From owner-freebsd-net@FreeBSD.ORG Thu May 6 00:01:05 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2266A16A4CE for ; Thu, 6 May 2004 00:01:05 -0700 (PDT) Received: from v6.hitachi.co.jp (galilei.v6.hitachi.co.jp [133.145.167.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 998FD43D1D for ; Thu, 6 May 2004 00:01:03 -0700 (PDT) (envelope-from suz@crl.hitachi.co.jp) Received: from s30.uki-uki.net (galilei.ebina.hitachi.co.jp [158.214.184.6]) by v6.hitachi.co.jp (8.12.11/8.11.6) with ESMTP id i46710iX090447; Thu, 6 May 2004 16:01:01 +0900 (JST) (envelope-from suz@crl.hitachi.co.jp) Date: Thu, 06 May 2004 16:00:42 +0900 Message-ID: From: SUZUKI Shinsuke To: Lukasz.Stelmach@telmark.waw.pl X-cite: xcite 1.33 In-Reply-To: <20040504181620.GB9699@tygrys.k.telmark.waw.pl> References: <20040504181620.GB9699@tygrys.k.telmark.waw.pl> User-Agent: User-Agent: Wanderlust/2.11.26 (Wonderwall) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Network Systems Research Dept., Central Research Laboratory, Hitachi, Ltd, Japan MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: if_stf bug/feature X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 May 2004 07:01:05 -0000 Hello, and Sorry for a delayed answer. >>>>> On Tue, 4 May 2004 20:16:20 +0200 >>>>> Lukasz.Stelmach@telmark.waw.pl(Lukasz Stelmach) said: > stf interface has one feature, very inconvinient for me. As far as i could > read the source it returns ENETDOWN if the inet4 address of the machine's > net interface (primary or the one would be used) does not match proper > part of stf's address. This is ok if one has public, routable ip4 address. > Since my machine is behind a firewall that forwards and nats all proto > 41 ip packets I'd rather stf didn't complain about it. > > Now what would you suggest? I may comment out the "if" in if_stf.c:348. > However this check should be done in general but there also should be > some at-runtime method to overide it (maybe sysctl > net.inet6.ip6.strictstfaddr?). 6to4 is not designed for a node with private IPv4 address, as is hexplicitly stated in section 2 of RFC3056. Suppose that a subscriber site has at least one valid, globally unique 32-bit IPv4 address, referred to in this document as V4ADDR. This address MUST be duly allocated to the site by an address registry (possibly via a service provider) and it MUST NOT be a private address [RFC 1918]. So my suggestion to tackle such situation in FreeBSD-4.x is either of the following two. - configure a static gif tunnel toward a site. Although it's a "static" tunnel, some site provides a tool to automatically configure gif tunnel even behind NAT (e.g. ports/net/freenet6) - enable 6to4 on your NAT-box and let it advertise an IPv6 prefix (if not possible, please ask the vendor to support such feature! :-)) Thanks, ---- SUZUKI, Shinsuke @ Hitachi / KAME Project