I got my first IPv6 from ARIN. I set up my router and am successfully advertising my IPv6 block. On my DNS server, I added an IPv6 IP, no problem (try pinging! ns1.monkeybrains.net). Now, I'd like to 'NAT' to some older boxes and not mess with actually putting IPv6 IPs on those boxes. Say I had a box with running IPv4 with: 69.147.83.40 How would I 'nat' or 'gif' or 'tunnel' from a NAT box without putting any IPv6 on 69.147.83.40? I want to have: 2607:f598:0:1::666 on my 'firewall' and have it tunnel to 69.147.83.40 or whatever.... I've read this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-ipv6.html But that seems more geared toward getting IPv6 on clients. Rudy
On 2009-11-09T14:26:23-0800, Rudy <crapsh@monkeybrains.net> wrote:> I got my first IPv6 from ARIN. I set up my router and am > successfully advertising my IPv6 block. On my DNS server, I added > an IPv6 IP, no problem (try pinging! ns1.monkeybrains.net). Now, > I'd like to 'NAT' to some older boxes and not mess with actually > putting IPv6 IPs on those boxes. Say I had a box with running IPv4 > with: 69.147.83.40 > How would I 'nat' or 'gif' or 'tunnel' from a NAT box without > putting any IPv6 on 69.147.83.40? > > I want to have: > 2607:f598:0:1::666 on my 'firewall' and have it tunnel to > 69.147.83.40 or whatever.... > I've read this: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-ipv6.html > But that seems more geared toward getting IPv6 on clients.Are you trying to give the older boxes IPv6 connectivity or IPv4 connectivity to the Internet? If IPv6, why not just give the older boxes IPv6 addresses? Seems to me it would be a lot easier than messing with tunneling. They don't even need globally routeable IPv4 addresses. Set up rtadvd on your router, allow them to use their automatic IPv6 addresses (or set the addresses manually, doesn't matter), and that should be it. It shouldn't be that hard, since ease of setup is one of the things IPv6 is designed for. On FreeBSD, ipv6_enable="YES" is probably all you need to do. -- Kenyon Ralph -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20091109/20d6f060/attachment.pgp
In a word, 6tunnel. It's an application level proxy that does the job well enough to get you out of trouble. Another approach would be to run netcat (nc) from inetd on the port in question. That said, I'll add my voice to the suggestion that it is very simple to get IPv6 going on pretty much anything (OK, probably a pain on windows 2000 but even there it is theoretically possible). Rather than doing NAT, you simply apply policy with your firewall rules where it should always have been. Brian -----Original Message----- From: owner-freebsd-stable@freebsd.org [mailto:owner-freebsd-stable@freebsd.org] On Behalf Of Rudy Sent: Tuesday, 10 November 2009 9:26 AM To: freebsd-stable@freebsd.org Subject: Tunnel IPv6 requests to my IPv4 servers? I got my first IPv6 from ARIN. I set up my router and am successfully advertising my IPv6 block. On my DNS server, I added an IPv6 IP, no problem (try pinging! ns1.monkeybrains.net). Now, I'd like to 'NAT' to some older boxes and not mess with actually putting IPv6 IPs on those boxes. Say I had a box with running IPv4 with: 69.147.83.40 How would I 'nat' or 'gif' or 'tunnel' from a NAT box without putting any IPv6 on 69.147.83.40? I want to have: 2607:f598:0:1::666 on my 'firewall' and have it tunnel to 69.147.83.40 or whatever.... I've read this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-ipv6.h tml But that seems more geared toward getting IPv6 on clients. Rudy _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" ********************************************************************** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. **********************************************************************