From 8c3e9d4d285727012a445f33abf4f9a89171f07a Mon Sep 17 00:00:00 2001 From: sven-ola Date: Sat, 16 Oct 2010 09:19:50 +0000 Subject: doc git-svn-id: https://map66.svn.sourceforge.net/svnroot/map66@48 3484d885-4da6-438d-b19d-107d078dd756 --- README.txt | 49 +++++++++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 20 deletions(-) (limited to 'README.txt') diff --git a/README.txt b/README.txt index e5f134d..6ce23f1 100644 --- a/README.txt +++ b/README.txt @@ -4,7 +4,7 @@ Sven-Ola Tuecke Freifunk -13-OCT-2010 +16-OCT-2010 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ @@ -20,7 +20,7 @@ Configuration IPv6/IPv4 Precedence Change gai.conf - Use 6to4 Internal Address + Use Changed Internal Address Motivation @@ -38,8 +38,8 @@ http://tools.ietf.org/html/draft-mrw-behave-nat66-02 Warning -Using MAP66 rules together with connection tracking rules sich as --ctstate is -currently untested and may not work or may cause oopses. +Using MAP66 rules together with connection tracking rules such as --ctstate is +currently untested and may not work or may cause dysfunctions. Installation @@ -207,7 +207,7 @@ In short: the getaddrinfo() library function rates a private IPv4 address higher than the ULA IPv6 address when choosing the transport protocol for a new Internet connection if this add on to the RFC 3484 rules is compiled in. For this reason, you may want to change the precedence rules within /etc/gai.conf -(see Change gai.conf) or use another prefix (see Use 6to4 Internal Address). +(see Change gai.conf) or use another prefix (see Use Changed Internal Address). Change gai.conf @@ -235,24 +235,33 @@ The above procedure removes the difference between standard IPv6 source addresses and ULA type private IPv6 source addresses. Anything else is unchanged. -Use 6to4 Internal Address +Use Changed Internal Address -As an alternative solution, you may use 6to4 addresses in your LAN. While the -well known IPv4 adresses 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 still -exist, it is unlikely that their 6to4 counterparts 2002:0a00::/24, 2002:ac10::/ -28, and 2002:c0a8::/32 will be routed on the Internet. Because 6to4 adresses -are part of the official 2002::/3 address prefix for the Internet, no -difference between these addresses and other Internet addresses are made by -getaddrinfo(). +As an alternative solution, you may use an arbitrary address prefix in your LAN +that is not mentioned in the gai.conf file nor compiled in. This will work but +introduces a double mapping: one map (Inet-ULA) on the Internet gateway router +and a second map (ULA-Intern) on the internal router. -If you already deployed ULA adresses in your network, you may be interested in -a solution that runs on my Freifunk router. The router uses the IPv4 -192.168.65.65/26 on it's LAN interface. WIthin the OLSR-based mesh network, any -interface uses an fdca:ffee:babe::/64 prefix. The following internal mapping is -configured for this: +Note + +While the well known IPv4 addresses 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/ +16 still exist, it is unlikely that their 6to4 counterparts 2002:0a00::/24, +2002:ac10::/28, and 2002:c0a8::/32 will be routed on the Internet. Sadly, the +(EKU)buntu defaults penalize 6to4 addresses also. + +If you already deployed ULA addresses in your network, you may be interested in +a solution that runs on my Freifunk router. The router uses the IPv6 prefix +that is reserved for documentation purposes on it's LAN interface. WIthin the +OLSR-based mesh network, any interface uses an fdca:ffee:babe::/64 prefix. The +following internal mapping is configured for this: + +ip6tables -t mangle -I PREROUTING -i br0 -s 2001:0DB8::/64 -j MAP66 --src-to fdca:ffee:babe::/64 --csum +ip6tables -t mangle -I POSTROUTING -o br0 -d fdca:ffee:babe::/64 -j MAP66 --dst-to 2001:0DB8::/64 --csum -ip6tables -t mangle -I PREROUTING -i br0 -s 2002:c0a8:4141::/64 -j MAP66 --src-to fdca:ffee:babe::/64 --csum -ip6tables -t mangle -I POSTROUTING -o br0 -d fdca:ffee:babe::/64 -j MAP66 --dst-to 2002:c0a8:4141::/64 --csum +To prevent the mapped packets to vanish via the default route and to overcome +mac address lookups during the routing process, I also added these prefixes to +the router's /etc/radvd.conf as well as (host) routes pointing to the “br0” +interface for both prefixes. Motivation -- cgit v1.2.3