[ale] Domain Registrar

Michael H. Warfield mhw at WittsEnd.com
Sat Jan 22 22:16:49 EST 2011


On Sat, 2011-01-22 at 14:44 -0500, Michael B. Trausch wrote: 
> On Sat, 2011-01-22 at 14:01 -0500, Michael H. Warfield wrote:
> > If you're looking for IPv6 and NOT behind a NAT, HE is absolutely one
> > of the best (ranking right up there with OCCAID).  If you are behind a
> > NAT, then go with Freenet6 / Hexago / Gogo6: 
> 
> It doesn't depend so much on whether or not you are behind a NAT, as
> much as it depends on whether or not you actually _control_ your NAT at
> the appropriate level of detail.  Of course, doing that *can* be
> difficult and it's often much easier to just run your local IPv6
> endpoint on the ISP-facing side of your NAT router/appliance.
> 
> The NAT implementation within most consumer devices is opaque (or
> rather, it is opaque without doing a *heck* of a lot of work) and
> typically does not expose the ability to permit IP-layer protocol
> enabling and disabling.  That is to say that most consumer NATs only
> allow the following IP protocols:
> 
>   * ICMP, protocol 1
>   * IGMP, protocol 2
>   * TCP, protocol 6
>   * UDP, protocol 17
> 
> I have not seen consumer devices that allow more than that.  I haven't
> extensively tested, either, so there may be something out there that
> makes a liar out of me.  But in terms of consumer devices, they're
> usually so locked down that that's all they allow.  For example, IPsec
> (protocols 50 and 51), IPv6 encapsulation (protocol 41), GRE (protocol
> 47), etc., all do not work through most NATs, and cannot be made to work
> over most NATs except through some other form of encapsulation (e.g.,
> via UDP).

> Now, if you have full control of your NAT router, you can just enable
> protocol 41 packets to pass through, forward all packets from your IPv6
> remote tunnel endpoint to your system handling your IPv6 local tunnel
> endpoint, and all is well; at that point you can just follow the
> directions provided by Hurricane Electric on whatever system you have
> permitted protocol 41 be passed to, and you will have a working IPv6
> tunnel.

It also depends, somewhat, on HOW it handles prot 41 when you pass it
through.  Many consumer grade NAT's such as, off the shelf Linksys and
other wireless I've tested, work just fine, OOB.  Others you have to
enable prot 41 pass through.  Others manage to mangle it in a way that
it just doesn't work.  I personally thing they mangle the state tables
in such a way that they can't route it back but (because these are
closed source boxes) I have no way to confirm that.  Peter Beiringer and
I had a few discussions over this when we were talking about their ipv6
init stuff (that's used in Fedora and RedHat and others) and prohibiting
6to4 and all.  Unfortunately, like most of the time you are dealing with
NAT44, it's a crap shoot.

> 	--- Mike

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110122/958f7ac3/attachment.bin 


More information about the Ale mailing list