Date: Fri, 19 Oct 2007 18:49:40 +0200 From: Max Laier <max@love2party.net> To: freebsd-net@freebsd.org Cc: "Marc G. Fournier" <freebsd@hub.org> Subject: Re: IPv6 <-> NAT <-> IPv4 ... possible? Message-ID: <200710191849.46335.max@love2party.net> In-Reply-To: <6C9CF4C3635197B3CBED0D78@ganymede.hub.org> References: <6C9CF4C3635197B3CBED0D78@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart10564751.1cM7D7juYb Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 19 October 2007, Marc G. Fournier wrote: > Could I hide an IPv6 network behind NAT? I don't know if that is even > possible ... the IPv6 IPs would be private (equiv to 192.168.x.x) ... > basically, none of the hosts behind NAT need a public IP, *but* I may > end up with more then 256 hosts, so was wondering if using IPv6 behind > the NAT would be 'simplier' ... > > If possible, pointers to docs to read would be appreciated ... Possible - yes. Practical - no. There are a couple of techniques=20 available that can provide the functionality you are looking for. All of=20 them solve a subsection of the problem, but there is no - to my=20 knowledge - complete sollution. The three main technologies are: 1) TRT (implemented through faith(4) / faithd(8)) 2) Header translation (I don't know if we have this implemented anywhere) 3) (Transparent) application proxies - there are patches for squid - IIRC =46or 1 and 3 you have to run a AAAA to A translating DNS server. 2 is the= =20 most "transparent" one, but I don't know if there is an implementation=20 available. All in all, it's a PITA. Much, much worse than NAT. For the moment - if=20 you want your clients to do more than just surf webpages - you want NAT. =20 If it's only about surfing WWW you could try a (transparent) web proxy on=20 your dual stack router, but don't expect to find a lot of documentation! =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart10564751.1cM7D7juYb Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHGOAqXyyEoT62BG0RAkKcAJ0exvp2F6+PfF6Akm95hDYxisn4sACePvEC 6O0xcqTOTXPrib0938uW2EI= =3aEk -----END PGP SIGNATURE----- --nextPart10564751.1cM7D7juYb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710191849.46335.max>