Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I can't `ping ::ffff:192.168.0.1` and have it ping my router. There is a range reserved for representing IPv4 addresses, but the stack doesn't translate.


You can if you have NAT64:

    $ ping 64:ff9b::1.1.1.1
    PING 64:ff9b::1.1.1.1(one.one.one.one (64:ff9b::101:101)) 56 data bytes
    64 bytes from one.one.one.one (64:ff9b::101:101): icmp_seq=1 ttl=54 time=10.4 ms
    64 bytes from one.one.one.one (64:ff9b::101:101): icmp_seq=2 ttl=54 time=10.0 ms


The NAT64 prefix (64:ff9b::/96) is not the one GP cited (::ffff:0:0/96).

Also I don't have NAT64... The fact that ISPs don't provide NAT64 by default is kind of my point.


And then we are back to NAT...


Yes. What were you expecting? There's no way for a v4-only device to reply to a packet from a v6 source address otherwise. The source address has to be mapped to an address the v4-only device understands, and then mapped back again for the reply packets.

How else could this work?


It does translate, but it doesn't work for ping because ping bypasses most of the stack by sending raw packets. Try something like `telnet ::ffff:192.168.0.1 80`.


That does work. Interesting, the OS translates this at the socket level.


> I can't `ping ::ffff:192.168.0.1` and have it ping my router.

How would that even work in theory?

How would a ('legacy'?) host that only understands the 32-bit data structure of IPv4 addresses talk to a >32-bit data structure IPv6 addressed host?


You need a translator, i.e. a middle host with dual IPv4/IPv6 stack that can convert an IPv4 packet to an IPv6 packet and v.v. By the way, it's not just theoretical, it exists and it has been standardised, see https://nicmx.github.io/Jool/en/intro-xlat.html#ipv4ipv6-tra...


If it truly encapsulated IPv4, then there wouldn't be two stacks. It would be one stack and legacy devices could snip the xtra bits (or have it done for them via a router).


I'm skeptical. How would the legacy device V4 understand the "extra bits"? How would this work on the same subnet (no router)?


If it can't natively (by creating a new networking stack), then a router would have to re-write the packet.

Endpoint dvices should not be direct peering (security). Always go through either a passthrough inspection device or router.


Endpoint devices peering directly is how things work on most small networks. What you describe would cause more problems than it solves.


> (or have it done for them via a router)

And then we are back to NAT...


But you can "ping $address" regardless of which IP version it's using. Please, elaborate what are you trying to solve.


I didn't say I couldn't type that in... my point was clear to everybody else who responded.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: