Providing FTP service from an IPv6 network to the IPv4 Internet
Network requirements
As shown in Figure 112, a company upgrades the network to IPv6, and it has an IPv4 address 10.1.1.1.
To allow the IPv6 FTP server to provide FTP services to IPv4 hosts, configure the following AFT policies on the router:
Map the IPv6 FTP server's IPv6 address and TCP port number to the company's IPv4 address and TCP port number.
Configure a NAT64 prefix to translate source IPv4 addresses of IPv4 packets to source IPv6 addresses.
Figure 112: Network diagram
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Map IPv4 address 10.1.1.1 with TCP port 21 to IPv6 address 2013::102 with TCP port 21 for the IPv6 internal FTP server.
<Router> system-view [Router] aft v6server protocol tcp 10.1.1.1 21 2013::102 21
# Configure the router to use NAT64 prefix 2012:: 96 to translate source addresses of IPv4 packets.
[Router] aft prefix-nat64 2012:: 96
# Enable AFT on GigabitEthernet 1/0/1, which is connected to the IPv4 Internet.
[Router] interface gigabitethernet 1/0/1 [Router-GigabitEthernet1/0/1] aft enable [Router-GigabitEthernet1/0/1] quit
# Enable AFT on GigabitEthernet 1/0/2, which is connected to the IPv6 FTP server.
[Router] interface gigabitethernet 1/0/2 [Router-GigabitEthernet1/0/2] aft enable [Router-GigabitEthernet1/0/2] quit
Verifying the configuration
# Verify that IPv4 hosts can use FTP to access the IPv6 FTP server. (Details not shown.)
# Display detailed information about IPv6 AFT sessions on the router.
[Router] display aft session ipv4 verbose Initiator: Source IP/port: 20.1.1.1/11025 Destination IP/port: 10.1.1.1/21 DS-Lite tunnel peer: - VPN instance/VLAN ID/Inline ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet1/0/1 Responder: Source IP/port: 10.1.1.1/21 Destination IP/port: 20.1.1.1/11025 DS-Lite tunnel peer: - VPN instance/VLAN ID/Inline ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet1/0/2 State: TCP_ESTABLISHED Application: FTP Start time: 2014-03-13 09:07:30 TTL: 3577s Initiator->Responder: 3 packets 124 bytes Responder->Initiator: 2 packets 108 bytes Total sessions found: 1
# Display detailed information about IPv4 AFT sessions on the router.
[Router] display aft session ipv6 verbose Initiator: Source IP/port: 2012::1401:0101/1029 Destination IP/port: 2013::102/21 VPN instance/VLAN ID/Inline ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet1/0/1 Responder: Source IP/port: 2013::102/21 Destination IP/port: 2012::1401:0101/1029 VPN instance/VLAN ID/Inline ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet1/0/2 State: TCP_ESTABLISHED Application: FTP Start time: 2014-03-13 09:07:30 TTL: 3582s Initiator->Responder: 3 packets 184 bytes Responder->Initiator: 2 packets 148 bytes Total sessions found: 1