tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: stf, security and NAT traversal

On Sat, Jan 19, 2008 at 09:48:10PM +0100, Rodolphe De Saint Leger wrote:
> Hi,
> I've worked on a path for the stf interface to add more security and
> nat traversal fonctionnality.
> the new security features should have no visible impact, to activate
> nat traversal, configure your future 6to4 router as the dmz of your
> ipv4 network, and put the bit 49 of your prefix to 1.
> for example:
> ifconfig stf0 inet6 2002:5243:e682:c000::1 prefixlen 16


I looked at your patch this weekend, and I think that we should add
it to NetBSD except for the NAT traversal parts.  The NAT traversal is
easily replicated using a packet filter.  Also, it seems that the NAT
traversal feature is a candidate for re-use, even where 6to4 is not used;
for users' convenience, we could extract the NAT traversal feature into
a pseudo-interface for re-use, as somebody else suggested some time ago.


David Young             OJC Technologies      Urbana, IL * (217) 278-3933 ext 24

Home | Main Index | Thread Index | Old Index