* 6to4 NAT ? @ 2011-02-07 9:59 Matthias Urlichs 2011-02-07 10:27 ` Jasper Spaans 0 siblings, 1 reply; 3+ messages in thread From: Matthias Urlichs @ 2011-02-07 9:59 UTC (permalink / raw) To: netdev Hello, The problem: I have a 10.*/8 ipv4 network which I want to reach via ipv6. I.e., what I need is some sort of 6to4 NAT so that traffic from [whereever] to e.g. fec0:dead:beef:1234::10.1.2.3 ends up as coming from e.g. 10.0.0.1 on the IPv4 side. "Classic" NAT, in other words, except that (a) one side is on IPv6, and (b) the destination's v4 address is the tail end of the v6 address. Cisco boxes can apparently do that. I want my Linux box to do it too. :-P Is there something like this already out there, or do I need to copy the NAT kernel modules and start hacking? (This is not a tunnel: I don't want the IPv6 packets to get encapsulated in IPv4. That'd require all the systems on the 10.* net to have their own local tunnel interface. I can't do that.) -- -- Matthias Urlichs ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: 6to4 NAT ? 2011-02-07 9:59 6to4 NAT ? Matthias Urlichs @ 2011-02-07 10:27 ` Jasper Spaans [not found] ` <20110207124138.GW3731@deee.intern.smurf.noris.de> 0 siblings, 1 reply; 3+ messages in thread From: Jasper Spaans @ 2011-02-07 10:27 UTC (permalink / raw) To: Matthias Urlichs; +Cc: netdev@vger.kernel.org [-- Attachment #1: Type: text/plain, Size: 580 bytes --] On 07/02/11 10:59, Matthias Urlichs wrote: > The problem: I have a 10.*/8 ipv4 network which I want to reach via ipv6. > I.e., what I need is some sort of 6to4 NAT so that traffic from [whereever] > to e.g. fec0:dead:beef:1234::10.1.2.3 ends up as coming from e.g. 10.0.0.1 > on the IPv4 side. Sounds to me like you're looking for nat64. No built in support is available afaik, but http://ecdysis.viagenie.ca/ provides a netfilter module. Cheers, Jasper -- Ir. Jasper Spaans Fox-IT Experts in IT Security! T: +31 (0) 15 284 79 99 KvK Haaglanden 27301624 [-- Attachment #2: S/MIME Cryptographic Signature --] [-- Type: application/pkcs7-signature, Size: 4121 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
[parent not found: <20110207124138.GW3731@deee.intern.smurf.noris.de>]
* Re: 6to4 NAT ? [not found] ` <20110207124138.GW3731@deee.intern.smurf.noris.de> @ 2011-02-07 13:55 ` Matthias Urlichs 0 siblings, 0 replies; 3+ messages in thread From: Matthias Urlichs @ 2011-02-07 13:55 UTC (permalink / raw) To: Jasper Spaans; +Cc: netdev Hello, > Sounds to me like you're looking for nat64. No built in support is > available afaik, but http://ecdysis.viagenie.ca/ provides a netfilter > module. Alternately, there seems to be a stateless program which does the same thing via a TUN interface: http://www.litech.org/tayga/ This solutions seems superior to the ecdysis kernel module because * stateless * no out-of-tree kernel code with concurrency issues * while it's userland code, I don't expect to have much traffic * it can support multiple IPv4 networks on one system (we have customers with overlapping RFC1912 address ranges) * more flexible deployment -- -- Matthias Urlichs ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-02-07 14:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-07 9:59 6to4 NAT ? Matthias Urlichs
2011-02-07 10:27 ` Jasper Spaans
[not found] ` <20110207124138.GW3731@deee.intern.smurf.noris.de>
2011-02-07 13:55 ` Matthias Urlichs
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).