IPv6 <-> NAT <-> IPv4 ... possible?

[Bob Johnson]

On 10/19/07, Marc G. Fournier <freebsd at hub.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Could I hide an IPv6 network behind NAT?  I don't know if that is even
> possible

Yes, it is possible. The designers of IPv6 allowed for that
configuration as it was expected to be a common one during the
transition from IPv4 to IPv6 (i.e. you start using IPv6 but your
network is connected to the IPv4 Internet). Although what you end up
with might not be exactly what you have in mind: IPv6 can
automatically tunnel through an IPv4 NAT, so using that is probably
the easiest configuration. In that case, the firewall features of your
NAT box (if any) would do nothing for your IPv6 systems - unless it
supports IPv6 firewalling as well. In principle at least, with not
much effort (heh) your IPv6 boxes could all have public IPv6 addresses
even though they are behind your IPv4 NAT box.

The other approach would be to have an IPv6 to IPv4 gateway behind
your NAT box (or it would actually be your NAT box).

> ... the IPv6 IPs would be private (equiv to 192.168.x.x) ... basically, none
> of
> the hosts behind NAT need a public IP, *but* I may end up with more then 256
> hosts, so was wondering if using IPv6 behind the NAT would be 'simplier' ...

It probably will not be "simpler". It will have a fairly steep
learning curve, while using IPv4 NAT with more than 256 hosts should
be no problem unless your NAT box is artificially limited to that
number. E.g. you can have 65K hosts behind your NAT by using
192.168.0.0/16 as your network instead of the common 192.168.0.x/24.
If you are using an of-the-shelf home router/firewall, you are
probably limited to 253 hosts, but if you are using a FreeBSD box to
do NAT, you should be able to have as many hosts has you wish behind
it on IPv4.

>
> If possible, pointers to docs to read would be appreciated ...

I wish I had them. You just learned most of what I know about IPv6,
but I'm working on improving that.

- Bob