Posted on 2008-05-13 23:00:00
Tags: IPv6, FreeBSD, Networking
Victory! Tonight I managed to get the nat6to4 daemon working. Remember what went wrong yesterday:
IPv6 packet does not go from the nat6to4 daemon into divert. What?!?!?Yes, that would have worked in one go if I actually had pushed the data in the right IPv6 socket instead of in the wrong IPv4 socket. It happens, specially when you are copying whole functions around.
As a demo:
That is pretty uninteresting for the naked eye, but the thing is that the Allegro-Software-RomPager doesn't support IPv6, it's mapped via the nat6to4 gateway.[~] edwin@freefall>telnet 2001:5c0:8fff:ffff::c3 80 Trying 2001:5c0:8fff:ffff::c3... Connected to 2001:5c0:8fff:ffff::c3. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 200 OK Content-Type: text/xml; charset="utf-8" Date: Tue, 13 May 2008 14:10:23 GMT Expires: Thu, 26 Oct 1995 00:00:00 GMT Last-Modified: Tue, 13 May 2008 14:10:23 GMT Pragma: no-cache Content-Length: 32 Server: Allegro-Software-RomPager/4.34 Connection closed by foreign host.
So, my nat6to4 daemon works for mapping the TCP or UDP payload of basic IPv6 packets (single header, nothing fancy) onto IPv4 packets: Now I can make all basic services on my jails (webservers, LDAP servers, DNS servers, POP and IMAP servers) available via IPv6.
Now I have to put netinet6/ip6_divert.c into a shape so that it gets accepted by the FreeBSD project, right now there are too many things commented out because I didn't know what they are for. Yes, I feel like an apprentice magician left alone with a hand full of scrolls and asked to find out if they are interesting.
Patches for FreeBSD 6.3 are available from
http://people.freebsd.org/~edwin/freebsd63-ip6divert-20080513.patch.
The nat6to4d is available from
http://people.freebsd.org/~edwin/nat6to4d-20080513.c.
And the ipfw rules:
| Share on Facebook | Share on Twitter01005 606 245695 divert 8664 ip from any to 192.168.253.2 01006 452 33304 allow ipv6-icmp from any to me6 via tun1 01006 517 51742 divert 8666 ip6 from any to me6 via tun1 65535 79349 20349420 allow ip from any to any
| From: | Bob Van Zant |
| URL: | [email protected] |
| Posted on: | 2009-05-20 13:24:24 |
| Comment | Did you end up taking your ipdivert patch any further? Or is it still in this rough cut stage?
|
| Reply | - |
| From: | [email protected] |
| URL: | |
| Posted on: | 2010-07-26 04:15:45 |
| Comment | Has this been imported into any branch of FreeBSD yet? |
| Reply | - |