Date: Mon, 06 Aug 2007 02:22:50 +0900 From: Hajimu UMEMOTO <ume@freebsd.org> To: Lapo Luchini <lapo@lapo.it> Cc: freebsd-hackers@freebsd.org Subject: Re: 6to4, stf and shoebox NAT routers Message-ID: <yge643thp5h.wl%ume@mahoroba.org> In-Reply-To: <f8unqh$ebk$1@sea.gmane.org> References: <4232198F.5030705@kfu.com> <yge3bv16a9e.wl%ume@mahoroba.org> <f8unqh$ebk$1@sea.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
>>>>> On Fri, 03 Aug 2007 10:08:48 +0200
>>>>> Lapo Luchini <lapo@lapo.it> said:
lapo> Hajimu UMEMOTO wrote:
> I posted my proposed patch to current@ for review in the past. But,
> no one responded. Could you test this? This is for 6-CURRENT at Feb 1.
> If it doesn't apply cleanly, please let me know.
lapo> It applied cleanly to 6.2-STABLE and seems to work perfectly... outbound
lapo> at least.
lapo> I have a box at home called cyberx which has static IPv4 but is NATted
lapo> (and is thus using your patch).
lapo> The other test box is a server called motoko which has static IPv4
lapo> assigned to one of his interfaces directly (no patches here).
lapo> The wl500g router correctly forwards the protocol 41 packets to cyberx.
lapo> Pinging from cyberx to motoko (and using tcpdump on both) I can see that:
lapo> a. cyberx if producing correct IPv4 packets that are from his local
lapo> NATted address to the real motoko address, but containing a IPv6 packet
lapo> that contains the '2002:'-encoding of both real IPv4 addresses
lapo> b. motoko is receiving the echo request correctly
lapo> c. motoko is sending the echo reply correctly
lapo> d. cyberx is receiving the echo reply encapsulated in IPv4 packets correctly
lapo> e. cyberx's stf0 interface IS NOT RECEIVING his IPv6 echo reply
lapo> f. the 'ping' command thinks that all packets are lost
lapo> Does you patch address incoming packets too?
Yes, it should address incoming packets.
lapo> Can I do some ipfw magic to convince stf to receive also incoming
lapo> packets with a mismatched IPv4-IPv6 address?
No, you shouldn't need any ipfw magic. However, the NAT box have to
forward the incomming tunneling packets to your stf box correctly. I
guess you do so.
How do you configure your stf interface? You need to assign a 6to4
address which is derived from the IPv4 global address assigned to the
NAT box.
And you need to set net.link.stf.no_addr4check to 1.
Is it okay?
sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?yge643thp5h.wl%ume>