Configuring FAITH IPv6-to-IPv4 TCP relay
Kazu Yamamoto and Jun-ichiro itojun Hagino
-$OpenBSD: README,v 1.12 2008/06/04 18:11:35 miod Exp $
+$OpenBSD: README,v 1.13 2008/07/19 10:35:31 reyk Exp $
$KAME: README,v 1.9 2002/05/09 14:10:06 itojun Exp $
clients IPv6 node "src" |
You will have to allocate an IPv6 address prefix to map IPv4 addresses into.
-The following description uses 3ffe:0501:ffff:0000:: as example.
+The following description uses 2001:db8:ffff:0000:: as example.
Please use a prefix which belongs to your site.
FAITH will make it possible to make a IPv6 TCP connection From IPv6 node
"src", toward IPv4 node "dest", by specifying FAITH-mapped address
-3ffe:0501:ffff:0000::123.4.5.6
-(which is, 3ffe:0501:ffff:0000:0000:0000:7b04:0506).
+2001:db8:ffff:0000::123.4.5.6
+(which is, 2001:db8:ffff:0000:0000:0000:7b04:0506).
The address mapping can be performed by hand:-), by special nameserver on
the network, or by special resolver on the source node.
=====
The following example assumes:
-- You have assigned 3ffe:0501:ffff:0000:: as FAITH address prefix.
+- You have assigned 2001:db8:ffff:0000:: as FAITH address prefix.
- You are willing to provide IPv6-to IPv4 TCP relay for telnet.
<<On the translating router on which faithd runs>>
(3) Route packets toward FAITH prefix into "faith0" interface.
# ifconfig faith0 up
- # route add -inet6 3ffe:0501:ffff:0000:: -prefixlen 64 ::1
- # route change -inet6 3ffe:0501:ffff:0000:: -prefixlen 64 -ifp faith0
+ # route add -inet6 2001:db8:ffff:0000:: -prefixlen 64 ::1
+ # route change -inet6 2001:db8:ffff:0000:: -prefixlen 64 -ifp faith0
(4) Execute "faithd" by root as follows:
(5.b) Add an entry into /etc/hosts so that you can resolve hostname into
faked IPv6 address. For example, add the following line for www.netbsd.org:
- 3ffe:0501:ffff:0000::140.160.140.252 www.netbsd.org
+ 2001:db8:ffff:0000::140.160.140.252 www.netbsd.org
<<On the translating router on which faithd runs.>>
If you would like to restrict IPv4 destination for translation, you may
want to do the following:
- # route add -inet6 3ffe:0501:ffff:0000::123.0.0.0 -prefixlen 104 ::1
- # route change -inet6 3ffe:0501:ffff:0000::123.0.0.0 -prefixlen 104 \
+ # route add -inet6 2001:db8:ffff:0000::123.0.0.0 -prefixlen 104 ::1
+ # route change -inet6 2001:db8:ffff:0000::123.0.0.0 -prefixlen 104 \
-ifp faith0
By this way, you can restrict IPv4 destination to 123.0.0.0/8.
-You may also want to reject packets toward 3ffe:0501:ffff:0000::/64 which
-is not in 3ffe:0501:ffff:0000::123.0.0.0/104. This will be left as excerside
+You may also want to reject packets toward 2001:db8:ffff:0000::/64 which
+is not in 2001:db8:ffff:0000::123.0.0.0/104. This will be left as excerside
for the reader.
By doing this, you will be able to provide your IPv4 web server to outside
-.\" $OpenBSD: faithd.8,v 1.33 2008/05/17 23:31:52 sobrado Exp $
+.\" $OpenBSD: faithd.8,v 1.34 2008/07/19 10:35:31 reyk Exp $
.\" $KAME: faithd.8,v 1.36 2002/05/09 13:59:16 itojun Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd $Mdocdate: May 17 2008 $
+.Dd $Mdocdate: July 19 2008 $
.Dt FAITHD 8
.Os
.Sh NAME
.Tn IPv6
destination.
For example, if
-.Li 3ffe:0501:4819:ffff::
+.Li 2001:db8:4819:ffff::
is reserved for
.Nm faithd ,
and the
.Tn TCPv6
destination address is
-.Li 3ffe:0501:4819:ffff::0a01:0101 ,
+.Li 2001:db8:4819:ffff::0a01:0101 ,
the traffic is relayed to IPv4 destination
.Li 10.1.1.1 .
