Good Good wrote:
[...]
The problem :
The /64 provided by my ISP is made to fuel only one ethernet segment and no
more.
So, it is not possible to route a part of the /64 to another ethernet
segment (the private segment).
ask them to get a /48 network. with a /64 network you can not do anything.
One solution :
The firewall NAT IPV4 traffic and bridge IPV6 traffic, that here:
Switch Firewall ISP Box ISP Network/Internet
__ ___ ___
|PC1|-------| | vr0 | | vr1 | |
| x|-----------| |------------| |----------O
|PC2|-------|__| | |___| | |___|
| | |
|bridge0 |
| _|_ |
| | | |
|_| |_ _|
|__|
IPV6 bridge only
Some clues :
I found some clues on the following web site where my need is summarized.
An English translation ->
http://64.233.179.104/translate_c?hl=fr&ie=UTF-8&oe=UTF-8&langpair=fr%7Cen&u=http://www.ip6.fr/free-broute/&prev=/language_tools
The original French link ->
http://ip6.fr/free-broute/
Second problem :
The author of the previously quoted web site is running under Linux.
Here used commands :
brctl addbr br0
ifconfig br0 up
brctl addif br0 eth0
brctl addif br0 eth1
ebtables -t broute -A BROUTING -p ! ipv6 -j DROP
The magic command is "ebtables -t broute -A BROUTING -p ! ipv6 -j DROP".
Questions :
1) Did you understand my problems ? :)
2) Is it the right solution to bridge only IPV6 traffic (I hope for it) ?
3) The most important question, how to do this type of bridging under
Openbsd (without ebtables) ?
According to the man page, "brconfig" can only perform layer 2 filtering.
Thank you for any help
Julien
