[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02750) Re: IPv6/Ipv4 tunnel behind NAT

To: <usagi-users@xxxxxxxxxxxxxx>
Subject: (usagi-users 02750) Re: IPv6/Ipv4 tunnel behind NAT
From: "Qiang Zhang" <qzhang@xxxxxxxxxxxxx>
Date: Thu, 8 Jan 2004 19:24:31 -0500
References: <001501c3d5da$93cd06a0$210d640a@unfix.org>
Reply-to: "Qiang Zhang" <qzhang@xxxxxxxxxxxxx>

Jeroen and Stig,

Thank you for the reply, I am able to start the tunnel now....after swapping
out my cheap "NAT router", it is a 40$ netgear :)

Basically to summarize 1. need to tweak the end point IP with the tunnel:
use the private v4 IP as the tunnel device local point, then need to also
satisfy the TSP's requirement (use the v4 Public IP for registration
related)   2. make sure the NAT box understand the IP protocol 41 so it can
correctly set up the NAT state

Qiang
----- Original Message -----
From: "Jeroen Massar" <jeroen@xxxxxxxxx>
To: "'Qiang Zhang'" <qzhang@xxxxxxxxxxxxx>; <usagi-users@xxxxxxxxxxxxxx>
Sent: Thursday, January 08, 2004 6:28 AM
Subject: (usagi-users 02747) Re: IPv6/Ipv4 tunnel behind NAT


> -----BEGIN PGP SIGNED MESSAGE-----
>
> Qiang Zhang [mailto:qzhang@xxxxxxxxxxxxx] wrote:
>
> > Is it possible to set up the ipv6/ipv4 tunnel from a host
> > behind NAT?   If it is not possible, why?
>
> Like Stig Venaas mentions in his reply there is a draft
> about this subject. What the draft doesn't mention is what
> you will have to do for each NAT 'router'.
>
> Basically it boils down to configuring the 'router' to
> sent all unrecognized/non-NATted traffic to a single host.
> This option is usually called DMZ.
>
> When you don't have that option or when it only forwards
> tcp/udp you will have to disable NAT on the 'router' and
> put a host directly behind the 'router' that terminates
> the tunnel and can handle NAT for IPv4.
>
> Another solution would be to use Teredo (BSD+MS versions available)
> or to use another tunneling method like tinc/openvpn/pptp.
>
> Complaining to the vendor of your 'NAT' router to make
> it support proto-41 passthru is also an option ofcourse ;)
>
> Greets,
>  Jeroen
>
> -----BEGIN PGP SIGNATURE-----
> Version: Unfix PGP for Outlook Alpha 13 Int.
> Comment: Jeroen Massar / http://unfix.org/~jeroen
>
> iQA/AwUBP/0+7CmqKFIzPnwjEQKk7QCgh8+GscwWKuYgLJ7dRjsQRZxLWZsAn1W0
> NC3YEjONkcBDyfSDrLkUHXEv
> =giXz
> -----END PGP SIGNATURE-----
>
>
>

Follow-Ups:
- (usagi-users 02751) Re: IPv6/Ipv4 tunnel behind NAT
  - From: Jeroen Massar

References:
- (usagi-users 02747) Re: IPv6/Ipv4 tunnel behind NAT
  - From: Jeroen Massar

Prev by Date: (usagi-users 02749) Re: ipv6 programming
Next by Date: (usagi-users 02751) Re: IPv6/Ipv4 tunnel behind NAT
Previous by thread: (usagi-users 02747) Re: IPv6/Ipv4 tunnel behind NAT
Next by thread: (usagi-users 02751) Re: IPv6/Ipv4 tunnel behind NAT
Index(es):
- Date
- Thread