I started playing with ipv6. It feels like back in the early 90's, when
I had to learn how 'the Internet' works ;)
Here's the setup:
An ipv6 only host with a non-link-local address should be able to use
the ipv4 world. I don't want to deal with a tunnel broker, nor do I have
native ipv6 access to the internet.
The ipv6 only client gets its ipv6 address via the rtadvd running on the
gatway's internal interface. The gateway's external interface is ipv4
only.
The ipv6 host can already ping6 the gatway. DNS I have 'fixed' with
totd, so ipv4 addressed are mapped into the ipv6 space:
ipv6-client:~$ host www.google.ch
www.l.google.com has address 74.125.39.147
www.l.google.com has IPv6 address 2001:620:10:1401::4a7d:2767
The default ipv6-gateway of my ipv6 client is properly set
in /etc/mygate.
I try to use pf on the gateway to intercept tcp/ip6 traffic and to feed
it into relayd. The relevant parts are as follows:
---pf.conf--
rdr pass inet6 proto tcp from lan:network -> :: port 8081
---pf.conf--
---relayd.conf---
tcp protocol tcpgeneric {
tcp { backlog 128, nodelay, sack, socket buffer 131072 }
}
relay tcp6to4 {
listen on :: port 8081
forward to nat lookup inet
protocol tcpgeneric
}
---relayd.conf---
After that kinda long intro, here's the problem:
Though name resolution works, an actual connection to an ipv6 address on
port 80 wouldn't work and isn't 'seen' by relayd either. If I tcpdump on
the gateway I see that the client, after it got the faked ipv6 address,
sends an "icmp6: neighbor sol: who has 2001:620:10:1401::4a7d:2767".
So, it believes google is part of 'our' name space, which is probably
wrong. I then tried to change the prefix of totd to a non-local prefix,
like 2001:620:10:1400:: (instead of :1401::) so that a 'host
www.google.ch' results in 2001:620:10:1400::4a7d:2767 and thus can't be
treated as 'local'.
When I do this I can see the traffic on the gatway:
2001:620:10:1401:20d:60ff:fe2e:251b.13239 >
2001:620:10:1400::4a7d:2768.80
but it's still not seen by relayd.
Can someone with some degree of patience shed some light on my dark
spots?
--
Stephan A. Rickauer
-----------------------------------------------------------
Institute of Neuroinformatics Tel +41 44 635 30 50
University / ETH Zurich Sec +41 44 635 30 52
Winterthurerstrasse 190 Fax +41 44 635 30 53
CH-8057 Zurich Web www.ini.uzh.ch
