Pongthep Kulkrisada <ptkrisada%gmail.com@localhost> writes: > I'm running 5.1_STABLE and 6.0_RC2 on i386 from behind NAT. Is it > possible to get IPv6 for NetBSD behind NAT? I did much googling and > tried installing these apps, but they all do not work. Here are > details. I have used aiccu with sixxs. As far as I can tell, the server half (for which aiccu is the client) is not open source or available. > net/tspc - On NetBSD, only /dev/gif0 is capable to carry IPv6 packets > for direct internet connection. UDP encapsulation is normally carried > over /dev/tun0 through NAT gateway. But I tried configuring tun0 > interface in /usr/pkg/etc/tspc.conf. It still doesn't work as NetBSD > does not support UDP encapsulation. NetBSD has no kernel support for UDP encap. Forwarding v6 to tun0 and writing a program to take the datagrams from /dev and put them in UDP would not be hard. (aiccu does this, I'm 99.9% sure) > net/hp6to4 - It requires direct connection to the internet. It only > does mapping IPv4 to IPv6. It's not for machines behind NAT, whose IP > is masqueraded. That's basically right, but if you can set up your nat box to send v6 direct to the netbsd box, you may be able to get things to work (similarly for a regular gif tunnel). Still, 6to4 is deprecated. > net/miredo (teredo) - It is designed for machines behind NAT to get > IPv6 on NetBSD. But I have tried it many times. It still doesn't > work. AFAIK it was known to run on NetBSD-4 only. My biggest suggestion is to replace the NAT box with a small netbsd system, which can than do NAT for you and do v6 without nat. Failing that, you can set up NAT to send proto-41 to the netbsd system; the outer headers will get NATed but that should be ok. It should be possible to get miredo to work. But you'll have to dig in with tcpdump and debuggers, and have a remote server. I haven't tried this, because I have a fixed tunnel for home, and aiccu/sixxs on a notebook for mobile use. There is also 'rd', patches for which I am deliquent in reviewing and commiting, for a provider-centric 6to4 kind of scheme. But I think that's orthogonal to your issues.
Description: PGP signature