Re: sit and 6to4 tunneling

From: Pekka Savola (pekkas@netcore.fi)
Date: Tue Dec 16 2003 - 03:33:52 EST


Hi,

6to4 is incompatible with private addresses. Kernel doesn't enforce
this even though it maybe should.

You can configure the 6to4 address to be the public address of your
NAT, if the NAT supports forwarding proto-41 packets to your internal,
privately-addressed box.

On Mon, 8 Dec 2003, Peter Grubmair wrote:
> Hi, hope not bothering you.
> I tried kernel 2.6-test11 and ipv6,
> configuring a sit1 device,
> but with 6to4 ipv6 address and private ipv4 address
> (192.168.2.199).
> This is because I am behind a masquerading firewall
> which gives all ipv6 traffic on ipv4 to
> my box and does correct nat.
> I can ping www.kame.net using 192.88.99.1
> as relay-router and see the correct echo-reply with
> ethereal, but instead of accepting the
> correct answer my box replies a Ipv4
> destination unreachable/protocoll unreachable.
> Is this because of combining sit with 6to4 addresses ?
> - found only on hint to 6to4 in the code of sit.c
> which is related to xmit.
> (Everything works fine with 6to4 and no nating firewall).
> Thanks in advance
> Peter
>
> PS: I did it with sit as the scripts allow configuring an IPv4 address
> for
> 6to4 tunneling, but as this address is not only used
> for generating the 6to4 Ipv6 local address but also for
> ipv4 source address, nat does not work.
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>

--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html