Re: stf, security and NAT traversal

To: tech-net%NetBSD.org@localhost
Subject: Re: stf, security and NAT traversal
From: David Young <dyoung%pobox.com@localhost>
Date: Tue, 22 Jan 2008 10:07:35 -0600

On Sat, Jan 19, 2008 at 09:48:10PM +0100, Rodolphe De Saint Leger wrote:
> Hi,
> 
> I've worked on a path for the stf interface to add more security and
> nat traversal fonctionnality.
> 
> the new security features should have no visible impact, to activate
> nat traversal, configure your future 6to4 router as the dmz of your
> ipv4 network, and put the bit 49 of your prefix to 1.
> 
> for example:
> ifconfig stf0 inet6 2002:5243:e682:c000::1 prefixlen 16

Rodolphe,

I looked at your patch this weekend, and I think that we should add
it to NetBSD except for the NAT traversal parts.  The NAT traversal is
easily replicated using a packet filter.  Also, it seems that the NAT
traversal feature is a candidate for re-use, even where 6to4 is not used;
for users' convenience, we could extract the NAT traversal feature into
a pseudo-interface for re-use, as somebody else suggested some time ago.

Dave

-- 
David Young             OJC Technologies
dyoung%ojctech.com@localhost      Urbana, IL * (217) 278-3933 ext 24

Follow-Ups:
- Re: stf, security and NAT traversal
  - From: Rodolphe De Saint Leger

References:
- stf, security and NAT traversal
  - From: Rodolphe De Saint Leger

Prev by Date: Re: bug: 37723
Next by Date: Re: stf, security and NAT traversal
Previous by Thread: Re: stf, security and NAT traversal
Next by Thread: Re: stf, security and NAT traversal
Indexes:

Home | Main Index | Thread Index | Old Index