Communication of a lwB4 network fuction with a remote lwAFTR over Internet

b4-to-aftr-over-inet.sh

#/usr/bin/env bash

set -x

# This script implements a lwB4 network function insolated into its own network namespace. Once running any IPv4 network command
# will get forwarded to a remote lwAFTR over the Internet. Communication with the lwAFTR is meant to happen via an IPv6 tunnel
# broker (such as Hurricane Electric) which should be already up and running.

# Author: Diego Pino Garca <[email protected]>
# Based on https://marcelwiget.wordpress.com/2015/11/30/lightweight-4over6-b4-client-in-linux-namespace/

# Go to http://simpledns.com/private-ipv6.aspx
# get the Combined/CID value
# The page gives a different one on each refresh
# Use:
#    IPHT="Combined::1"
#    IPNS="Combined::2"
#    CID=CID

IPHT="fd24:f64b:aca9:e498::1"
IPNS="fd24:f64b:aca9:e498::2"
CID=64
IFHT="veth9"
IFNS="vpeer9"
IFHE="sit1"
NS="ns-b4"

# Matched softwire is: {ipv4-address: 192.0.2.1, psid: 1, ipv6-address: <destination address of the tunnel broker>}

AFTR_IPV6="2001:DB8::0001"
IP="192.0.2.1"
PORTRANGE="4096-8191"

# Reset everything
ip li del dev "${IFHT}" &>/dev/null
ip netns del "${NS}" &> /dev/null

# Create a network namespace and enable loopback on it
ip netns add "${NS}"
ip netns exec "${NS}" ip li set dev lo up

# Create the veth pair and move one of the ends to the NS.
ip li add name "${IFHT}" type veth peer name "${IFNS}"
ip li set dev "${IFNS}" netns "${NS}"

# Configure interface ${IFHT} on the host
ip -6 addr add "${IPHT}/${CID}" dev "${IFHT}"
ip li set dev "${IFHT}" up

# Configure interface ${IFNS} on the network namespace.
ip netns exec "${NS}" ip -6 addr add "${IPNS}/${CID}" dev "${IFNS}"
ip netns exec "${NS}" ip li set dev "${IFNS}" up
# Create IPv4-in-IPv6 tunnel.
ip netns exec "${NS}" ip -6 tunnel add b4tun mode ipip6 local "${IPNS}" remote "${IPHT}" dev "${IFNS}"
ip netns exec "${NS}" ip addr add 10.0.0.1 dev b4tun
ip netns exec "${NS}" ip link set dev b4tun up
# All IPv4 packets go through the tunnel.
ip netns exec "${NS}" ip route add default dev b4tun
# Make ${IFNS} the default gw.
ip netns exec "${NS}" ip -6 route add default dev "${IFNS}"

# Adjust MTU size.
ip netns exec "${NS}" ip li set mtu 1252 dev b4tun
ip netns exec "${NS}" ip li set mtu 1300 dev vpeer9

# NAT44.
ip netns exec "${NS}" iptables -t nat --flush
ip netns exec "${NS}" iptables -t nat -A POSTROUTING -p tcp  -o b4tun -j SNAT --to $IP:$PORTRANGE
ip netns exec "${NS}" iptables -t nat -A POSTROUTING -p udp  -o b4tun -j SNAT --to $IP:$PORTRANGE
ip netns exec "${NS}" iptables -t nat -A POSTROUTING -p icmp -o b4tun -j SNAT --to $IP:$PORTRANGE

# Enable forwarding and IPv6 NAT
sysctl -w net.ipv6.conf.all.forwarding=1
ip6tables -t nat --flush
# Packets coming into the veth pair in the host side, change their destination address to AFTR.
ip6tables -t nat -A PREROUTING  -i "${IFHT}" -j DNAT --to-destination "${AFTR_IPV6}"
# Outgoing packets change their source address to HE Client address (B4 address).
ip6tables -t nat -A POSTROUTING -o "${IFHE}" -j MASQUERADE

# Get into NS.
bash=/run/current-system/sw/bin/bash
ip netns exec ${NS} ${bash} --rcfile <(echo "PS1=\"${NS}> \"")

Hallo,
I am trying to build a Lw4o6 test-bed for this VMware workstation Test-environment.
How can I adjust your script to make it work in my case?
All machines are CentOS-7.
I am trying now to build the LwB4 first, the LwAFTR is another battle for later :)
I attach below my topology: _

I'm not familiar with VMWare workstations. I recall testing this script on real hardware. Probably you will need to adjust the NIC values. I'd suggest you running tcpdump on the lwB4 machine and checking first it's receiving IPv4 packets (ens34 NIC) from the IPv4 client and they got encapsulated as IPv6 packets on the ens35 NIC.