.Pp
# sysctl net.inet6.ip6.forwarding=1
# sysctl net.inet6.ip6.keepfaith=1
# ifconfig faith0 up
-# route add -inet6 3ffe:501:4819:ffff:: -prefixlen 96 ::1
-# route change -inet6 3ffe:501:4819:ffff:: -prefixlen 96 -ifp faith0
+# route add -inet6 2001:db8:4819:ffff:: -prefixlen 96 ::1
+# route change -inet6 2001:db8:4819:ffff:: -prefixlen 96 -ifp faith0
.Ed
.\".Ss Daemon mode samples
.Pp
.Pa faithd.conf
setting.
.Bd -literal -offset indent
-# Permit anyone from 3ffe:501:ffff::/48 to use the translator,
+# Permit anyone from 2001:db8:ffff::/48 to use the translator,
# to connect to the following IPv4 destinations:
# - any location except 10.0.0.0/8 and 127.0.0.0/8.
# Permit no other connections.
#
-3ffe:501:ffff::/48 deny 10.0.0.0/8
-3ffe:501:ffff::/48 deny 127.0.0.0/8
-3ffe:501:ffff::/48 permit 0.0.0.0/0
+2001:db8:ffff::/48 deny 10.0.0.0/8
+2001:db8:ffff::/48 deny 127.0.0.0/8
+2001:db8:ffff::/48 permit 0.0.0.0/0
.Ed
.Sh SEE ALSO
.Xr faith 4 ,
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $OpenBSD: ppp.8.m4,v 1.40 2008/05/21 20:10:54 jmc Exp $
+.\" $OpenBSD: ppp.8.m4,v 1.41 2008/07/19 10:35:31 reyk Exp $
.\"
-.Dd $Mdocdate: May 21 2008 $
+.Dd $Mdocdate: July 19 2008 $
.Dt PPP 8
.Os
.Sh NAME
.Ar gw .
.Pp
For example, a returned value of
-.Dq 3ffe:505:abcd::/48 ::
-would result in a routing table entry to the 3ffe:505:abcd::/48 network via
+.Dq 2001:db8:abcd::/48 ::
+would result in a routing table entry to the 2001:db8:abcd::/48 network via
.Dv HISADDR6
and a returned value of
.Dq :: ::
-# $OpenBSD: rtadvd.conf,v 1.5 2003/06/25 03:46:15 itojun Exp $
+# $OpenBSD: rtadvd.conf,v 1.6 2008/07/19 10:35:31 reyk Exp $
# $KAME: rtadvd.conf,v 1.12 2001/01/21 14:56:38 itojun Exp $
#
# Note: All of the following parameters have default values defined
# this part by hand, and then invoke rtadvd with the -s option.
#ef0:\
-# :addr="3ffe:501:ffff:1000::":prefixlen#64:
+# :addr="2001:db8:ffff:1000::":prefixlen#64:
-.\" $OpenBSD: rtadvd.conf.5,v 1.22 2007/05/31 19:20:29 jmc Exp $
+.\" $OpenBSD: rtadvd.conf.5,v 1.23 2008/07/19 10:35:31 reyk Exp $
.\" $KAME: rtadvd.conf.5,v 1.46 2003/06/17 08:26:35 itojun Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd $Mdocdate: May 31 2007 $
+.Dd $Mdocdate: July 19 2008 $
.Dt RTADVD.CONF 5
.Os
.Sh NAME
.Xr rtadvd 8 .
.Bd -literal -offset
ef0:\\
- :addr="3ffe:501:ffff:1000::":prefixlen#64:
+ :addr="2001:db8:ffff:1000::":prefixlen#64:
.Ed
.Pp
The following example presents the default values in an explicit manner.
:chlim#64:raflags#0:rltime#1800:rtime#0:retrans#0:\\
:pinfoflags="la":vltime#2592000:pltime#604800:mtu#0:
ef0:\\
- :addr="3ffe:501:ffff:1000::":prefixlen#64:tc=default:
+ :addr="2001:db8:ffff:1000::":prefixlen#64:tc=default:
.Ed
.Sh SEE ALSO
.Xr termcap 5 ,
projects / openbsd / commitdiff