diff options
Diffstat (limited to 'README.dbk')
-rw-r--r-- | README.dbk | 55 |
1 files changed, 34 insertions, 21 deletions
@@ -19,7 +19,7 @@ </affiliation> </author> - <pubdate>13-OCT-2010</pubdate> + <pubdate>16-OCT-2010</pubdate> </articleinfo> <para>These files implement a Linux netfilter target that changes the IPv6 @@ -36,9 +36,9 @@ url="http://tools.ietf.org/html/draft-mrw-behave-nat66-02">http://tools.ietf.org/html/draft-mrw-behave-nat66-02</ulink></para> <warning> - <para>Using MAP66 rules together with connection tracking rules sich as + <para>Using MAP66 rules together with connection tracking rules such as <userinput>--ctstate</userinput> is currently untested and may not work or - may cause oopses.</para> + may cause dysfunctions.</para> </warning> <section id="install"> @@ -242,8 +242,8 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp- rules is compiled in. For this reason, you may want to change the precedence rules within <filename>/etc/gai.conf</filename> (see <xref endterm="precedence-gai-title" linkend="precedence-gai" />) or use another - prefix (see <xref endterm="precedence-6to4-title" - linkend="precedence-6to4" />).</para> + prefix (see <xref endterm="precedence-addrs-title" + linkend="precedence-addrs" />).</para> <section id="precedence-gai"> <title id="precedence-gai-title">Change gai.conf</title> @@ -291,25 +291,38 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp- else is unchanged.</para> </section> - <section id="precedence-6to4"> - <title id="precedence-6to4-title">Use 6to4 Internal Address</title> + <section id="precedence-addrs"> + <title id="precedence-addrs-title">Use Changed Internal Address</title> - <para>As an alternative solution, you may use 6to4 addresses in your - LAN. While the well known IPv4 adresses 10.0.0.0/8, 172.16.0.0/12, and - 192.168.0.0/16 still exist, it is unlikely that their 6to4 counterparts - 2002:0a00::/24, 2002:ac10::/28, and 2002:c0a8::/32 will be routed on the - Internet. Because 6to4 adresses are part of the official 2002::/3 - address prefix for the Internet, no difference between these addresses - and other Internet addresses are made by getaddrinfo().</para> + <para>As an alternative solution, you may use an arbitrary address + prefix in your LAN that is not mentioned in the + <filename>gai.conf</filename> file nor compiled in. This will work but + introduces a double mapping: one map (Inet-ULA) on the Internet gateway + router and a second map (ULA-Intern) on the internal router. </para> - <para>If you already deployed ULA adresses in your network, you may be - interested in a solution that runs on my Freifunk router. The router - uses the IPv4 192.168.65.65/26 on it's LAN interface. WIthin the - OLSR-based mesh network, any interface uses an fdca:ffee:babe::/64 - prefix. The following internal mapping is configured for this: </para> + <note> + <para>While the well known IPv4 addresses 10.0.0.0/8, 172.16.0.0/12, + and 192.168.0.0/16 still exist, it is unlikely that their 6to4 + counterparts 2002:0a00::/24, 2002:ac10::/28, and 2002:c0a8::/32 will + be routed on the Internet. Sadly, the (EKU)buntu defaults penalize + 6to4 addresses also.</para> + </note> - <programlisting>ip6tables -t mangle -I PREROUTING -i br0 -s 2002:c0a8:4141::/64 -j MAP66 --src-to fdca:ffee:babe::/64 --csum -ip6tables -t mangle -I POSTROUTING -o br0 -d fdca:ffee:babe::/64 -j MAP66 --dst-to 2002:c0a8:4141::/64 --csum</programlisting> + <para>If you already deployed ULA addresses in your network, you may be + interested in a solution that runs on my Freifunk router. The router + uses the IPv6 prefix that is reserved for documentation purposes on it's + LAN interface. WIthin the OLSR-based mesh network, any interface uses an + fdca:ffee:babe::/64 prefix. The following internal mapping is configured + for this:</para> + + <programlisting>ip6tables -t mangle -I PREROUTING -i br0 -s 2001:0DB8::/64 -j MAP66 --src-to fdca:ffee:babe::/64 --csum +ip6tables -t mangle -I POSTROUTING -o br0 -d fdca:ffee:babe::/64 -j MAP66 --dst-to 2001:0DB8::/64 --csum</programlisting> + + <para>To prevent the mapped packets to vanish via the default route and + to overcome mac address lookups during the routing process, I also added + these prefixes to the router's <filename>/etc/radvd.conf</filename> as + well as (host) routes pointing to the <quote>br0</quote> interface for + both prefixes.</para> </section> </section> |