6to4, stf and shoebox NAT routers
Hajimu UMEMOTO
ume at freebsd.org
Sun Aug 5 10:23:10 PDT 2007
Hi,
>>>>> On Fri, 03 Aug 2007 10:08:48 +0200
>>>>> Lapo Luchini <lapo at lapo.it> said:
lapo> Hajimu UMEMOTO wrote:
> I posted my proposed patch to current@ for review in the past. But,
> no one responded. Could you test this? This is for 6-CURRENT at Feb 1.
> If it doesn't apply cleanly, please let me know.
lapo> It applied cleanly to 6.2-STABLE and seems to work perfectly... outbound
lapo> at least.
lapo> I have a box at home called cyberx which has static IPv4 but is NATted
lapo> (and is thus using your patch).
lapo> The other test box is a server called motoko which has static IPv4
lapo> assigned to one of his interfaces directly (no patches here).
lapo> The wl500g router correctly forwards the protocol 41 packets to cyberx.
lapo> Pinging from cyberx to motoko (and using tcpdump on both) I can see that:
lapo> a. cyberx if producing correct IPv4 packets that are from his local
lapo> NATted address to the real motoko address, but containing a IPv6 packet
lapo> that contains the '2002:'-encoding of both real IPv4 addresses
lapo> b. motoko is receiving the echo request correctly
lapo> c. motoko is sending the echo reply correctly
lapo> d. cyberx is receiving the echo reply encapsulated in IPv4 packets correctly
lapo> e. cyberx's stf0 interface IS NOT RECEIVING his IPv6 echo reply
lapo> f. the 'ping' command thinks that all packets are lost
lapo> Does you patch address incoming packets too?
Yes, it should address incoming packets.
lapo> Can I do some ipfw magic to convince stf to receive also incoming
lapo> packets with a mismatched IPv4-IPv6 address?
No, you shouldn't need any ipfw magic. However, the NAT box have to
forward the incomming tunneling packets to your stf box correctly. I
guess you do so.
How do you configure your stf interface? You need to assign a 6to4
address which is derived from the IPv4 global address assigned to the
NAT box.
And you need to set net.link.stf.no_addr4check to 1.
Is it okay?
sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume at mahoroba.org ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
More information about the freebsd-hackers
mailing list