From owner-freebsd-net@FreeBSD.ORG Tue May 11 03:01:06 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F272216A4CE for ; Tue, 11 May 2004 03:01:05 -0700 (PDT) Received: from cheer.mahoroba.org (flets19-146.kamome.or.jp [218.45.19.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D77B43D31 for ; Tue, 11 May 2004 03:01:04 -0700 (PDT) (envelope-from ume@FreeBSD.org) Received: from localhost (IDENT:MBsLNkYsubKmJhyWBiA+jJq4IytPq2xq8AdX/Qp5AceZ/5mFs16oQ20utACZbF17@localhost [IPv6:::1]) (user=ume mech=CRAM-MD5 bits=0)i4B9xV2t044093 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 11 May 2004 18:59:36 +0900 (JST) (envelope-from ume@FreeBSD.org) Date: Tue, 11 May 2004 18:59:31 +0900 Message-ID: From: Hajimu UMEMOTO To: Lukasz Stelmach In-Reply-To: <20040506082113.GA15255@tygrys.k.telmark.waw.pl> References: <20040504181620.GB9699@tygrys.k.telmark.waw.pl> <20040506082113.GA15255@tygrys.k.telmark.waw.pl> User-Agent: xcite1.38> Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3 (i386--freebsd) MULE/5.0 (SAKAKI) X-Operating-System: FreeBSD 4.10-BETA MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: by amavisd-new X-Virus-Status: Clean X-Spam-Status: No, hits=-4.7 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on cheer.mahoroba.org cc: freebsd-net@freebsd.org cc: SUZUKI Shinsuke Subject: Re: if_stf bug/feature X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 May 2004 10:01:06 -0000 Hi, >>>>> On Thu, 6 May 2004 10:21:13 +0200 >>>>> Lukasz Stelmach said: Lukasz> Well i *have*got* one v4ADDR that is assigned to my nat/router-box. I Lukasz> have also configured that it should pass all packets that are not part Lukasz> of some known connections (from M1 M2 .. Mn) (including but not limited Lukasz> to proto 41) to one specified machine (name it TIGGER) that acts as the Lukasz> end of 6to4 tunnel for all other computers in the LAN. Now, for i Lukasz> controll both the nat and TIGGER i can do such manglig without any Lukasz> harm. Let's say taht to the rest of the world the nat+TIGGER act like Lukasz> a single machine. Yes, current if_stf is too restrictive against NAT, and skipping certain checks enablea us to use 6to4 even behind NAT. I believe it doesn't break RFC3056. Once, I made a patch to do so for a friend of mine. But, it was based on old source and somewhat redundant. I've just made a patch against recent 5-CURRENT. But, I've not estimated if there are side effects. I don't have testing environment for 6to4, now. Could you test it? Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/