On Friday 19 October 2007, Marc G. Fournier wrote: > Could I hide an IPv6 network behind NAT? I don't know if that is even > possible ... the IPv6 IPs would be private (equiv to 192.168.x.x) ... > basically, none of the hosts behind NAT need a public IP, *but* I may > end up with more then 256 hosts, so was wondering if using IPv6 behind > the NAT would be 'simplier' ... > > If possible, pointers to docs to read would be appreciated ...
Possible - yes. Practical - no. There are a couple of techniques
available that can provide the functionality you are looking for. All of
them solve a subsection of the problem, but there is no - to my
knowledge - complete sollution.
The three main technologies are:
1) TRT (implemented through faith(4) / faithd(8))
2) Header translation (I don't know if we have this implemented anywhere)
3) (Transparent) application proxies
- there are patches for squid - IIRC
For 1 and 3 you have to run a AAAA to A translating DNS server. 2 is the
most "transparent" one, but I don't know if there is an implementation
available.
All in all, it's a PITA. Much, much worse than NAT. For the moment - if
you want your clients to do more than just surf webpages - you want NAT.
If it's only about surfing WWW you could try a (transparent) web proxy on
your dual stack router, but don't expect to find a lot of documentation!
--
/"\ Best regards, | [EMAIL PROTECTED]
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
signature.asc
Description: This is a digitally signed message part.
