Date: Thu, 06 May 2004 16:00:42 +0900 From: SUZUKI Shinsuke <suz@crl.hitachi.co.jp> To: Lukasz.Stelmach@telmark.waw.pl Cc: freebsd-net@freebsd.org Subject: Re: if_stf bug/feature Message-ID: <x7k6zq11lx.wl%suz@crl.hitachi.co.jp> In-Reply-To: <20040504181620.GB9699@tygrys.k.telmark.waw.pl> References: <20040504181620.GB9699@tygrys.k.telmark.waw.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, and Sorry for a delayed answer.
>>>>> On Tue, 4 May 2004 20:16:20 +0200
>>>>> Lukasz.Stelmach@telmark.waw.pl(Lukasz Stelmach) said:
> stf interface has one feature, very inconvinient for me. As far as i could
> read the source it returns ENETDOWN if the inet4 address of the machine's
> net interface (primary or the one would be used) does not match proper
> part of stf's address. This is ok if one has public, routable ip4 address.
> Since my machine is behind a firewall that forwards and nats all proto
> 41 ip packets I'd rather stf didn't complain about it.
>
> Now what would you suggest? I may comment out the "if" in if_stf.c:348.
> However this check should be done in general but there also should be
> some at-runtime method to overide it (maybe sysctl
> net.inet6.ip6.strictstfaddr?).
6to4 is not designed for a node with private IPv4 address, as is
hexplicitly stated in section 2 of RFC3056.
Suppose that a subscriber site has at least one valid, globally
unique 32-bit IPv4 address, referred to in this document as V4ADDR.
This address MUST be duly allocated to the site by an address
registry (possibly via a service provider) and it MUST NOT be a
private address [RFC 1918].
So my suggestion to tackle such situation in FreeBSD-4.x is either of
the following two.
- configure a static gif tunnel toward a site.
Although it's a "static" tunnel, some site provides a tool
to automatically configure gif tunnel even behind NAT
(e.g. ports/net/freenet6)
- enable 6to4 on your NAT-box and let it advertise an IPv6
prefix (if not possible, please ask the vendor to support
such feature! :-))
Thanks,
----
SUZUKI, Shinsuke @ Hitachi / KAME Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?x7k6zq11lx.wl%suz>