IPv6 <-> NAT <-> IPv4 ... possible?
Max Laier
max at love2party.net
Fri Oct 19 09:49:53 PDT 2007
On Friday 19 October 2007, Marc G. Fournier wrote:
> Could I hide an IPv6 network behind NAT? I don't know if that is even
> possible ... the IPv6 IPs would be private (equiv to 192.168.x.x) ...
> basically, none of the hosts behind NAT need a public IP, *but* I may
> end up with more then 256 hosts, so was wondering if using IPv6 behind
> the NAT would be 'simplier' ...
>
> If possible, pointers to docs to read would be appreciated ...
Possible - yes. Practical - no. There are a couple of techniques
available that can provide the functionality you are looking for. All of
them solve a subsection of the problem, but there is no - to my
knowledge - complete sollution.
The three main technologies are:
1) TRT (implemented through faith(4) / faithd(8))
2) Header translation (I don't know if we have this implemented anywhere)
3) (Transparent) application proxies
- there are patches for squid - IIRC
For 1 and 3 you have to run a AAAA to A translating DNS server. 2 is the
most "transparent" one, but I don't know if there is an implementation
available.
All in all, it's a PITA. Much, much worse than NAT. For the moment - if
you want your clients to do more than just surf webpages - you want NAT.
If it's only about surfing WWW you could try a (transparent) web proxy on
your dual stack router, but don't expect to find a lot of documentation!
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20071019/bcd5581f/attachment.pgp
More information about the freebsd-net
mailing list