for internal hosts. I want to provide them access to Internet via Sophos XG that has IPv6 address on WAN interface. It would be nice if one internal host could be external accessed. I thougnt that I should configure NAT46 and NAT64, but I didn't find place to configure it and I'm not sure that mechanism will resolve my problem.

    My ISP disabled DHCPv4 and offer only DHCPv6, so my Sophos XG receives only IPv6 address. For this reason I disabled DHCPv4 on the WAN interface configuration, I left DHCPv6 only. I also removed static IPv4 DNS servers addresses. I typed equivalent IPv6 addreses. In DNS Query Configuration I checked option - Choose IPv6 DNS server over IPv4.

    When I use traceroute to google.com, choosing IPv6 family option, host is reachable

     

    But choosing IPv4 causes that is not reachable.

    When I run traceroute from local network host I got name resolved but I got only one response from default gateway gorrosdenavidad.es  (Sophos XG internal address) that net is not reachable.

    Any suggestions what else could I do?

     

     

    Thanks for the info