On Thu, May 29, 2008 at 09:27:52AM +0200, Markus W Kilbinger wrote:
> Hi!
>
> Is it possible to run a stf(4) interface behind a firewall (different
> machines)?
>
> Till now I'm running stf(4) / pkgsrc/net/hf6to4 on the same machine
> which is handling the internet connection (pppoe) itself.
>
> I'm considering to let the internet connection be handled by a
> separate router (fritz!box in my case), so the stf(4)-machine will no
> longer have direkt internet access.
>
> Now my/the question: Should a stf(4) interface still be functional if
> the corresponding ipv4 address is not directly available on the same
> host (now routed to the new / separate internet router)?
There were the patches Matthias referenced,
there's also some pf/ipf rules that can do the
job nicely.
http://mail-index.netbsd.org/tech-net/2006/04/05/0001.html
contains these rules.
This, of course, assumes you can protocol forward on the
router.
Jonathan Kollasch
Attachment:
pgpgPe2Fm_xT2.pgp
Description: PGP signature