Date: Fri, 19 Oct 2007 18:49:40 +0200 From: Max Laier <max@love2party.net> To: freebsd-net@freebsd.org Cc: "Marc G. Fournier" <freebsd@hub.org> Subject: Re: IPv6 <-> NAT <-> IPv4 ... possible? Message-ID: <200710191849.46335.max@love2party.net> In-Reply-To: <6C9CF4C3635197B3CBED0D78@ganymede.hub.org> References: <6C9CF4C3635197B3CBED0D78@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart10564751.1cM7D7juYb
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Friday 19 October 2007, Marc G. Fournier wrote:
> Could I hide an IPv6 network behind NAT? I don't know if that is even
> possible ... the IPv6 IPs would be private (equiv to 192.168.x.x) ...
> basically, none of the hosts behind NAT need a public IP, *but* I may
> end up with more then 256 hosts, so was wondering if using IPv6 behind
> the NAT would be 'simplier' ...
>
> If possible, pointers to docs to read would be appreciated ...
Possible - yes. Practical - no. There are a couple of techniques=20
available that can provide the functionality you are looking for. All of=20
them solve a subsection of the problem, but there is no - to my=20
knowledge - complete sollution.
The three main technologies are:
1) TRT (implemented through faith(4) / faithd(8))
2) Header translation (I don't know if we have this implemented anywhere)
3) (Transparent) application proxies
- there are patches for squid - IIRC
=46or 1 and 3 you have to run a AAAA to A translating DNS server. 2 is the=
=20
most "transparent" one, but I don't know if there is an implementation=20
available.
All in all, it's a PITA. Much, much worse than NAT. For the moment - if=20
you want your clients to do more than just surf webpages - you want NAT. =20
If it's only about surfing WWW you could try a (transparent) web proxy on=20
your dual stack router, but don't expect to find a lot of documentation!
=2D-=20
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
--nextPart10564751.1cM7D7juYb
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
iD8DBQBHGOAqXyyEoT62BG0RAkKcAJ0exvp2F6+PfF6Akm95hDYxisn4sACePvEC
6O0xcqTOTXPrib0938uW2EI=
=3aEk
-----END PGP SIGNATURE-----
--nextPart10564751.1cM7D7juYb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710191849.46335.max>