6bone access from behind NAT

Petr Baudis pasky@pasky.ji.cz
Fri, 7 Dec 2001 14:08:52 +0100


Dear diary, on Thu, Dec 06, 2001 at 11:30:53PM CET, I got a letter, where Dan
Perry <dap23@cornell.edu> told me, that...
> Thanks for the suggestions I've gotten so far.  But it seems I didn't clearly
> state what was wrong.   The real problem I'm having is that I have a 2000
> behind NAT.   I want that server to connect to the 6bone and act as a router
> for the local network behind the NAT.   However, I can't figure out how to
> get the server to connect to the 6bone, since it is behind NAT.  I've been
> trying to use freenet6 as a tunnel broker.   I've manually configured the NAT
> to route all incoming ports to my server.  My idea was that the tunnel would
> get forwarder along with the other incoming IPv4 traffic, and then my server
> could act as a terminator for the tunnel, and also route IPv6 traffic to the
> other clients behind the NAT.   What I want to know is has anyone
> successfully connected to the 6bone from behind a NAT.    Is this even
> possible?   The freenet6 tunnel broker gives a success message that it has
> connected, but I can't ping anything outside.   Is there anything I can read
> up on the might help me deal with the NAT that my server is behind.
The SIT tunnel (used for tunneling of IPv6) traffic uses special protocol
(number 41) at the same level as TCP or UDP is, so with forwarding of TCP or
UDP traffic you won't forward SIT traffic. Solution is either to persuade your
NAT to forward also every traffic with protocol number 41 to your win2k machine
or to use some kind of IPv4 tunneling for this. E.g. you will get IPv4 IP from
someone and estabilish PPP tunnel to him thru internet. And then you will dig
your SIT tunnel to that public IPv4 address, which will actually belong to you.

I wonder if there is also any other application which would allow SIT tunneling
behind NAT, using TCP or (rather) UDP. On UNIX systems this can be done by
conjuring with pppd, however I have no idea how to do this on Windows systems.

-- 

				Petr "Pasky" Baudis

UN*X programmer, UN*X administrator, hobbies = IPv6, IRC, FreeCiv hacking