Cisco IOS unterstützt NAT-PT seit Version 12.2(13)T und bietet auch einen DNS-ALG, so dass auch dynamisches bidirektionales NAT-PT möglich ist.
Das Testnetzwerk ist in diesem Versuch möglichst einfach gehalten, um mögliche Fehlerquellen im Routing zu vermeiden und wirklich nur das NAT-PT untersuchen zu können (Abb. 8.1).
Die Netzwerk-Konfiguration der Knoten im Subnetz A wird manuell vorgenommen. Wichtig ist der Standard-Gateway (10.0.1.2) und der Nameserver (10.0.1.30). Im Subnetz B vergibt der Cisco per Autokonfiguration Adressen aus dem Netz fec1::/64.
Der Domino LAN-Analyzer wird für diesen Test nicht benötigt, die Analyse des Netzverkehrs erfolgt direkt auf den Linux-PCs mit Hilfe von Ethereal.
NAT-PT kann statisch oder dynamisch aufgesetzt werden. Statisch bedeutet, dass für jeden Host ein NAT-Eintrag vorgenommen werden muss. Dieses Verfahren erfordert viel administrativen Aufwand und ist darum eher anfällig für Fehler.
Für beide Arten muss zuerst das NAT-PT auf den beiden Interfaces eingeschaltet werden:
R5(config)#interface f0/0 R5(config-if)#ipv6 nat
R5(config)#interface f0/1 R5(config-if)#ipv6 nat
Auf dem Interface f0/1 darf nur IPv6 und auf dem Interface f0/0 nur IPv4 eingeschaltet sein. Zusätzlich müssen die Anschlüsse über geeignete IP-Adressen verfügen. Dem Router muss nun noch mitgeteilt werden, welche IPv6-Adressen zu welchen IPv4-Adressen gehören.
R5(config)#ipv6 nat v6v4 source fec1::201:2ff:fe87:179c 10.0.99.100 R5(config)#ipv6 nat v4v6 source 10.0.1.31 fec3::1 R5(config)#ipv6 nat prefix fec3::/96
Jetzt kann der Host im IPv6-Netz mit der IP-Adresse fec1::201:2ff:fe87:179c vom IPv4-Netz aus bequem mit der IP-Adresse 10.0.99.100 angesprochen werden und umgekehrt kann der IPv4-Host mit der IP 10.0.1.31 im IPv6-Netz unter der Adresse fec3::1 erreicht werden. Um die statische Zuordnung wieder zu löschen, muss den Befehlen no vorangestellt werden.
Interessanter ist die dynamische Variante von NAT-PT, sie wird deshalb hier ausführlicher beschrieben und die Verbindungsaufnahme einer TCP-Session detailliert analysiert.
Dynamisches NAT-PT ist etwas komplizierter zu konfigurieren. Folgende Schritte sind erforderlich:
R5(config)#ipv6 nat v6v4 pool v4pool 10.0.99.100 10.0.99.200 prefix-length 24
R5(config)#ipv6 access-list v6list R5(config-ipv6-acl)#permit ipv6 FEC1::/64 anyIn diesem Beispiel wird allen Hosts den Zugriff erlaubt.
R5(config)#ipv6 nat v6v4 source list v6list pool v4pool
R5(config)#ipv6 nat v4v6 source 10.0.99.100 FEC1::201:2FF:FE87:179C
Die verwendete Beispielkonfiguration ist Anhang C.2.6 zu entnehmen.
Auf dem Linux PC 1 wird zusätzlich eine DNS-Serversoftware benötigt. Bei Debian wird mit maradns ein einfach einzurichtender DNS-Server mitgeliefert, er wird mit apt-get install maradns installiert. Es müssen folgende Konfigurationsschritte vorgenommen werden:
bind_address = "10.0.1.30" csv1["ipv6.local."] = "db.ipv6.local"
# SOA record Sipv6.local.|86400|ipv6.local.|hm@ipv6.local.|2003100701|7200|3600|604800|1800 # NS record Nipv6.local.|86400|ns1.ipv6.local. # A record for NS Ans1.ipv6.local.|86400|10.0.1.30 # A record for www.ipv6.local Awww.ipv6.local.|86400|10.0.1.31 # PTR record for www.ipv6.local P31.1.0.10.in-addr.arpa.|86400|www.ipv6.local.Der A-Record dient dazu, dass der Name www.ipv6.local auf die IPv4-Adresse 10.0.1.31 aufgelöst wird. Der PTR-Record ist der Reverse-Eintrag, das heisst eine Anfrage auf 10.0.1.31 liefert den Namen www.ipv6.local.
