From owner-freebsd-hackers@FreeBSD.ORG Sat Mar 12 07:27:00 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B184216A4CE for ; Sat, 12 Mar 2005 07:27:00 +0000 (GMT) Received: from quack.kfu.com (quack.kfu.com [64.168.71.209]) by mx1.FreeBSD.org (Postfix) with ESMTP id E51FF43D1D for ; Sat, 12 Mar 2005 07:26:59 +0000 (GMT) (envelope-from nsayer@kfu.com) Received: from [IPv6:2002:40a8:47d1:1:206:25ff:fe3d:aa11] (minerva.kfu.com [IPv6:2002:40a8:47d1:1:206:25ff:fe3d:aa11]) (authenticated bits=0) by quack.kfu.com (8.12.10/8.12.10) with ESMTP id j2C7Q1d8001325 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO) for ; Fri, 11 Mar 2005 23:26:02 -0800 (PST) (envelope-from nsayer@kfu.com) X-Message-Flag: Why aren't you using a Macintosh yet? In-Reply-To: <42323A0D.8060501@kfu.com> References: <4232198F.5030705@kfu.com> <42323A0D.8060501@kfu.com> Mime-Version: 1.0 (Apple Message framework v619.2) Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-5--838892915; protocol="application/pkcs7-signature" Message-Id: <831b85e9533de2bb477712153a9eb99a@kfu.com> From: Nick Sayer Date: Fri, 11 Mar 2005 23:24:52 -0800 To: freebsd-hackers@freebsd.org X-Mailer: Apple Mail (2.619.2) X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Re: 6to4, stf and shoebox NAT routers X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Mar 2005 07:27:00 -0000 --Apple-Mail-5--838892915 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed Well, I'm screwed. I set up the Linksys router so that the FreeBSD machine is the "DMZ" host on the inside. Sending 6to4 to the router's outside address results in tcpdump showing these on the inside: 22:09:36.138924 [linksys mac address] > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has [linksys outside ip] tell [linksys inside ip] Which, quite frankly, is laughable. If that weren't enough, the packets come out of the linksys router with the source IP address being from the inside (meaning, it didn't get NATted). Humph. So it appears that for now, I will have to keep a 2nd interface active on this box solely for the purpose of doing IPv6. What a nightmare. On Mar 11, 2005, at 4:38 PM, Nick Sayer wrote: > Hajimu UMEMOTO wrote: > >> I posted my proposed patch to current@ for review in the past. But, >> no one responded. Could you test this? This is for 6-CURRENT at Feb >> 1. >> If it doesn't apply cleanly, please let me know. >> > Domo arigato gozaimasu! > > It had fuzz when applied to 5.3-RELEASE, but it did apply. > > I am at work, behind the wrong firewall, so I cannot test this > completely, but with your patch applied and turned on, I can see that > configuring my machine (which lives in 172.16 space) with a "foreign" > 6to4 prefix on stf0 results in ping6 packets being transmitted > correctly (tcpdump shows a correct ipv6 packet and shows an ipv4 > header with the packet being from my 172.16 machine and going to the > correct destination). I have high hopes that the return side will work > when it's deployed for real. > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to > "freebsd-hackers-unsubscribe@freebsd.org" --Apple-Mail-5--838892915--