From owner-freebsd-hackers@FreeBSD.ORG Wed Aug 29 18:37:39 2007 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FC7716A421 for ; Wed, 29 Aug 2007 18:37:39 +0000 (UTC) (envelope-from freebsd-hackers@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id B8CE313C494 for ; Wed, 29 Aug 2007 18:37:38 +0000 (UTC) (envelope-from freebsd-hackers@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1IQSPx-0003Io-7K for freebsd-hackers@freebsd.org; Wed, 29 Aug 2007 20:37:29 +0200 Received: from host71-40-static.74-81-b.business.telecomitalia.it ([81.74.40.71]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 29 Aug 2007 20:37:29 +0200 Received: from lapo by host71-40-static.74-81-b.business.telecomitalia.it with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 29 Aug 2007 20:37:29 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-hackers@freebsd.org From: Lapo Luchini Date: Wed, 29 Aug 2007 20:37:10 +0200 Lines: 34 Message-ID: References: <4232198F.5030705@kfu.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: host71-40-static.74-81-b.business.telecomitalia.it User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.13) Gecko/20070809 Thunderbird/1.5.0.13 Mnenhy/0.7.4.0 In-Reply-To: X-Enigmail-Version: 0.94.1.2 OpenPGP: id=C8F252FB; url=http://www.lapo.it/pgpkey.txt Sender: news Subject: Re: 6to4, stf and shoebox NAT routers X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Aug 2007 18:37:39 -0000 Hajimu UMEMOTO wrote: > lapo> Does you patch address incoming packets too? > > Yes, it should address incoming packets. > [...] > How do you configure your stf interface? You need to assign a 6to4 > address which is derived from the IPv4 global address assigned to the > NAT box. > And you need to set net.link.stf.no_addr4check to 1. > Is it okay? I had prepared a beautiful and very long explanation of the test I did. But just a few seconds before hitting the "send" button I decided to cross-check the "sysctl net.inet6.ip6" on the two boxes and have noticed I have ipfw active in the natted one.... Sometimes, when doing "strange" things such as patching the kernel and using tunneled IPv6 behind a NAT... one can easily forget to check more MUNDANE & EASY reasons for things, such as tcpdump shows the incoming packet BEFORE ipfw happily THROWS THEM AWAY for long-forgotten rules that someday I did myself write and didn't include protocol 41. Lesson taken. Oh well, at least the problem is solved, and I'm back and running on the IPv6 ;-) I hope your patch is accepted upstream, because in these times of IPv4 scarcity NAT-ted boxes will be more and more common and unfortunately not every NAT knows about IPv6, and even if it does, like mine do, it may only support normal tunnels and not 6to4 configuration, and even a NAT-ted FreeBSD box can come to the rescue ;-) Lapo