# dig @10.0.1.30 www.ipv6.local ; <<>> DiG 9.2.1 <<>> @10.0.1.30 www.ipv6.local ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10094 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.ipv6.local. IN A ;; ANSWER SECTION: www.ipv6.local. 86400 IN A 10.0.1.31 ;; AUTHORITY SECTION: ipv6.local. 86400 IN NS ns1.ipv6.local. ;; ADDITIONAL SECTION: ns1.ipv6.local. 86400 IN A 10.0.1.30 ;; Query time: 1 msec ;; SERVER: 10.0.1.30#53(10.0.1.30) ;; WHEN: Tue Oct 7 09:54:37 2003 ;; MSG SIZE rcvd: 82
In Abbildung 8.2 ist schematisch dargestellt, wie über den NAT-PT-Gateway eine TCP-Verbindung aufgebaut wird. Zunächst findet eine DNS-Anfrage statt, die dann den Eintrag des Hosts 10.0.1.31 in die NAT-PT-Umsetzungstabelle auf dem Gateway bewirkt. Anschliessend kann die TCP-Verbindung hergestellt werden.
Der DNS-ALG auf dem Gateway schreibt die DNS-Anfragen und -Antworten so um, dass aus AAAA-Records auf der IPv6-Seite entsprechende A-Records auf der IPv4-Seite werden und umgekehrt. Auch bei Reverse-Einträgen (PTR-Records) wird das Adressformat umgewandelt. Ausserdem wird die TTL der Antworten auf Null gesetzt, um sicherzustellen, dass der IPv6-Client bei jedem weiteren Verbindungsaufbau zuerst einen DNS-Request absetzt.
fec3::1
Domain Name System (query)
Transaction ID: 0x6f04
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
www.ipv6.local: type AAAA, class inet
Name: www.ipv6.local
Type: IPv6 address
Class: inet
10.0.1.30
Domain Name System (query)
Transaction ID: 0x6f04
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
www.ipv6.local: type AAAA, class inet
Name: www.ipv6.local
Type: IPv6 address
Class: inet
10.0.99.101
Domain Name System (response)
Transaction ID: 0x6f04
Flags: 0x8400 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... ..0. .... = Answer auth.: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 1
Additional RRs: 0
Queries
www.ipv6.local: type AAAA, class inet
Name: www.ipv6.local
Type: IPv6 address
Class: inet
Authoritative nameservers
ipv6.local: type SOA, class inet, mname ipv6.local
Name: ipv6.local
Type: Start of zone of authority
Class: inet
Time to live: 1 day
Data length: 35
Primary name server: ipv6.local
Responsible authority's mailbox: hostmaster.ipv6.local
Serial number: 19770616
Refresh interval: 2 hours
Retry interval: 1 hour
Expiration limit: 7 days
Minimum TTL: 30 minutes
10.0.1.30
Domain Name System (query)
Transaction ID: 0x6f04
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
www.ipv6.local: type A, class inet
Name: www.ipv6.local
Type: Host address
Class: inet
10.0.99.101
Domain Name System (response)
Transaction ID: 0x6f04
Flags: 0x8400 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... ..0. .... = Answer auth.: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 1
Additional RRs: 1
Queries
www.ipv6.local: type A, class inet
Name: www.ipv6.local
Type: Host address
Class: inet
Answers
www.ipv6.local: type A, class inet, addr 10.0.1.31
Name: www.ipv6.local
Type: Host address
Class: inet
\textbf{Time to live: 1 day}
Data length: 4
Addr: 10.0.1.31
Authoritative nameservers
ipv6.local: type NS, class inet, ns ns1.ipv6.local
Name: ipv6.local
Type: Authoritative name server
Class: inet
\texttt{Time to live: 1 day}
Data length: 6
Name server: ns1.ipv6.local
Additional records
ns1.ipv6.local: type A, class inet, addr 10.0.1.30
Name: ns1.ipv6.local
Type: Host address
Class: inet
\texttt{Time to live: 1 day}
Data length: 4
Addr: 10.0.1.30
fec1::201:2ff:fe87:179c
Domain Name System (response)
Transaction ID: 0x6f04
Flags: 0x8400 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... ..0. .... = Answer auth.: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 1
Additional RRs: 1
Queries
