NAT IPV4 and bridge only IPV6

Sun, 06 Jan 2008 12:56:01 -0800 

Hello,

My ISP (free.fr) now proposes to me a native connectivity in IPV6.
I wish to implement this functionality on my network, that here:


            Switch        Firewall        ISP Box    ISP Network/Internet
               __             ___             ___
|PC1|-------|   |      vr0 |      | vr1       |     |
               | x|-----------|      |------------|     |----------O
|PC2|-------|__|           |___|            |___|


Here some information :
- the ISP box is running as a bridge ;
- the firewall is running Openbsd 4.1 GENERIC#1435 i386 (upgrade to 4.2 not
yet done) ;
- workstations are running Win XP ;
- pf rules are quite simple (just filtering and NAT for IPV4) ;
- my ISP provided to me an IPV6 address of the type 2a01:5d8:X:X::/64

The problem :
The /64 provided by my ISP is made to fuel only one ethernet segment and no
more.
So, it is not possible to route a part of the /64 to another ethernet
segment (the private segment).

One solution :
The firewall NAT IPV4 traffic and bridge IPV6 traffic, that here:

            Switch        Firewall        ISP Box    ISP Network/Internet
               __             ___             ___
|PC1|-------|   |      vr0 |     | vr1       |     |
               | x|-----------|     |------------|     |----------O
|PC2|-------|__|        |  |___|  |         |___|
                            |   |       |
                            |bridge0 |
                            |  _|_     |
                            | |    |     |
                            |_|   |_ _|
                              |__|
                       IPV6 bridge only

Some clues :
I found some clues on the following web site where my need is summarized.
An English translation ->
http://64.233.179.104/translate_c?hl=fr&ie=UTF-8&oe=UTF-8&langpair=fr%7Cen&u=http://www.ip6.fr/free-broute/&prev=/language_tools
The original French link ->
http://ip6.fr/free-broute/

Second problem :
The author of the previously quoted web site is running under Linux.
Here used commands :
brctl addbr br0
ifconfig br0 up
brctl addif br0 eth0
brctl addif br0 eth1
ebtables -t broute -A BROUTING -p ! ipv6 -j DROP

The magic command is "ebtables -t broute -A BROUTING -p ! ipv6 -j DROP".

Questions :
1) Did you understand my problems ? :)
2) Is it the right solution to bridge only IPV6 traffic (I hope for it) ?
3) The most important question, how to do this type of bridging under
Openbsd (without ebtables) ?

According to the man page, "brconfig" can only perform layer 2 filtering.


Thank you for any help

Julien

Reply via email to