On Sun, Jan 06, 2008 at 08:09:43PM +0100, Good Good wrote: > Hello, > > My ISP (free.fr) now proposes to me a native connectivity in IPV6. > I wish to implement this functionality on my network, that here: > > > Switch Firewall ISP Box ISP Network/Internet > __ ___ ___ > |PC1|-------| | vr0 | | vr1 | | > | x|-----------| |------------| |----------O > |PC2|-------|__| |___| |___| > > > Here some information : > - the ISP box is running as a bridge ; > - the firewall is running Openbsd 4.1 GENERIC#1435 i386 (upgrade to 4.2 not > yet done) ; > - workstations are running Win XP ; > - pf rules are quite simple (just filtering and NAT for IPV4) ; > - my ISP provided to me an IPV6 address of the type 2a01:5d8:X:X::/64 > > The problem : > The /64 provided by my ISP is made to fuel only one ethernet segment and no > more. > So, it is not possible to route a part of the /64 to another ethernet > segment (the private segment). > > One solution : > The firewall NAT IPV4 traffic and bridge IPV6 traffic, that here: >
Solution two: binat the /64 from vr0 to vr1 with pf, it should be able to do that -- even though I never tried it. Just because it is IPv6 does not make NAT impossible. Just grab some of the unique local addresses (fc00::/7 - see RFC 4193) and do the same game as everybody does with IPv4. -- :wq Claudio
