[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
stf(4) / 6to4 encapsulation behind (!) ipnat router / firewall
Is it possible to run a stf(4) interface behind a firewall (different
Till now I'm running stf(4) / pkgsrc/net/hf6to4 on the same machine
which is handling the internet connection (pppoe) itself.
I'm considering to let the internet connection be handled by a
separate router (fritz!box in my case), so the stf(4)-machine will no
longer have direkt internet access.
Now my/the question: Should a stf(4) interface still be functional if
the corresponding ipv4 address is not directly available on the same
host (now routed to the new / separate internet router)?
I tried to set up such a config.:
ifconfig stf0 inet6 2002:xxxx:xxxx:1::1 prefixlen 16 alias
route add -inet6 default 2002:c058:6301::
, where 'xxxx:xxxx' is the external ipv4 address of the separate
ipv4 ping works flawlessly:
# ping www.netbsd.org
PING www.netbsd.org (220.127.116.11): 56 data bytes
64 bytes from 18.104.22.168: icmp_seq=0 ttl=244 time=177.768 ms
but ipv6's does not:
# ping6 www.netbsd.org
PING6(56=40+8+8 bytes) 2002:xxxx:xxxx:1::1 --> 2001:4f8:4:7:2e0:81ff:fe52:9a6b
ping6: sendmsg: Network is down
ping6: wrote www.netbsd.org 16 chars, ret=-1
So, these packets are not even tried to be sent via stf0.
-> Is this a (wanted) limitation of stf(4) implementation?
Did I miss something in this config.?
Any other (easy) way to get ipv6 connectivity behind an ipv4
router / firewall?
Main Index |
Thread Index |