From 8c3e9d4d285727012a445f33abf4f9a89171f07a Mon Sep 17 00:00:00 2001 From: sven-ola Date: Sat, 16 Oct 2010 09:19:50 +0000 Subject: doc git-svn-id: https://map66.svn.sourceforge.net/svnroot/map66@48 3484d885-4da6-438d-b19d-107d078dd756 --- README.dbk | 55 ++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 21 deletions(-) (limited to 'README.dbk') diff --git a/README.dbk b/README.dbk index de4a3c4..8f1434b 100644 --- a/README.dbk +++ b/README.dbk @@ -19,7 +19,7 @@ - 13-OCT-2010 + 16-OCT-2010 These files implement a Linux netfilter target that changes the IPv6 @@ -36,9 +36,9 @@ url="http://tools.ietf.org/html/draft-mrw-behave-nat66-02">http://tools.ietf.org/html/draft-mrw-behave-nat66-02 - Using MAP66 rules together with connection tracking rules sich as + Using MAP66 rules together with connection tracking rules such as --ctstate is currently untested and may not work or - may cause oopses. + may cause dysfunctions.
@@ -242,8 +242,8 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp- rules is compiled in. For this reason, you may want to change the precedence rules within /etc/gai.conf (see ) or use another - prefix (see ). + prefix (see ).
Change gai.conf @@ -291,25 +291,38 @@ ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp- else is unchanged.
-
- Use 6to4 Internal Address +
+ Use Changed Internal Address - As an alternative solution, you may use 6to4 addresses in your - LAN. While the well known IPv4 adresses 10.0.0.0/8, 172.16.0.0/12, and - 192.168.0.0/16 still exist, it is unlikely that their 6to4 counterparts - 2002:0a00::/24, 2002:ac10::/28, and 2002:c0a8::/32 will be routed on the - Internet. Because 6to4 adresses are part of the official 2002::/3 - address prefix for the Internet, no difference between these addresses - and other Internet addresses are made by getaddrinfo(). + As an alternative solution, you may use an arbitrary address + prefix in your LAN that is not mentioned in the + gai.conf file nor compiled in. This will work but + introduces a double mapping: one map (Inet-ULA) on the Internet gateway + router and a second map (ULA-Intern) on the internal router. - If you already deployed ULA adresses in your network, you may be - interested in a solution that runs on my Freifunk router. The router - uses the IPv4 192.168.65.65/26 on it's LAN interface. WIthin the - OLSR-based mesh network, any interface uses an fdca:ffee:babe::/64 - prefix. The following internal mapping is configured for this: + + While the well known IPv4 addresses 10.0.0.0/8, 172.16.0.0/12, + and 192.168.0.0/16 still exist, it is unlikely that their 6to4 + counterparts 2002:0a00::/24, 2002:ac10::/28, and 2002:c0a8::/32 will + be routed on the Internet. Sadly, the (EKU)buntu defaults penalize + 6to4 addresses also. + - ip6tables -t mangle -I PREROUTING -i br0 -s 2002:c0a8:4141::/64 -j MAP66 --src-to fdca:ffee:babe::/64 --csum -ip6tables -t mangle -I POSTROUTING -o br0 -d fdca:ffee:babe::/64 -j MAP66 --dst-to 2002:c0a8:4141::/64 --csum + If you already deployed ULA addresses in your network, you may be + interested in a solution that runs on my Freifunk router. The router + uses the IPv6 prefix that is reserved for documentation purposes on it's + LAN interface. WIthin the OLSR-based mesh network, any interface uses an + fdca:ffee:babe::/64 prefix. The following internal mapping is configured + for this: + + ip6tables -t mangle -I PREROUTING -i br0 -s 2001:0DB8::/64 -j MAP66 --src-to fdca:ffee:babe::/64 --csum +ip6tables -t mangle -I POSTROUTING -o br0 -d fdca:ffee:babe::/64 -j MAP66 --dst-to 2001:0DB8::/64 --csum + + To prevent the mapped packets to vanish via the default route and + to overcome mac address lookups during the routing process, I also added + these prefixes to the router's /etc/radvd.conf as + well as (host) routes pointing to the br0 interface for + both prefixes.
-- cgit v1.2.3