From owner-freebsd-net@FreeBSD.ORG Fri Oct 19 16:06:30 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 364AA16A420 for ; Fri, 19 Oct 2007 16:06:28 +0000 (UTC) (envelope-from fbsdlists@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.240]) by mx1.freebsd.org (Postfix) with ESMTP id E690913C4B7 for ; Fri, 19 Oct 2007 16:06:26 +0000 (UTC) (envelope-from fbsdlists@gmail.com) Received: by an-out-0708.google.com with SMTP id c24so97422ana for ; Fri, 19 Oct 2007 09:06:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=0NXcH7Qxr1THlEQaYn8FdV9JdFxvdHB73BJRM4QQA/A=; b=m5YQSR6Qs2toZaPd450+RaSGaqC0deBUw6nwWJeoQGL2Oo++RE4xmLmcXe9+sv08TSxucY1gPrQRa0QAcGmgDmxBSaD09fSmySShEuacpkrd8/eDSctkUhv4i9OzJJVypc3P4OvSorbY3etQ62aUVFrJGmK687a/GtDIRslKs8I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=qyHryiF9MuJ7vaLsxp1DAcYRPM3Vst8GvrQT4KLeCu68ySnvUPaAq2mpreILKYVcQgWE4HIeqad3LKXssXFj/YDqJTxnBeZt3+dHKiyWgEv3FY0NWdTI5UEJ/P+l6M1x5FjKTwgbru4daJGPxTBUoVbNrjTl/ILFuKD9NkPT/B4= Received: by 10.142.187.2 with SMTP id k2mr705161wff.1192808469173; Fri, 19 Oct 2007 08:41:09 -0700 (PDT) Received: by 10.142.12.14 with HTTP; Fri, 19 Oct 2007 08:41:09 -0700 (PDT) Message-ID: <54db43990710190841vfc02cxdb60e822dd9f4bdb@mail.gmail.com> Date: Fri, 19 Oct 2007 11:41:09 -0400 From: "Bob Johnson" To: "Marc G. Fournier" In-Reply-To: <6C9CF4C3635197B3CBED0D78@ganymede.hub.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <6C9CF4C3635197B3CBED0D78@ganymede.hub.org> Cc: freebsd-net@freebsd.org Subject: Re: IPv6 <-> NAT <-> IPv4 ... possible? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Oct 2007 16:06:30 -0000 On 10/19/07, Marc G. Fournier wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Could I hide an IPv6 network behind NAT? I don't know if that is even > possible Yes, it is possible. The designers of IPv6 allowed for that configuration as it was expected to be a common one during the transition from IPv4 to IPv6 (i.e. you start using IPv6 but your network is connected to the IPv4 Internet). Although what you end up with might not be exactly what you have in mind: IPv6 can automatically tunnel through an IPv4 NAT, so using that is probably the easiest configuration. In that case, the firewall features of your NAT box (if any) would do nothing for your IPv6 systems - unless it supports IPv6 firewalling as well. In principle at least, with not much effort (heh) your IPv6 boxes could all have public IPv6 addresses even though they are behind your IPv4 NAT box. The other approach would be to have an IPv6 to IPv4 gateway behind your NAT box (or it would actually be your NAT box). > ... the IPv6 IPs would be private (equiv to 192.168.x.x) ... basically, none > of > the hosts behind NAT need a public IP, *but* I may end up with more then 256 > hosts, so was wondering if using IPv6 behind the NAT would be 'simplier' ... It probably will not be "simpler". It will have a fairly steep learning curve, while using IPv4 NAT with more than 256 hosts should be no problem unless your NAT box is artificially limited to that number. E.g. you can have 65K hosts behind your NAT by using 192.168.0.0/16 as your network instead of the common 192.168.0.x/24. If you are using an of-the-shelf home router/firewall, you are probably limited to 253 hosts, but if you are using a FreeBSD box to do NAT, you should be able to have as many hosts has you wish behind it on IPv4. > > If possible, pointers to docs to read would be appreciated ... I wish I had them. You just learned most of what I know about IPv6, but I'm working on improving that. - Bob