Re: 6to4, stf and shoebox NAT routers

看板FB_hackers作者時間18年前 (2007/08/13 14:38), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/3 (看更多)
Hi, >>>>> On Fri, 03 Aug 2007 10:08:48 +0200 >>>>> Lapo Luchini <lapo@lapo.it> said: lapo> Hajimu UMEMOTO wrote: > I posted my proposed patch to current@ for review in the past. But, > no one responded. Could you test this? This is for 6-CURRENT at Feb 1. > If it doesn't apply cleanly, please let me know. lapo> It applied cleanly to 6.2-STABLE and seems to work perfectly... outbound lapo> at least. lapo> I have a box at home called cyberx which has static IPv4 but is NATted lapo> (and is thus using your patch). lapo> The other test box is a server called motoko which has static IPv4 lapo> assigned to one of his interfaces directly (no patches here). lapo> The wl500g router correctly forwards the protocol 41 packets to cyberx. lapo> Pinging from cyberx to motoko (and using tcpdump on both) I can see that: lapo> a. cyberx if producing correct IPv4 packets that are from his local lapo> NATted address to the real motoko address, but containing a IPv6 packet lapo> that contains the '2002:'-encoding of both real IPv4 addresses lapo> b. motoko is receiving the echo request correctly lapo> c. motoko is sending the echo reply correctly lapo> d. cyberx is receiving the echo reply encapsulated in IPv4 packets correctly lapo> e. cyberx's stf0 interface IS NOT RECEIVING his IPv6 echo reply lapo> f. the 'ping' command thinks that all packets are lost lapo> Does you patch address incoming packets too? Yes, it should address incoming packets. lapo> Can I do some ipfw magic to convince stf to receive also incoming lapo> packets with a mismatched IPv4-IPv6 address? No, you shouldn't need any ipfw magic. However, the NAT box have to forward the incomming tunneling packets to your stf box correctly. I guess you do so. How do you configure your stf interface? You need to assign a 6to4 address which is derived from the IPv4 global address assigned to the NAT box. And you need to set net.link.stf.no_addr4check to 1. Is it okay? sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
更多 ume. 的文章
文章代碼(AID): #16l_nh00 (FB_hackers)
更多 ume. 的文章
文章代碼(AID): #16l_nh00 (FB_hackers)