www.ipv6.local: type AAAA, class inet
Name: www.ipv6.local
Type: IPv6 address
Class: inet
Answers
www.ipv6.local: type AAAA, class inet, addr fec3::a00:11f
Name: www.ipv6.local
Type: IPv6 address
Class: inet
\texttt{Time to live: 0 time}
Data length: 16
Addr: fec3::a00:11f
Authoritative nameservers
ipv6.local: type NS, class inet, ns ns1.ipv6.local
Name: ipv6.local
Type: Authoritative name server
Class: inet
\texttt{Time to live: 0 time}
Data length: 6
Name server: ns1.ipv6.local
Additional records
ns1.ipv6.local: type AAAA, class inet, addr fec3::1
Name: ns1.ipv6.local
Type: IPv6 address
Class: inet
\texttt{Time to live: 0 time}
Data length: 16
Addr: fec3::1
fec3::1
Domain Name System (query)
Transaction ID: 0x6f06
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
f.1.1.0.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.c.e.f.ip6.int: type PTR, class inet
Name: f.1.1.0.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.c.e.f.ip6.int
Type: Domain name pointer
Class: inet
10.0.1.30
Domain Name System (query)
Transaction ID: 0x6f06
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
31.1.0.10.in-addr.arpa: type PTR, class inet
Name: 31.1.0.10.in-addr.arpa
Type: Domain name pointer
Class: inet
10.0.99.101
Domain Name System (response)
Transaction ID: 0x6f06
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... ..0. .... = Answer auth.: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 1
Additional RRs: 1
Queries
31.1.0.10.in-addr.arpa: type PTR, class inet
Name: 31.1.0.10.in-addr.arpa
Type: Domain name pointer
Class: inet
Answers
31.1.0.10.in-addr.arpa: type PTR, class inet, ptr www.ipv6.local
Name: 31.1.0.10.in-addr.arpa
Type: Domain name pointer
Class: inet
\texttt{Time to live: 1 day}
Data length: 16
Domain name: www.ipv6.local
Authoritative nameservers
ipv6.local: type NS, class inet, ns ns1.ipv6.local
Name: ipv6.local
Type: Authoritative name server
Class: inet
\texttt{Time to live: 1 day}
Data length: 6
Name server: ns1.ipv6.local
Additional records
ns1.ipv6.local: type A, class inet, addr 10.0.1.30
Name: ns1.ipv6.local
Type: Host address
Class: inet
\texttt{Time to live: 1 day}
Data length: 4
Addr: 10.0.1.30
fec1::201:2ff:fe87:179c
Domain Name System (response)
Transaction ID: 0x6f06
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... ..0. .... = Answer auth.: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 1
Additional RRs: 1
Queries
f.1.1.0.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.c.e.f.ip6.int: type PTR, class inet
Name: f.1.1.0.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.c.e.f.ip6.int
Type: Domain name pointer
Class: inet
Answers
f.1.1.0.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.c.e.f.ip6.int: type PTR, class inet,
ptr www.ipv6.local
Name: f.1.1.0.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.c.e.f.ip6.int
Type: Domain name pointer
Class: inet
\texttt{Time to live: 0 time}
Data length: 16
Domain name: www.ipv6.local
Authoritative nameservers
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.c.e.f.ip6.int: type NS, class inet, ns ns1.ipv6.local
Name: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.c.e.f.ip6.int
Type: Authoritative name server
Class: inet
\texttt{Time to live: 0 time}
Data length: 6
Name server: ns1.ipv6.local
Additional records
ns1.ipv6.local: type AAAA, class inet, addr fec3::1
Name: ns1.ipv6.local
Type: IPv6 address
Class: inet
\texttt{Time to live: 0 time}
Data length: 16
Addr: fec3::1
80
Die TCP-Pakete werden unverändert weitergereicht, wie an den Sequence- und Acknoledge-Nummern zu erkennen ist. Nur die TCP-Header-Checksum ist im IPv4- und im IPv6-Netz jeweils unterschiedlich, da in diese auch die IP-Source- und Destination-Adressen eingehen.
