6bone access from behind NAT

[vertigo]

I would guess it has something to do with security.

vertigo


On Thu, 6 Dec 2001, Michael Kjorling wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> If you don't mind the question, why on Earth do you want to NAT with
> IPv6? I read somewhere that IPv6 addresses allow each and every
> molecule on the planet to have its own IP address - I haven't checked
> that but there are tons of IPv6 addresses available. You get a 64-bit
> part (or is it even 80 bits?) to use any way you like; MAC addresses
> which are used on Ethernet networks are 48 bits long. Lots of room to
> spare even if you'd have every Ethernet card in the world on your LAN.
>
> Also, I noted this in the 'ipv6 if' output:
>
> > Interface 3 (site 1): 6-over-4 Virtual Interface
> >   uses Neighbor Discovery
> >   sends Router Advertisements
> >   forwards packets
> >   link-level address: 192.168.50.1
> >     preferred address fe80::c0a8:3201, infinite/infinite
>
> Just a question to the gurus here - wouldn't the address be
> 2001:c0a8:3201::? http://www.6bone.net/6bone_6to4.html seems to imply
> this, if I read the text correctly: "A special IPv6 routing prefix
> (2002::/16) is used to indicate that the remaining 32-bits of the
> external routing prefix contain the IPv4 end-point address of a
> boundary IPv6 router for that site that will respond to IPv6 in IPv4
> encapsulation."
>
> And here's a suggestion for you: tracert6. What does it output? How
> far do you get?
>
>
> Michael Kjörling
>
>
> On Dec 6 2001 11:18 -0500, Dan Perry wrote:
>
> > Hi all,
> > 	I'm trying (unsuccessfully) to connect a small network of
> > windows 2000 machines to the 6bone.  Originally, I had one machine
> > running the standard Windows NAT service, and that server had one NIC
> > connected directly to the DSL line, and the other to the private
> > network.   I had that server running as a 6to4 router, and everything
> > worked fine.   However, I've since replaced that server with a common
> > hardware cable/DSL router.   I've configured that new router to forward
> > all incoming packets to the old server.   The old server current has one
> > NIC now.
> > 	I've been trying to use freenet6's tunnel broker service to
> > connect to the 6bone.   At first this failed as the server had a private
> > IP.  However, I changed the tspc.conf file to include the external IP
> > provided by my ISP as the v4 address used for the tunnel.   After doing
> > this, the tunnel seems to set itself up properly.   However, I'm not
> > able to ping anything but the server, or any other machine with IPv6 on
> > my private network.   Can anyone point out something that I need to do
> > in order to get this to work?
> >
> > Here are some outputs from the command line on the server I'm trying to
> > create a 6to4 router on:
> >
> >
> > C:\>ping6 www.6bone.net
> >
> > Pinging 6bone.net [3ffe:b00:c18:1::10] with 32 bytes of data:
> >
> > Request timed out.
> > Request timed out.
> >
> > C:\>ping6 perr2187.tsps1.freenet6.net
> >
> > Pinging perr2187.tsps1.freenet6.net [3ffe:b80:2:2f4e::2] with 32 bytes
> > of data:
> >
> > Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms
> > Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms
> >
> >
> > C:\>ipv6 if
> > /ipv6 output snipped/
> >
> > C:\>ipv6 rt
> > ::/0 -> 2 pref 0 (lifetime infinite, publish, no aging) 2002::/16 -> 2
> > pref 0 (lifetime 1800s, publish, no aging) ::/96 -> 2 pref 0 (lifetime
> > infinite)
> >
> >
> > As you can probably tell, I'm relatively new to IPv6, but any comments
> > or suggestions would be greatly appreciated.
> >
> > Thanks,
> >
> > Dan
>
> - --
> Michael Kjörling  --  Programmer/Network administrator  ^..^
> PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e   \/
> Internet: michael@kjorling.com -- FidoNet: 2:204/254.4
>
> "There is something to be said about not trying to be glamorous
> and popular and cool. Just be real -- and life will be real."
> (Joyce Sequichie Hifler, September 13 2001, www.hifler.com)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: Public key is at http://michael.kjorling.com/contact/pgp.html
>
> iD8DBQE8D8uXKqN7/Ypw4z4RAp1CAJ9Aiy143lIEFnma23ITBrYOzYTlwACgw/vM
> FbGWIXTEa9JB8hmlGrKDKW8=
> =Az7Q
> -----END PGP SIGNATURE-----
>
>