Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: ipv6ip/GRE passthrough  (Read 8281 times)

ebola

  • readonly_member
  • Newbie
  • *
  • Posts: 3
ipv6ip/GRE passthrough
« on: March 30, 2008, 06:36:25 PM »

   I have a cisco cable-modem that runs nat on it.  There isn't an image that supports ipv6ip tunnels (and isn't likely to be).  I'd like to pass the tunnel through to another cisco on ethernet0.  I can't for the life of me sort out how to pass this protocol 41 traffic through to 192.168.0.29(behind nat/pat).   Anyone done this before?

Here's the basic setup:
!
interface Loopback0
  ip address $dhcpassigned 255.255.255.0
!
interface cable-modem0
  ip address 10.$dhcpassigned 255.255.0.0
  ip nat outside
!
interface ethernet0
  ip address 192.168.0.0 255.255.255.0
  ip nat inside
!
cab0 has a 10-dot addr for cable-modem management.
loop0 has the real public IP address, used for nat/pat.
Logged

amph

  • Guest
Re: ipv6ip/GRE passthrough
« Reply #1 on: March 31, 2008, 11:53:42 PM »

This may not be what you want to hear but there is no use in having an extra router just to enable ipv6. What i do with my DSL modem/router is say hell with the routing, it's only got like 16 megabytes of ram anyways which is only like 4K NAT entries, i put the dsl CPE hardware in 'bridge' mode so all it's doing is translating dsl format to ethernet format which really takes no ram since it's pipelined in the processor, this way it doesn't bottleneck me at all. Then my router runs NetBSD with 256 megabytes of physical ram + swap and can handle over 200K NAT entries.

In other words, if the second router you have is capable of handling all your network, i'd just put the first device in bridge mode and have it do all the work.
Logged

ebola

  • readonly_member
  • Newbie
  • *
  • Posts: 3
Re: ipv6ip/GRE passthrough
« Reply #2 on: April 06, 2008, 01:58:43 PM »

    I think you're right... need to use cable-modem as bridge only.  Unfortunately it's doing several other jobs as well that aren't easily moved (IPsec/HIFN hardware, SIP proxy for two built-in POTS ports, etc).  Perhaps it's just time to buck up and get'er'done.
Logged