Tag: IPv6 behind NAT

Tunneling IPv6 with Ubuntu Linux Behind NAT ? Why Not..

Source from WIKI:

An IP tunnel is an Internet Protocol (IP) network communications channel between two networks. It is used to transport another network protocol by encapsulation of its packets. IP tunnels are often used for connecting two disjoint IP networks that don’t have a native routing path to each other, via an underlying routable protocol across an intermediate transport network. In conjunction with the IPsec protocol they may be used to create a virtual private network between two or more private networks across a public network such as the Internet. Another prominent use is to connect islands of IPv6 installations across the IPv4 Internet.

 

IP tunnelling encapsulation In IP tunnelling, every IP packet, including addressing information of its source and destination IP networks, is encapsulated within another packet format native to the transit network. At the borders between the source network and the transit network, as well as the transit network and the destination network, gateways are used that establish the end-points of the IP tunnel across the transit network. Thus, the IP tunnel endpoints become native IP routers that establish a standard IP route between the source and destination networks. Packets traversing these end-points from the transit network are stripped from their transit frame format headers and trailers used in the tunnelling protocol and thus converted into native IP format and injected into the IP stack of the tunnel endpoints. In addition, any other protocol encapsulations used during transit, such as IPsec or Transport Layer Security, are removed. IP in IP, sometimes called ipencap, is an example of IP encapsulation within IP and is described in RFC 2003. Other variants of the IP-in-IP variety are IPv6-in-IPv4 (6in4) and IPv4-in-IPv6 (4in6). IP tunneling often bypasses simple firewall rules transparently since the specific nature and addressing of the original datagrams are hidden. Content-control software is usually required to block IP tunnels.

Tulisan diatas saya cuplik dari penjelasan WIKI tentang IP Tunnel yang menjelaskan gambaran umum seperti apa konsep IP Tunnel. pada tulisan sebelumnya saya menulis tentang bagaimana mengimplementasikan metode 6to4 untuk membuat jaringan IPv6 meskipun tidak memiliki Blok IPv6 sendiri. http://gigihfordanama.wordpress.com/2011/03/30/mencoba-sixxs-org-ipv6-gateway/ skim pada tulisan tsb server yang digunakan langsung terhubung ke global IPv4 dan menggunakan sistem operasi FreeBSD 8.0. Nah sekarang kita akan coba bereksperimen bagaimana jika server yang akan dijadikan server tunneling berada dibelakang NAT atau menggunakan IP Private. kita lihat contoh kasus yang saya ujicobakan, dengan topologi sebagai berikut

[(DMZ FIREWALL SERV – WITH IP PUBLIC – OS FREEBSD)/NOC ROOM]  ——–> [FAKULTAS ROUTER] ——> [JURUSAN ROUTER]

202.43.189.222                                ———-       192.168.170.254    ——-  192.168.170.211

Yang perlu dilakukan adalah:

  1. Set rule di FreeBSD-Firewall dengan konfigurasi bidirectional NAT pada paket filter BSD (karena saya tidak mau pusing),contoh skrip /etc/pf.conf binat   on $eIF from 192.168.170.211 to any -> 202.43.189.222 , kenapa saya pilih binat, karena saya akan mapping dari IPPublic ke IP 192.168.170.211 secara bolak balik dan tanpa filter apa apa, sebetulnya yang dibutuhkan untuk membuka servis tunnel cukup hanya dengan menggunakan protocol 41 di pass ke tujuan. Namun karena saya juga butuh untuk yang lain lain juga, makanya firewallnya di buat PLONG kayak jalan Tol.  😀
  2. Yak sudah itu saja, tinggal dibuktikan apakah dari NAT sudah bisa keluar                       .                                                                   elektro@elektro-desktop:~$ ifconfig
    eth0      Link encap:Ethernet  HWaddr d4:85:64:cc:58:23
    inet addr:192.168.170.211  Bcast:192.168.170.255 Continue reading “Tunneling IPv6 with Ubuntu Linux Behind NAT ? Why Not..”