[ale] Domain Registrar

Michael B. Trausch mike at trausch.us
Sat Jan 22 14:44:32 EST 2011 

On Sat, 2011-01-22 at 14:01 -0500, Michael H. Warfield wrote:
> If you're looking for IPv6 and NOT behind a NAT, HE is absolutely one
> of the best (ranking right up there with OCCAID).  If you are behind a
> NAT, then go with Freenet6 / Hexago / Gogo6: 

It doesn't depend so much on whether or not you are behind a NAT, as
much as it depends on whether or not you actually _control_ your NAT at
the appropriate level of detail.  Of course, doing that *can* be
difficult and it's often much easier to just run your local IPv6
endpoint on the ISP-facing side of your NAT router/appliance.

The NAT implementation within most consumer devices is opaque (or
rather, it is opaque without doing a *heck* of a lot of work) and
typically does not expose the ability to permit IP-layer protocol
enabling and disabling.  That is to say that most consumer NATs only
allow the following IP protocols:

  * ICMP, protocol 1
  * IGMP, protocol 2
  * TCP, protocol 6
  * UDP, protocol 17

I have not seen consumer devices that allow more than that.  I haven't
extensively tested, either, so there may be something out there that
makes a liar out of me.  But in terms of consumer devices, they're
usually so locked down that that's all they allow.  For example, IPsec
(protocols 50 and 51), IPv6 encapsulation (protocol 41), GRE (protocol
47), etc., all do not work through most NATs, and cannot be made to work
over most NATs except through some other form of encapsulation (e.g.,
via UDP).

Now, if you have full control of your NAT router, you can just enable
protocol 41 packets to pass through, forward all packets from your IPv6
remote tunnel endpoint to your system handling your IPv6 local tunnel
endpoint, and all is well; at that point you can just follow the
directions provided by Hurricane Electric on whatever system you have
permitted protocol 41 be passed to, and you will have a working IPv6
tunnel.

	--- Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110122/d8739c43/attachment.bin

More information about the Ale mailing list