Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: stf(4) / 6to4 encapsulation behind (!) ipnat router / firewall

On Thu, May 29, 2008 at 09:27:52AM +0200, Markus W Kilbinger wrote:
> Hi!
> Is it possible to run a stf(4) interface behind a firewall (different
> machines)?
> Till now I'm running stf(4) / pkgsrc/net/hf6to4 on the same machine
> which is handling the internet connection (pppoe) itself.
> I'm considering to let the internet connection be handled by a
> separate router (fritz!box in my case), so the stf(4)-machine will no
> longer have direkt internet access.
> Now my/the question: Should a stf(4) interface still be functional if
> the corresponding ipv4 address is not directly available on the same
> host (now routed to the new / separate internet router)?

There were the patches Matthias referenced,
there's also some pf/ipf rules that can do the
job nicely.
contains these rules.

This, of course, assumes you can protocol forward on the

        Jonathan Kollasch

Attachment: pgpgPe2Fm_xT2.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index