Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

stf(4) / 6to4 encapsulation behind (!) ipnat router / firewall


Is it possible to run a stf(4) interface behind a firewall (different

Till now I'm running stf(4) / pkgsrc/net/hf6to4 on the same machine
which is handling the internet connection (pppoe) itself.

I'm considering to let the internet connection be handled by a
separate router (fritz!box in my case), so the stf(4)-machine will no
longer have direkt internet access.

Now my/the question: Should a stf(4) interface still be functional if
the corresponding ipv4 address is not directly available on the same
host (now routed to the new / separate internet router)?

I tried to set up such a config.:

  ifconfig stf0 inet6 2002:xxxx:xxxx:1::1 prefixlen 16 alias
  route add -inet6 default 2002:c058:6301::

, where 'xxxx:xxxx' is the external ipv4 address of the separate

ipv4 ping works flawlessly:

  # ping                       
  PING ( 56 data bytes
  64 bytes from icmp_seq=0 ttl=244 time=177.768 ms

but ipv6's does not:

  # ping6
  PING6(56=40+8+8 bytes) 2002:xxxx:xxxx:1::1 --> 2001:4f8:4:7:2e0:81ff:fe52:9a6b
  ping6: sendmsg: Network is down
  ping6: wrote 16 chars, ret=-1

So, these packets are not even tried to be sent via stf0.

-> Is this a (wanted) limitation of stf(4) implementation?

   Did I miss something in this config.?

   Any other (easy) way to get ipv6 connectivity behind an ipv4
   router / firewall?



Home | Main Index | Thread Index | Old Index