diff options
author | Matthias Schiffer <mschiffer@universe-factory.net> | 2011-11-10 23:57:01 +0100 |
---|---|---|
committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2011-11-10 23:57:01 +0100 |
commit | 922a4577b10b489782917bc743c9c721dce92181 (patch) | |
tree | e24b2bba065c6131da71c34ed650baaa45839373 /README.dbk | |
parent | 0d03a6f3467d93f1ae7b04e3fed6fc11a1a9f9e4 (diff) | |
download | NPTv6-922a4577b10b489782917bc743c9c721dce92181.tar NPTv6-922a4577b10b489782917bc743c9c721dce92181.zip |
Update documentation
Diffstat (limited to 'README.dbk')
-rw-r--r-- | README.dbk | 38 |
1 files changed, 20 insertions, 18 deletions
@@ -114,13 +114,31 @@ sudo dkms install -m ip6t_NPTV6 -v &VERSION;</programlisting> commands correspond to the <quote>Address Mapping Example</quote> given in the IETF discussion paper:</para> - <programlisting>ip6tables -t mangle -I POSTROUTING -o eth0 -s FD01:0203:0405::/48 -j SNPTV6 --to-source 2001:0DB8:0001::/48 -ip6tables -t mangle -I PREROUTING -i eth0 -d 2001:0DB8:0001::/48 -j DNPTV6 --to-destination FD01:0203:0405::/48</programlisting> + <programlisting>ip6tables -t mangle -A PREROUTING -i eth0 -d 2001:0DB8:0001::/48 -j DNPTV6 --to-destination FD01:0203:0405::/48 +ip6tables -t mangle -A POSTROUTING -o eth0 -s FD01:0203:0405::/48 -j SNPTV6 --to-source 2001:0DB8:0001::/48</programlisting> <para>This example is also printed to the screen if you issue <userinput>ip6tables -j SNPTV6 --help</userinput>. By design, you cannot use prefix lengths longer than 64.</para> </section> + + <section id="config-nat-behaviour"> + <title id="config-nat-behaviour-title">NAT Behavioral Requirements</title> + + <para>RFC 6296 states that NPTv6 translators must support hairpinning behaviour. + This means that when an NPTv6 Translator receives a datagram on the + internal interface that has a destination address that matches the + site's external prefix, it will translate the datagram and forward it + internally. While it is possible that the translator works correctly + without this depending on the network configuration, it is desiarable + to have hairpinning behaviour. The following iptables rules will enable + this:</para> + + <programlisting>ip6tables -t mangle -A PREROUTING -d 2001:0DB8:0001::/48 -j MARK --set-mark 42 +ip6tables -t mangle -A PREROUTING -d 2001:0DB8:0001::/48 -j DNPTV6 --to-destination FD01:0203:0405::/48 +ip6tables -t mangle -A POSTROUTING -m mark --mark 42 -s FD01:0203:0405::/48 -j SNPTV6 --to-source 2001:0DB8:0001::/48 +ip6tables -t mangle -A POSTROUTING -o eth0 -s FD01:0203:0405::/48 -j SNPTV6 --to-source 2001:0DB8:0001::/48</programlisting> + </section> </section> <section id="precedence"> @@ -205,22 +223,6 @@ ip6tables -t mangle -I PREROUTING -i eth0 -d 2001:0DB8:0001::/48 -j DNPTV6 --to be routed on the Internet. Sadly, the (EKU)buntu defaults penalize 6to4 addresses also.</para> </note> - - <para>If you already deployed ULA addresses in your network, you may be - interested in a solution that runs on my Freifunk router. The router - uses the IPv6 prefix that is reserved for documentation purposes on it's - LAN interface. Within the OLSR-based mesh network, any interface uses an - fdca:ffee:babe::/64 prefix. The following internal mapping is configured - for this:</para> - - <programlisting>ip6tables -t mangle -I PREROUTING -i br0 -s 2001:0DB8::/64 -j MAP66 --src-to fdca:ffee:babe::/64 --csum -ip6tables -t mangle -I POSTROUTING -o br0 -d fdca:ffee:babe::/64 -j MAP66 --dst-to 2001:0DB8::/64 --csum</programlisting> - - <para>To prevent the mapped packets to vanish via the default route and - to overcome mac address lookups during the routing process, I also added - these prefixes to the router's <filename>/etc/radvd.conf</filename> as - well as (host) routes pointing to the <quote>br0</quote> interface for - both prefixes.</para> </section> </section> |