tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: stf, security and NAT traversal

On Sat, Jan 19, 2008 at 09:48:10PM +0100, Rodolphe De Saint Leger wrote:
> Hi,
> I've worked on a path for the stf interface to add more security and
> nat traversal fonctionnality.

Now does NAT traversal provide more security? But anyway, for the
record:  a tunneling method for (single) machines behind NAT is
Teredo. An implementation available to NetBSD would be net/miredo
in pkgsrc.

> the new security features should have no visible impact, to activate
> nat traversal, configure your future 6to4 router as the dmz of your
> ipv4 network, and put the bit 49 of your prefix to 1.

Hm, magic bits? Why not use an interface flag?

> for example:
> ifconfig stf0 inet6 2002:5243:e682:c000::1 prefixlen 16
> it will activate this 6to4 prefix with nat traversal. To emit a
> packet, stf will search for the route to and it will
> take the outgoing local address as the ipv4 6to4 source.

So you still need to know the external v4 address before configuration?


Home | Main Index | Thread Index | Old Index