6to4, stf and shoebox NAT routers

Hajimu UMEMOTO ume at freebsd.org
Sun Aug 5 10:23:10 PDT 2007 

Hi,

>>>>> On Fri, 03 Aug 2007 10:08:48 +0200
>>>>> Lapo Luchini <lapo at lapo.it> said:

lapo> Hajimu UMEMOTO wrote:
> I posted my proposed patch to current@ for review in the past.  But,
> no one responded.  Could you test this?  This is for 6-CURRENT at Feb 1.
> If it doesn't apply cleanly, please let me know.

lapo> It applied cleanly to 6.2-STABLE and seems to work perfectly... outbound
lapo> at least.

lapo> I have a box at home called cyberx which has static IPv4 but is NATted
lapo> (and is thus using your patch).
lapo> The other test box is a server called motoko which has static IPv4
lapo> assigned to one of his interfaces directly (no patches here).

lapo> The wl500g router correctly forwards the protocol 41 packets to cyberx.

lapo> Pinging from cyberx to motoko (and using tcpdump on both) I can see that:
lapo> a. cyberx if producing correct IPv4 packets that are from his local
lapo> NATted address to the real motoko address, but containing a IPv6 packet
lapo> that contains the '2002:'-encoding of both real IPv4 addresses
lapo> b. motoko is receiving the echo request correctly
lapo> c. motoko is sending the echo reply correctly
lapo> d. cyberx is receiving the echo reply encapsulated in IPv4 packets correctly
lapo> e. cyberx's stf0 interface IS NOT RECEIVING his IPv6 echo reply
lapo> f. the 'ping' command thinks that all packets are lost

lapo> Does you patch address incoming packets too?

Yes, it should address incoming packets.

lapo> Can I do some ipfw magic to convince stf to receive also incoming
lapo> packets with a mismatched IPv4-IPv6 address?

No, you shouldn't need any ipfw magic.  However, the NAT box have to
forward the incomming tunneling packets to your stf box correctly.  I
guess you do so.

How do you configure your stf interface?  You need to assign a 6to4
address which is derived from the IPv4 global address assigned to the
NAT box.
And you need to set net.link.stf.no_addr4check to 1.
Is it okay?

sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume at mahoroba.org  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

More information about the freebsd-hackers mailing list