tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: stf, security and NAT traversal
On Sat, Jan 19, 2008 at 09:48:10PM +0100, Rodolphe De Saint Leger wrote:
> Hi,
>
> I've worked on a path for the stf interface to add more security and
> nat traversal fonctionnality.
>
> the new security features should have no visible impact, to activate
> nat traversal, configure your future 6to4 router as the dmz of your
> ipv4 network, and put the bit 49 of your prefix to 1.
>
> for example:
> ifconfig stf0 inet6 2002:5243:e682:c000::1 prefixlen 16
Rodolphe,
I looked at your patch this weekend, and I think that we should add
it to NetBSD except for the NAT traversal parts. The NAT traversal is
easily replicated using a packet filter. Also, it seems that the NAT
traversal feature is a candidate for re-use, even where 6to4 is not used;
for users' convenience, we could extract the NAT traversal feature into
a pseudo-interface for re-use, as somebody else suggested some time ago.
Dave
--
David Young OJC Technologies
dyoung%ojctech.com@localhost Urbana, IL * (217) 278-3933 ext 24
Home |
Main Index |
Thread Index |
Old Index