NAT64 handoff server

This is an open source implementation of the server side of the NAT64 handoff protocol.

By running this server on the host where you are hosting services reachable over IPv4 you get a couple of advantages when your services are accessed by clients using a NAT64 which implements the NAT64 handoff extension. Clients connecting to your server through any other means will be unaffected by the NAT64 handoff server, and such clients will continue communicating with your services as usual.


The NAT64 handoff server will log each connection tracking entry being created as well as each connection tracking entry being deleted to make room for new entries. Here is an extract showing what that log could look like:

2019-03-18 10:06:28.436754 Initialized
2019-03-18 10:06:28.491727 Created [2001:db8::17]:53186
2019-03-18 10:07:07.333900 Created [2001:db8::3]:53716
2019-03-18 11:41:06.362189 Created [2001:db8::5]:41660
2019-03-18 15:22:02.062254 Deleted [2001:db8::75]:33131
2019-03-18 15:22:02.062478 Created [2001:db8::55]:34643

In the above example we see a NAT64 with IP address establishing a connection to the server and that three connections are then established through that NAT64 from three different IPv6 addresses. Later we see two log entries when a connection from a NAT64 with IP address is deleted to make room for a new connection through the same NAT64 from a different IPv6 address. The deleted connection tracking entry in above example was created on an earlier date and may have been unused for a long time by the time it was eventually deleted.

More reliable service

When the NAT64 handoff protocol is not being used all of the clients using the same NAT will be sharing connection table space on that NAT. This means there will be a limit on how long a connection can be idle before the NAT will have to discard the connection tracking entry to make room for a new entry.

When you install this NAT64 handoff server it will take over responsibility for the connection tracking. It will create a connection table with room for 64508 entries which are dedicated to connections between that NAT64 and your server. The clients will no longer have to share table space with clients of other services.

As an added benefit connections persist even when the NAT64 is rebooted. As this server holds the authoritative connection table and the NAT64 only keeps a cache of recently active connections it can receive other connections from the server after the NAT64 has been rebooted.


In order to install the NAT64 handoff server you can type these commands:

  hg clone
  cd nat64handoff
  sudo ./

This will create a user named nat64ho and download the server to that users home directory. It will create a systemd service to run this server as the nat64ho user. And it will install the latest updates for the server each time it is restarted. Logs will be in /home/nat64ho/logs.

This server is tested on Ubuntu LTS 18.04. The server works on older Ubuntu versions as well but requires manual install as requires at least 18.04. The server is written in Python 3 code and should be reasonably portable across other operating systems. I am happy to accept pull requests to improve portability, packaging, or any other aspect of the server.