Subject: Re: GIF-Tunnel through IPfilter NAT?
To: Hubert Feyrer <email@example.com>
From: None <firstname.lastname@example.org>
Date: 02/11/2000 13:28:04
>I wonder if I IPfilter will let through IPv6-in-IPv4 pkgs when configured
>to NAT? I'd love to get a IPv6 tunnel to my home, but my NATing router
>still runs NetBSD 1.4.2, and I can't upgrade.
>I wonder if I would need any special IPfilter setup, or if this just
So your setting is like this, and you have only one global IPv4
address for IPfilter box?
| global addr (y.y.y.y)
| global addr (x.x.x.x)
==+== private address cloud
| private addr (z.z.z.z)
on upstream: gifconfig gif0 y.y.y.y x.x.x.x
on downstream: gifconfig gif0 z.z.z.z y.y.y.y
on NAT: for inbound, pass IP protocol # 41 to z.z.z.z, if it is
from y.y.y.y to x.x.x.x (rewrite dst).
for outbound, pass IP protoco # 41 from z.z.z.z to y.y.y.y,
after rewriting source to x.x.x.x.
I'm not quite sure if it works or not.
I really recommend you to upgrade NAT box to 1.5, to avoid any packet
modification by IPfilter. If you have NAT between IPv6 tunnel routers,
you can't really be sure about how the packet will be modified.