[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: stf, security and NAT traversal
- Subject: Re: stf, security and NAT traversal
- From: Ignatios Souvatzis <is%netbsd.org@localhost>
- Date: Tue, 22 Jan 2008 17:26:31 +0100
On Sat, Jan 19, 2008 at 09:48:10PM +0100, Rodolphe De Saint Leger wrote:
> I've worked on a path for the stf interface to add more security and
> nat traversal fonctionnality.
Now does NAT traversal provide more security? But anyway, for the
record: a tunneling method for (single) machines behind NAT is
Teredo. An implementation available to NetBSD would be net/miredo
> the new security features should have no visible impact, to activate
> nat traversal, configure your future 6to4 router as the dmz of your
> ipv4 network, and put the bit 49 of your prefix to 1.
Hm, magic bits? Why not use an interface flag?
> for example:
> ifconfig stf0 inet6 2002:5243:e682:c000::1 prefixlen 16
> it will activate this 6to4 prefix with nat traversal. To emit a
> packet, stf will search for the route to 18.104.22.168 and it will
> take the outgoing local address as the ipv4 6to4 source.
So you still need to know the external v4 address before configuration?
Main Index |
Thread Index |