Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Accessing the 6BONE with OS X 10.2' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Accessing the 6BONE with OS X 10.2
Authored by: jgraessley on Mar 18, '03 02:32:53PM

This does not work with NAT. NATs are inherinetly evil devices, this is yet another thing that will not work with NATs.

NATs give you a private address. 6to4 works by turning your IPv4 address in to an IPv6 address by embedding your IPv4 address in the IPv6 address. In doing so, any other device that knows about IPv4 can look at the IPv6 address, see that it's a 6to4 address, and know which IPv4 address to tunnel the packet to. Since your evil NAT gave you a private address, remote devices would have no way to send you a reply, the embedded address is private. Of course, it would never get that far because your NAT wouldn't let the traffic out. NATs only know about TCP, UDP, and ICMP for the most part. 6to4 uses IPv6 over IPv4. Your NAT has no idea what to make of those packets, so it silently drops them on the floor.

The real solution is for the vendors shipping evil NATs (There is no such thing as a NAT that is not evil), to place a 6to4 gateway in their NAT boxes. When you make an IPv6 address from your IPv4 address with 6to4, you actually create a few million addresses, but most of the time, you only use one. A NAT box could be upgraded to support 6to4. It could then distribute IPv6 addresses based on the 6to4 prefix to hosts behind the NAT in addition to using DHCP to give those hosts fake IPv4 addresses. The really cool part of this is that your IPv6 address is globally accessible. Even though there's a NAT standing in your way, you can act like a first class internet citizen.



[ Reply to This | # ]
Accessing the 6BONE through NAT
Authored by: john_e on Mar 19, '03 04:51:41AM

In my opinion, there ARE such things as non-evil NATs. I run a NAT for example, and it works great. I run a webserver and mailserver, and I only have one static IP. I just let my old Cube run the Network Address Translation Daemon (natd), and also automatically forward most ports to my PowerBook G4s internal IP. This means I can host a game of Ghost Recon on my PB G4 with the internal address (in the 192.168 space) and people from outside can join.

I don't know much about IPv6, but as far as I can tell 6to4 seems to be more like a protocol which uses a standard port (41?) to send packets encoded in a special way (like AppleTalk over TCP/IP). When a 6bone router receives this packet, it decodes it and sends it out on the 6bone.
Since you made the connection through your NAT, the NAT knows that it should return packets on the OPEN port (whatever, say 31000) to your computer with the internal address.

So, correct me if I'm wrong but a NAT shouldn't be that big of a problem really. Better with REAL IPs, sure, but since they're in short supply (until 6 has replaced 4) a NAT can sometimes be a solution.



[ Reply to This | # ]