NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPv6 for machines behind NAT

Pongthep Kulkrisada <> writes:

> I'm running 5.1_STABLE and 6.0_RC2 on i386 from behind NAT.  Is it
> possible to get IPv6 for NetBSD behind NAT?  I did much googling and
> tried installing these apps, but they all do not work.  Here are
> details.

I have used aiccu with sixxs.  As far as I can tell, the server half
(for which aiccu is the client) is not open source or available.

> net/tspc - On NetBSD, only /dev/gif0 is capable to carry IPv6 packets
> for direct internet connection. UDP encapsulation is normally carried
> over /dev/tun0 through NAT gateway. But I tried configuring tun0
> interface in /usr/pkg/etc/tspc.conf. It still doesn't work as NetBSD
> does not support UDP encapsulation.

NetBSD has no kernel support for UDP encap.  Forwarding v6 to tun0 and
writing a program to take the datagrams from /dev and put them in UDP
would not be hard.   (aiccu does this, I'm 99.9% sure)

> net/hp6to4 - It requires direct connection to the internet. It only
> does mapping IPv4 to IPv6. It's not for machines behind NAT, whose IP
> is masqueraded.

That's basically right, but if you can set up your nat box to send v6
direct to the netbsd box, you may be able to get things to work
(similarly for a regular gif tunnel).  Still, 6to4 is deprecated.

> net/miredo (teredo) - It is designed for machines behind NAT to get
> IPv6 on NetBSD. But I have tried it many times. It still doesn't
> work. AFAIK it was known to run on NetBSD-4 only.

My biggest suggestion is to replace the NAT box with a small netbsd
system, which can than do NAT for you and do v6 without nat.  Failing
that, you can set up NAT to send proto-41 to the netbsd system; the
outer headers will get NATed but that should be ok.

It should be possible to get miredo to work.  But you'll have to dig in
with tcpdump and debuggers, and have a remote server.  I haven't tried
this, because I have a fixed tunnel for home, and aiccu/sixxs on a
notebook for mobile use.

There is also 'rd', patches for which I am deliquent in reviewing and
commiting, for a provider-centric 6to4 kind of scheme.  But I think
that's orthogonal to your issues.

Attachment: pgpdp7F1rjgDG.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index