Re: stf, security and NAT traversal

Subject: Re: stf, security and NAT traversal
From: Ignatios Souvatzis <is%netbsd.org@localhost>
Date: Tue, 22 Jan 2008 17:26:31 +0100

On Sat, Jan 19, 2008 at 09:48:10PM +0100, Rodolphe De Saint Leger wrote:
> Hi,
> 
> I've worked on a path for the stf interface to add more security and
> nat traversal fonctionnality.

Now does NAT traversal provide more security? But anyway, for the
record:  a tunneling method for (single) machines behind NAT is
Teredo. An implementation available to NetBSD would be net/miredo
in pkgsrc.

> 
> the new security features should have no visible impact, to activate
> nat traversal, configure your future 6to4 router as the dmz of your
> ipv4 network, and put the bit 49 of your prefix to 1.

Hm, magic bits? Why not use an interface flag?

> for example:
> ifconfig stf0 inet6 2002:5243:e682:c000::1 prefixlen 16
> 
> it will activate this 6to4 prefix with nat traversal. To emit a
> packet, stf will search for the route to 82.67.230.130 and it will
> take the outgoing local address as the ipv4 6to4 source.

So you still need to know the external v4 address before configuration?

Regars
        -is

Follow-Ups:
- Re: stf, security and NAT traversal
  - From: Rodolphe De Saint Leger

References:
- stf, security and NAT traversal
  - From: Rodolphe De Saint Leger

Prev by Date: Re: stf, security and NAT traversal
Next by Date: Re: MPLS patches
Previous by Thread: Re: stf, security and NAT traversal
Next by Thread: Re: stf, security and NAT traversal
Indexes:

Home | Main Index | Thread Index | Old Index