Stephan A. Rickauer wrote:
> I started playing with ipv6. It feels like back in the early 90's, when
> I had to learn how 'the Internet' works ;)
>
> Here's the setup:
>
> An ipv6 only host with a non-link-local address should be able to use
> the ipv4 world. I don't want to deal with a tunnel broker, nor do I have
> native ipv6 access to the internet.
>
> The ipv6 only client gets its ipv6 address via the rtadvd running on the
> gatway's internal interface. The gateway's external interface is ipv4
> only.
>
> The ipv6 host can already ping6 the gatway. DNS I have 'fixed' with
> totd, so ipv4 addressed are mapped into the ipv6 space:
>
> ipv6-client:~$ host www.google.ch
> www.l.google.com has address 74.125.39.147
> www.l.google.com has IPv6 address 2001:620:10:1401::4a7d:2767
>
>
> The default ipv6-gateway of my ipv6 client is properly set
> in /etc/mygate.
>
> I try to use pf on the gateway to intercept tcp/ip6 traffic and to feed
> it into relayd. The relevant parts are as follows:
>
>
> ---pf.conf--
> rdr pass inet6 proto tcp from lan:network -> :: port 8081
> ---pf.conf--
>
>
> ---relayd.conf---
> tcp protocol tcpgeneric {
> tcp { backlog 128, nodelay, sack, socket buffer 131072 }
> }
>
> relay tcp6to4 {
> listen on :: port 8081
> forward to nat lookup inet
> protocol tcpgeneric
> }
> ---relayd.conf---
>
>
> After that kinda long intro, here's the problem:
>
> Though name resolution works, an actual connection to an ipv6 address on
> port 80 wouldn't work and isn't 'seen' by relayd either. If I tcpdump on
> the gateway I see that the client, after it got the faked ipv6 address,
> sends an "icmp6: neighbor sol: who has 2001:620:10:1401::4a7d:2767".
>
> So, it believes google is part of 'our' name space, which is probably
> wrong. I then tried to change the prefix of totd to a non-local prefix,
> like 2001:620:10:1400:: (instead of :1401::) so that a 'host
> www.google.ch' results in 2001:620:10:1400::4a7d:2767 and thus can't be
> treated as 'local'.
>
> When I do this I can see the traffic on the gatway:
> 2001:620:10:1401:20d:60ff:fe2e:251b.13239 >
> 2001:620:10:1400::4a7d:2768.80
>
> but it's still not seen by relayd.
>
> Can someone with some degree of patience shed some light on my dark
> spots?
>
> --
>
> Stephan A. Rickauer
>
> -----------------------------------------------------------
> Institute of Neuroinformatics Tel +41 44 635 30 50
> University / ETH Zurich Sec +41 44 635 30 52
> Winterthurerstrasse 190 Fax +41 44 635 30 53
> CH-8057 Zurich Web www.ini.uzh.ch
Hi, have you already seen this great post on undeadly?
http://undeadly.org/cgi?action=article&sid=20080724184757
Perhaps it might help you with your setup.
