Any way to "bridge" only IPv6 packets?

To: current-users <current-users%netbsd.org@localhost>
Subject: Any way to "bridge" only IPv6 packets?
From: Dave Huang <khym%azeotrope.org@localhost>
Date: Fri, 8 Aug 2014 19:49:28 -0500

I have internet service from AT&T U-verse, which requires me to use their DSL 
modem/router/etc... box. Unfortunately, it has pretty crappy firmware. Things 
were OK before AT&T decided to get into IPv6--I have a NetBSD box acting as a 
NAT, firewall, and VPN tunnel endpoint, and I simply added 6in4 tunnel to its 
duties. Then AT&T started adding their own IPv6 support, which was fine at 
first--they deployed a 6rd relay, so I switched from 6in4 to tunnelbroker.net 
to 6rd, and performance actually improved. But then they pushed a firmware 
update to the DSL router that broke 6in4 and 6rd tunnels (and AFAICT, pretty 
much all forms of IPv6 tunneling, with the possible exception of Teredo, which 
I didn't try), so I was left without IPv6. And recently, they pushed another 
firmware update, which allows the DSL router to be a 6rd endpoint, and it 
distributes IPv6 addresses via SLAAC. Sounds promising--if I just wanted to use 
their router, everything would work. However, I still want to use my NetBSD box 
for IPv4 traffic, since their router won't do a lot of the things I want. 
Apparently, they plan on adding DHCP-PD support, which would let my NetBSD box 
get a /64 out of the /60 I have and distribute that on the LAN. However, that's 
not supported yet--only the router they supply for their higher-end offerings 
currently supports DHCP-PD; mine has a "DHCPv6 Enabled" setting in its 
configuration, but it's grayed out and I can't enable it.

So, assuming my network is connected as:

( LAN devices ) ---- [ NetBSD box ] ---- [ AT&T router ] --- ( Internet )

is there any way to have the NetBSD box do its current 
NAT/IPsec/firewall/etc... for IPv4 traffic, but transparently pass IPv6 packets 
between its two interfaces? E.g., router solicitation packets from the LAN 
devices would be sent unmodified to the AT&T router, router advertisements from 
the router would be sent unmodified to the LAN, etc... I don't think bridge(4) 
is what I want, since if I bridge the two interfaces on the NetBSD box, I won't 
be able to have it NAT IPv4, right?

-- 
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym%azeotrope.org@localhost |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 38 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++

Follow-Ups:
- Re: Any way to "bridge" only IPv6 packets?
  - From: Brian Buhrow

Prev by Date: Re: Branching delayed (was Re: Preparation for creating netbsd-7 branch)
Next by Date: Re: Any way to "bridge" only IPv6 packets?
Previous by Thread: daily CVS update output
Next by Thread: Re: Any way to "bridge" only IPv6 packets?
Indexes:

Home | Main Index | Thread Index | Old Index