[6bone] Two IPv6 Hosts Communicating over IPv4 network
Petr Baudis
pasky@xs26.net
Mon, 9 Dec 2002 21:10:17 +0100
Dear diary, on Mon, Dec 09, 2002 at 03:25:05PM CET, I got a letter,
where Stephane Bortzmeyer <bortzmeyer@gitoyen.net> told me, that...
> On Mon, Dec 09, 2002 at 10:04:30PM +0800,
> Chen Zhigao <zgchen@psl.com.sg> wrote
> a message of 26 lines which said:
>
> > I guess IPv6/ICMPv6 packets must be converted to IPv4/ICMPv4 packets
>
> No: too complicated to do it in the kernel, semantics too different,
> too many things can go wrong.
>
> > What I want is a IPv6 over IPv4 tunneling.
>
> Yes. Just set up a tunnel.
In fact, the tunnel does nothing more than that "conversion" - but to avoid any
confusion, what in fact happens is that the IPv6/ICMPv6 packet is just verbatim
inserted into IPv4 packet (with protocol 41, as also mentioned below) and took
from the IPv4 packet on the other side.
> > 1) Has such work been implemented in Linux or other OS?
>
> Yes. On each side (the syntax is Debian, YMMV):
>
> auto tun1
> iface tun1 inet6 v4tunnel
> endpoint 213.248.x.y
> address 2001:6c0:x:y:z
> netmask 127
> # Not mandatory but could be useful (BGP...) Use traceroute to see
> # the length of the tunnel (9 in my case)
> up ip tunnel change tun1 ttl 9
If you want just Linux commands:
iptunnel add mytunnel mode sit local <side1 ipv4 addr> remote <side2 ipv4 addr> ttl 64
ifconfig mytunnel up
Then, you run the similiar command on the other side (just swapped local and
remote addresses), you will maybe want to assign some addresses to the
interfaces (altough if they are only two IPv6 hosts separated from 6bone, you
may have trouble with choosing an appropriate global address - so you well may
just stay with the link local addresses, which are assigned to the interfaces
automatically when you set them up - you can use them only when you communicate
through that one tunnel, though)...
Kind regards,
--
Petr "Pasky" Baudis
.
> I don't know why people still want ACL's. There were noises about them for
> samba, but I'v enot heard anything since. Are vendors using this?
Because People Are Stupid(tm). Because it's cheaper to put "ACL support: yes"
in the feature list under "Security" than to make sure than userland can cope
with anything more complex than "Me Og. Og see directory. Directory Og's.
Nobody change it". C.f. snake oil, P.T.Barnum and esp. LSM users
-- Al Viro
.
Crap: http://pasky.ji.cz/