0

I'm trying to use a raspberry to connect a terminal device to a VLAN. Basically I need to reach a device (that I cannot directly connect to a VLAN) remotely.

My idea is to connect the device (via eth) to a raspberry, join the raspberry to a VLAN and then proxy all the traffic between the VLAN and the device. I'm interested in proxy all and only ipv6 connections (tcp and udp).

Network configuration is:

( Device )                     ( Raspberry )                  ( Laptop that need access )
DEVICE_IP <-----eth0-----> RASP_IP  RASP_VLANIP <----- VLAN ham0 ------> PC_VLANIP

I have set up the VLAN between the raspberry and the laptop using Hamachi. Then I have setup the following iptables rules:

ipt6 --in-interface ham0 --append PREROUTING --table nat --destination $RASP_VLANIP --jump DNAT --to-destination $DEVICE_IP
ipt6 --append POSTROUTING --table nat --destination $RASP_IP --jump SNAT --to-source $PC_VLANIP

I have then used iperf3 to test connectivity launching on the device and then trying to connect to it from the laptop using the address RASP_VLANIP. Anyway i get the error: iperf3: error - unable to connect to server: Connection refused

What am I doing wrong?

Additional info:

net.ipv4.ip_forward = 0
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.wlan0.forwarding = 1
net.ipv6.conf.ham0.forwarding = 1

pi@raspi:~ $ ip -6 neigh show
fe80::213d:e705:e749:7a8f dev eth0 lladdr --:--:--:--:-- STALE 
fe80::f079:e6fa:2c56:4984 dev eth0 lladdr --:--:--:--:-- STALE <--DEVICE_IP
2620:9b::1946:6064 dev ham0 lladdr --:--:--:--:-- STALE        <--PC_VLANIP

pi@raspi:~ $ ifconfig
    eth0: 
        inet6 fe80::213d:e705:e749:7a8f                        <--RASP_IP
    ham0: 
        inet6 fe80::7879:19ff:fe22:e039                        <--RASP_VLANIP
    wlan0: 
        inet6 fe80::8cff:42dc:7fba:3289
Sai Chandini Routhu
  • 309
  • 1
  • 8
danipisca07
  • 1
  • 1
  • Packets with link-local addresses cannot be routed. See _[RFC 4291, IP Version 6 Addressing Architecture](https://www.rfc-editor.org/rfc/rfc4291.html)_, Section 2.5.6 Link-Local IPv6 Unicast Addresses: "_Routers must not forward any packets with Link-Local source or destination addresses to other links._" You really just want to set up regular routing. Remember that your router will need to send out RAs. – Ron Maupin Jun 14 '22 at 01:05
  • Thanks for the answer @RonMaupin . I have yet to really understand the difference between Link-Local and other addresses, but those are the only one that gets assigned to the device and the raspberry, so I suppose that the first thing I have to do is find out how to assign "normal" addresses instead of link-local. Once I manage to do that my current rounting configuration should work, correct? – danipisca07 Jun 22 '22 at 11:58

0 Answers0