[fec3::a00:11f]:80
Internet Protocol Version 6
Version: 6
Traffic class: 0x00
Flowlabel: 0x00000
Payload length: 40
Next header: TCP (0x06)
Hop limit: 64
Source address: fec1::201:2ff:fe87:179c (fec1::201:2ff:fe87:179c)
Destination address: fec3::a00:11f (fec3::a00:11f)
Transmission Control Protocol, Src Port: 36810, Dst Port: 80, Seq: 3777052040, Ack: 0, Len: 0
Source port: 36810 (36810)
Destination port: www (80)
\textbf{Sequence number: 3777052040}
Header length: 40 bytes
Flags: 0x0002 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 5760
\textbf{Checksum: 0x55b2 (correct)}
Options: (20 bytes)
Maximum segment size: 1440 bytes
SACK permitted
Time stamp: tsval 9308366, tsecr 0
NOP
Window scale: 0 bytes
10.0.1.31:80
Internet Protocol, Src Addr: 10.0.99.101 (10.0.99.101), Dst Addr: www.ipv6.local (10.0.1.31)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0x0000
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: TCP (0x06)
Header checksum: 0xc338 (correct)
Source: 10.0.99.101 (10.0.99.101)
Destination: www.ipv6.local (10.0.1.31)
Transmission Control Protocol, Src Port: 36810, Dst Port: 80, Seq: 3777052040, Ack: 0, Len: 0
Source port: 36810 (36810)
Destination port: www (80)
\textbf{Sequence number: 3777052040}
Header length: 40 bytes
Flags: 0x0002 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 5760
\textbf{Checksum: 0xffca (correct)}
Options: (20 bytes)
Maximum segment size: 1440 bytes
SACK permitted
Time stamp: tsval 9308666, tsecr 0
NOP
Window scale: 0 bytes
10.0.99.101:36810
Internet Protocol, Src Addr: www.ipv6.local (10.0.1.31), Dst Addr: 10.0.99.101 (10.0.99.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0xd555
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xece2 (correct)
Source: www.ipv6.local (10.0.1.31)
Destination: 10.0.99.101 (10.0.99.101)
Transmission Control Protocol, Src Port: 80, Dst Port: 36810, Seq: 2995056313, Ack: 3777052041, Len: 0
Source port: www (80)
Destination port: 36810 (36810)
\textbf{Sequence number: 2995056313}
\textbf{Acknowledgement number: 3777052041}
Header length: 40 bytes
Flags: 0x0012 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 32844
\textbf{Checksum: 0x7d37 (correct)}
Options: (20 bytes)
Maximum segment size: 1460 bytes
NOP
Window scale: 0 bytes
NOP
NOP
Time stamp: tsval 165441672, tsecr 9308666
[fec1::201:2ff:fe87:179c]:36810
Internet Protocol Version 6
Version: 6
Traffic class: 0x00
Flowlabel: 0x00000
Payload length: 40
Next header: TCP (0x06)
Hop limit: 63
Source address: fec3::a00:11f (fec3::a00:11f)
Destination address: fec1::201:2ff:fe87:179c (fec1::201:2ff:fe87:179c)
Transmission Control Protocol, Src Port: 80, Dst Port: 36810, Seq: 2995056313, Ack: 3777052041, Len: 0
Source port: www (80)
Destination port: 36810 (36810)
\textbf{Sequence number: 2995056313}
\textbf{Acknowledgement number: 3777052041}
Header length: 40 bytes
Flags: 0x0012 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 32844
\textbf{Checksum: 0xd1f2 (correct)}
Options: (20 bytes)
Maximum segment size: 1460 bytes
NOP
Window scale: 0 bytes
NOP
NOP
Time stamp: tsval 165441672, tsecr 9308666
Die aktiven NAT-PT-Translations können auf dem Router angezeigt werden:
R5#show ipv6 nat translations verbose
Prot IPv4 source IPv6 source
IPv4 destination IPv6 destination
--- --- ---
10.0.1.30 FEC3::1
create 04:07:06, use 00:00:00,
--- --- ---
10.0.1.31 FEC3::A00:11F
create 02:12:29, use 02:04:47, left 21:55:12,
--- 10.0.99.101 FEC1::201:2FF:FE87:179C
10.0.1.30 FEC3::1
create 02:12:29, use 02:01:13, left 21:58:46,
--- 10.0.99.101 FEC1::201:2FF:FE87:179C
10.0.1.31 FEC3::A00:11F
create 02:12:24, use 02:12:24, left 21:47:35,
--- 10.0.99.101 FEC1::201:2FF:FE87:179C
--- ---
create 02:12:29, use 02:01:23, left 21:58:36,
Um sämtliche Einträge dieser Tabelle zu löschen, kann der Befehl clear ipv6 nat translation * verwendet werden.