Comments on: IPv6 http://blog.firetech.nu/comp/ipv6/ The Public Mind of Yet Another Computer Geek Sun, 05 Feb 2012 07:39:46 +0000 http://wordpress.org/?v=2.5.1 By: firetech http://blog.firetech.nu/comp/ipv6/#comment-1556 firetech Wed, 27 May 2009 06:16:55 +0000 http://blog.firetech.nu/?p=52#comment-1556 So THAT's how it's working! I wondered when the traffic back to me was converted, and got a little confused there. Thanks for the heads up! :) I also saw you posted your comment from an IPv6 address, the IPv6 Internet has a few hosts anyway. :) So THAT’s how it’s working!
I wondered when the traffic back to me was converted, and got a little confused there. Thanks for the heads up! :)

I also saw you posted your comment from an IPv6 address, the IPv6 Internet has a few hosts anyway. :)

]]> By: Paul http://blog.firetech.nu/comp/ipv6/#comment-1555 Paul Wed, 27 May 2009 03:31:22 +0000 http://blog.firetech.nu/?p=52#comment-1555 "It turned out that traffic from those sites, unlike all the other ones I tested, were sent as IPv4 packets directly to me and not coming in through the tunnel interface." The problem you encountered is that not all 6to4 packets arrive with a source address of 192.88.99.1. 6to4 uses anycast in both directions: 192.88.99.0/24 for v4->v6, and 2002::/16 for v6->v4. So, it's mostly unpredictable which v6->v4 gateway your return packets will come through. Some of them set their source address to 192.88.99.1, but some use a "real" IPv4 address, and that difference will confuse your IPv4 firewall. Your solution is correct, though. “It turned out that traffic from those sites, unlike all the other ones I tested, were sent as IPv4 packets directly to me and not coming in through the tunnel interface.”

The problem you encountered is that not all 6to4 packets arrive with a source address of 192.88.99.1. 6to4 uses anycast in both directions: 192.88.99.0/24 for v4->v6, and 2002::/16 for v6->v4. So, it’s mostly unpredictable which v6->v4 gateway your return packets will come through. Some of them set their source address to 192.88.99.1, but some use a “real” IPv4 address, and that difference will confuse your IPv4 firewall.

Your solution is correct, though.

]]>