Date: Fri, 11 Mar 2005 11:16:36 -0800 From: Nick Sayer <nsayer@kfu.com> To: freebsd-hackers@freebsd.org Subject: stf and shoebox NAT routers Message-ID: <4231EE94.8050601@kfu.com>
next in thread | raw e-mail | index | archive | help
Historically, I've used FreeBSD machines as NAT routers. Call me a traitor if you must, but it's getting harder to justify not simply putting one of those little Linksys/Netgear/SMC/whatever NAT routers in place and having the FreeBSD machine be a server behind the box instead. One of the last considerations remaining is IPv6. Most boxes now have the concept of a "DMZ" host. They will, aparently, perform simple address substitution on the IP header for packets that arrive of an unknown protocol and send them to the DMZ host (living on the inside LAN - thus calling it a DMZ host is a bit of a misnomer, but that's a semantic debate for another occasion). This would be ideal for 6to4 - incoming packets would simply arrive and be processed. The trouble appears to be the outgoing side. The machine's actual IPv4 address is not the same as the *outside* IPv4 address, so one of two things is happening (I'm not sure which): Either the blanket prohibition on RFC-1918 addresses having anything to do with 6to4 is getting in the way, or stf0 having a "foreign" prefix (that is, a prefix that does not relate to a physical interface on the machine) is confusing it. 6to4 is the IPv6 connection solution I prefer. Is there any way stf can be taught to live behind an IPv4 NAT?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4231EE94.8050601>