[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 02747) Re: IPv6/Ipv4 tunnel behind NAT
- To: "'Qiang Zhang'" <qzhang@xxxxxxxxxxxxx>, <usagi-users@xxxxxxxxxxxxxx>
- Subject: (usagi-users 02747) Re: IPv6/Ipv4 tunnel behind NAT
- From: "Jeroen Massar" <jeroen@xxxxxxxxx>
- Date: Thu, 8 Jan 2004 12:28:44 +0100
- Importance: Normal
- In-reply-to: <045401c3d59a$ad2886a0$0600a8c0@LIQWID6JXZJUXA>
- Organization: Unfix
- Reply-to: usagi-users@xxxxxxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Qiang Zhang [mailto:qzhang@xxxxxxxxxxxxx] wrote:
> Is it possible to set up the ipv6/ipv4 tunnel from a host
> behind NAT? If it is not possible, why?
Like Stig Venaas mentions in his reply there is a draft
about this subject. What the draft doesn't mention is what
you will have to do for each NAT 'router'.
Basically it boils down to configuring the 'router' to
sent all unrecognized/non-NATted traffic to a single host.
This option is usually called DMZ.
When you don't have that option or when it only forwards
tcp/udp you will have to disable NAT on the 'router' and
put a host directly behind the 'router' that terminates
the tunnel and can handle NAT for IPv4.
Another solution would be to use Teredo (BSD+MS versions available)
or to use another tunneling method like tinc/openvpn/pptp.
Complaining to the vendor of your 'NAT' router to make
it support proto-41 passthru is also an option ofcourse ;)
Greets,
Jeroen
-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / http://unfix.org/~jeroen
iQA/AwUBP/0+7CmqKFIzPnwjEQKk7QCgh8+GscwWKuYgLJ7dRjsQRZxLWZsAn1W0
NC3YEjONkcBDyfSDrLkUHXEv
=giXz
-----END PGP SIGNATURE-----