Subject: Re: stf(4) and NAT
To: Martijn van Buul <pino+gmane_os_netbsd_devel_network@dohd.org>
From: Pavel Cahyna <pcah8322@artax.karlin.mff.cuni.cz>
List: tech-net
Date: 11/21/2005 15:33:47
On Mon, Nov 21, 2005 at 01:52:27PM +0000, Martijn van Buul wrote:
> Hello.
> 
> I'm currently a happy owner of a IPv6 range in the 2001: range, but this
> may change in the near future, as my tunnel broker might go bellyup. As
> a result, I'm preemptively looking for alternatives, and before realising
> that SixXS.net will probably provide me with a fresh new tunnel if I ask
> them nicely, I tried 6-to-4. However, our stf(4) interface is giving me 
> problems.
> 
> Unfortunately, I'm in the "happy" possession of a Wanadoo LiveBox, which
> to my best knowledge refuses to behave like a bridging modem. Instead, it
> insists on doing NAT. I managed to convice it that it should do forward all
> incoming traffic to an IP on the private side of the modem, but that is as
> far as I'll be able to get. This has two implications:
> 
> 1) the "public" interface of my own NetBSD-based router is a private address.
> 2) And that address is going to be rewritten.
> 
> stf(4) refuses to cooperate because of this. First of all, it refuses to 
> send from an interface with a private address, and secondly it fails to
> locate the proper interface to begin with.
> 
> In order to comply with 6-to-4, my IPv6 range would be 2002:5591:54c5 /48,
> since the public IP address of my modem is 85.145.84.197. How do I specify
> which interface stf(4) should use - namely fxp0, which has the private IP
> address of 192.168.5.10, and that I know what I'm doing by overriding the
> range it would use normally?

I wrote recently about an idea to get this working. I don't have a
possiblility to forward all incoming trafic to my private address, so this
is not working for me (limitation that you don't suffer from), but I
verified that at least in the outgoing direction it works.

Edited version follows.
-----
If you have 2002:5591:54c5: 6to4 prefix, you should be able to configure
a, say, 2002:5591:54c5:0::1 stf interface on your machine.
Now the problem is that you have only a private IPv4 adress (192.168.5.10)
on the bridging box and only the cable modem has the public 85.145.84.197
adress, so 6to4 won't work. I solved it with the following
trick:

# cat /etc/ipnat.conf                                               
bimap ex0 85.145.84.197/32 -> 192.168.5.10/32 ipv6

# /etc/rc.d/ipnat onestart

# ifconfig lo0 inet 85.145.84.197 alias

Now outgoing 6to4 should work. For incoming, you will have to convince the
cable modem to forward all incoming packtets which don't match the
established NAT states to 192.168.5.10 . Or at least the 6to4 packets. You
probably already have that working.
-----

Please tell if this does work or not.

Pavel Cahyna