On Sat, Jan 19, 2008 at 09:48:10PM +0100, Rodolphe De Saint Leger wrote:
> Hi,
>
> I've worked on a path for the stf interface to add more security and
> nat traversal fonctionnality.
Now does NAT traversal provide more security? But anyway, for the
record: a tunneling method for (single) machines behind NAT is
Teredo. An implementation available to NetBSD would be net/miredo
in pkgsrc.
>
> the new security features should have no visible impact, to activate
> nat traversal, configure your future 6to4 router as the dmz of your
> ipv4 network, and put the bit 49 of your prefix to 1.
Hm, magic bits? Why not use an interface flag?
> for example:
> ifconfig stf0 inet6 2002:5243:e682:c000::1 prefixlen 16
>
> it will activate this 6to4 prefix with nat traversal. To emit a
> packet, stf will search for the route to 82.67.230.130 and it will
> take the outgoing local address as the ipv4 6to4 source.
So you still need to know the external v4 address before configuration?
Regars
-is