I guess the problem statement is not clear enough. An IPv4 NAT system exists. I want my IPv6 hosts to access the internet(IPv4 internet and IPv6 internet) and the only internet connectivity i have(at this stage) is from behind that NAT. I own a globally routable IPv6 address prefix(48 bit), so i can allocate IPv6 addresses if required. The problem being that the router itself is inaccessible to me at this stage, I do not have access to any machines with globally routable IPv4 addresses. 6to4 tunneling even refuses to start seeing that the assigned IPv4 address is of the 172.x.x.x series, so 6to4 tunneling in its original form is not an option for me as it can't work from behind a NAT. Also, I'm aware of how 6to4 works, but I'm talking about the 6to4 implementation in the kernel. once its enabled from /etc/sysconfig/network, it will try to assign a 6to4 address based on the basis of the assigned IPv4 address. Since it doesn't find one, it fails to bring up the 6to4 interface. therefore it won't work from behind a NAT. Also, it can't be used to transport IPv6 packets over an IPv4 LAN(because the source and the destination don't have globally routable IPv4 addresses, so it refuses to assign IPv6 addresses based on the internal IPv4 address)Also, 6to4 implementation doesn't give control over the tunnel broker(which is essential as i want to establish my own tunnel). Also, you mentioned somewhere that i should let IPv4 networks and IPv6 networks stay apart. My purpose in setting up this test-bed is to see the interoperability of IPv4 and IPv6 hosts as the entire institute's LAN would be upgraded for IPv6 support based on my results here. Since most hosts will still be using IPv4(after upgradation), the dual stack architechture is what I'm interested in. I hope i have made things clearer this time. Thanks Navjot Kukreja On Thu, Apr 17, 2008 at 1:50 AM, Ashish Shukla आशीष शुक्ल < [EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >>>>> "Navjot" == Navjot Kukreja <[EMAIL PROTECTED]> writes: > Navjot> Hi all > Navjot> I stopped the DHCP effort for now and went ahead with RADVD for > the time > Navjot> being. I have now set up all application services(WEB, FTP, > MAIL etc) to use > Navjot> IPv6. I had set this up in an isolated network. Now I want to > connect this > Navjot> network to my institute's LAN. I want to do this for two > purposes. > Navjot> Primary purpose: I want these computers to be able to access > the internet. I > Navjot> want to do this in two ways(yes, BOTH these ways). I want to > set up a server > Navjot> that will forward the traffic as IPv4 traffic across the LAN. > we'll only be > Navjot> using conventional IPv4 internet this way. > Navjot> Secondly, I want to be able to use the IPv6 internet here too. > since 6to4 > Navjot> tunneling requires global IPv4 addresses, that is not an > option. All > Navjot> computers accessible to me are behind a NAT(IPv4). How can i > set up things > Navjot> so that IPv6 traffic can be sent over the IPv4 LAN? > > In IPv4 networks, I NAT because, I'm short of globally routable of > IPv4 addresses. But in IPv6, I don't have do NAT. Anyways, IPv6 network > and an IPv4 network are two different networks, and you shouldn't try > to relate them. Being assigned locally routable IPv4 address doesn't > mean, you can't possess a globally routable IPv6 address or > vice-versa. And, there is nothing in IPv6, which forbids you from > assigning > globally routable IPv6 addresses to your local network, provided you > technically own the network prefix of those globally routable > addresses. So, now if you want your local LAN to be globally > addressable with a unique address, you need to get connectivity to > IPv6 internet, either direct or indirect via some tunnel. > > Since you mentioned 6to4 tunnelling, assign your desired 6to4 > address to your IPv6 router's external interface, and then allocate a > subnets of your 6to4 range to your internal interfaces. This is the > way ISPs do allocation of IP addresses. And after this start 'radvd' for > assigning address to all boxen connected to your router's internal > interfaces. And then enable the IPv6 forwarding on your IPv6 router. > > Navjot> Secondary purpose: Is it possible for IPv6 enabled hosts > elsewhere on the > Navjot> network to access these IPv6 services over the IPv4 LAN? > > You mean the actual packets flowing on the network are IPv4 packets > encapsulated in Ethernet frames, right ? > > Navjot> The routers, switches etc along the way are all > Navjot> inaccessible(for now). The institute lan uses vLAN systems > Navjot> from cisco. > > Never played with VLANs or Sizco product (except a Linksys WRT54GS? ). > > Navjot> i can get more details on the LAN configuration if > Navjot> required. So, wat i want, in a nutshell is, tht i want a > Navjot> dual stack host to access v6 services over a v4 > Navjot> LAN. something like establishing my own 6to4 tunnel of > Navjot> sorts. Please advise on how to realize this. > > I hope, you know how 6to4 tunnel works. 6to4 tunnel packets are > nothing but IPv6 packets encapsulated in IPv4 packets with protocol > field set to '41' (refer to /etc/protocols) with bits 16-47 of > destination/source IPv6 addresses mapped to corresponding > source/destination IPv4 addresses. So, I guess you can setup a 6to4 > network comprising of RFC 1918 hosts, e.g. > > 192.168.1.1 could be assigned an IPv6 address of 2002:c0a8:0101::b00b > 192.168.1.2 could be assigned an IPv6 address of 2002:c0a8:0102::dead > > All the best and happy IPv6ing... :) > > HTH > - -- > Ashish Shukla आशीष शुक्ल > http://wahjava.wordpress.com/ > ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFIBl+PHy+EEHYuXnQRAlbRAKDPpw6VCsP3u0mJQltLWgf/w7ZbqgCffpf8 > ywRSp8ggurMpwtLF7nRrOVY= > =15gu > -----END PGP SIGNATURE----- > > _______________________________________________ > ilugd mailinglist -- [email protected] > http://frodo.hserus.net/mailman/listinfo/ilugd > Next Event: http://freed.in - February 22-24, 2008 > Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi > http://www.mail-archive.com/[email protected]/ > -- /\/ /\ \/ _| () ^|^ _______________________________________________ ilugd mailinglist -- [email protected] http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22-24, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[email protected]/
