• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Beginner Help - Tunnel behind NAT

Started by starcastle, April 16, 2008, 07:26:13 AM

Previous topic - Next topic

starcastle

I am VERY new at this.

I am currently using an IPv6 service that uses a client to setup the tunnel to a server behind a NAT.

Can this be accomplished as well.  I am not knowledgable enough to figure it out.

I am using Linux (SUSe).

Thanks for any help!

Peter Woodall

broquea

#1
Well assuming the NAT passes protocol 41 (ipv6), our examples should work. We do have a note on some of our configs that reads:

*NOTE* When behind a firewall appliance that passes protocol41, instead of using the IPv4 endpoint you provided to our broker, use the IPv4 address you get from your appliance's DHCP service.

[Edit] - Sorry, you were using Suse, I skipped that. You should use either the "Linux-net-tools" or "Linux-route2" examples. I've tested both behind a few NAT appliances and they work.

starcastle

I am using a SUSe Linux desktop with a Fixed IPv4 address.  The NAT can be configured to pass protocol 41.

Would I provide the 'external' IP address for the NAT as the IPv4 end point for the tunnel?


broquea

Quote from: starcastle on April 16, 2008, 09:18:01 AM
I am using a SUSe Linux desktop with a Fixed IPv4 address.  The NAT can be configured to pass protocol 41.

Would I provide the 'external' IP address for the NAT as the IPv4 end point for the tunnel?



Yes the broker needs your real routable IPv4 endpoint, and using the "Linux-route2" example will require the internal, non-routable IP your NAT appliance DHCPs to your machine. Using the "Linux-net-tools" example doesn't require that you specify that internal IPv4 address.

starcastle

Thanks for your help!

One last question.  I am assuming I have to provied a route from the 'outside' to my linux box for protocol 41 otherwise this wont work?  I'm not using dhcp in this case.

The 'downside' of my existing client based tunnel setup is I never had to learn the 'details' on what was happening, therefore all the questions.

broquea

Well if you had another tunnel up and running behind NAT, most likely the NAT appliance already passes protocol 41. If the Suse box is not behind NAT, and has the routable IPv4 address configured on it, then you would use that with the "Linux-route2" example.