On Tue, Nov 08, 2005 at 03:54:36PM -0500, Steven M. Bellovin wrote:
> Right now, I'm using a 3-interface box to bridge different segments of 
> my home network and connect them to my cable modem.  (The cable modem 
> has its own NAT function.)  That's fine for v4; however, I'd like to 
> pick up v6 packets there and tunnel them somewhere via 6to4.  I suspect 
> that it isn't possible to do that; I'd be happy to find out I'm wrong.  

Maybe it's helpful to think about this the other way around -- to think
of the problem as being one of blocking v6 packets from traversing the
bridge.  I think ipf can do that, if you've built your kernel with
BRIDGE_IPF -- and can't you then pick up the v6 packets on the interface
they originaly arrive on, and route them as usual?