Date: Tue, 11 May 2004 18:59:31 +0900 From: Hajimu UMEMOTO <ume@FreeBSD.org> To: Lukasz Stelmach <Lukasz.Stelmach@telmark.waw.pl> Cc: SUZUKI Shinsuke <suz@crl.hitachi.co.jp> Subject: Re: if_stf bug/feature Message-ID: <ygeisf3thbw.wl%ume@FreeBSD.org> In-Reply-To: <20040506082113.GA15255@tygrys.k.telmark.waw.pl> References: <20040504181620.GB9699@tygrys.k.telmark.waw.pl> <x7k6zq11lx.wl%suz@crl.hitachi.co.jp> <20040506082113.GA15255@tygrys.k.telmark.waw.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
>>>>> On Thu, 6 May 2004 10:21:13 +0200
>>>>> Lukasz Stelmach <Lukasz.Stelmach@telmark.waw.pl> said:
Lukasz> Well i *have*got* one v4ADDR that is assigned to my nat/router-box. I
Lukasz> have also configured that it should pass all packets that are not part
Lukasz> of some known connections (from M1 M2 .. Mn) (including but not limited
Lukasz> to proto 41) to one specified machine (name it TIGGER) that acts as the
Lukasz> end of 6to4 tunnel for all other computers in the LAN. Now, for i
Lukasz> controll both the nat and TIGGER i can do such manglig without any
Lukasz> harm. Let's say taht to the rest of the world the nat+TIGGER act like
Lukasz> a single machine.
Yes, current if_stf is too restrictive against NAT, and skipping
certain checks enablea us to use 6to4 even behind NAT. I believe it
doesn't break RFC3056.
Once, I made a patch to do so for a friend of mine. But, it was based
on old source and somewhat redundant. I've just made a patch against
recent 5-CURRENT. But, I've not estimated if there are side effects.
I don't have testing environment for 6to4, now. Could you test it?
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ygeisf3thbw.wl%ume>