中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeNetworking TechnologiesNetworking TCP/IPAn IPv6 Deployment Guide Chapter 5: Integration and Transition

5.6.3.3 The Faith TRT for FreeBSD and NetBSD(2)

Perform the following steps on the router that will run the faith relay service:

1. If there already is an IPv6 TCP server for the “ssh” service, i.e. sshd, disable this daemon.
2. Execute the following as root to enable faith support:

# sysctl –w net.inet6. ip6.accept_rtadv=0
# sysctl –w net.inet6.ip6.forwarding=1
# sysctl –w net.inet6.ip6.keepfaith=1

3. Route packets when destination address within the faith prefix to the “faith0”:

# ifconfig faith0 up
# route add –inet6 2001:db8:10:110:: -prefixlen 64 ::1
# route change –inet6 2001:db8:10:110:: -prefixlen 64 –ifp faith0

4. Start “faithd” as root as follows:

# faithd ssh /usr/sbin/sshd sshd -1

More examples that where successfully tested by the authors:

# faithd ftpd /usr/libexec/ftpd ftpd –l
# faithd sshd
# faithd telnet
# faithd telnet /usr/libexec/telnetd telnetd
# faithd smtp
# faithd www
# faithd https
# faithd irc
# faithd icqs
# faithd pop3
# faithd nntp

If inetd(8) on your platform has support for faithd, it is possible to setup faithd service (almost) like any other service started from inetd and configure it in /etc/inetd.conf. At least recent FreeBSD releases have included support for this.

On NetBSD one can make the above example setup permanent with automatic configuration at boot time. One simply creates a configuration file /etc/ifconfig.faith0 including the following lines:

# pseudo interface for IPv6/IPv4 transport relay
create
inet6 2001:db8:10:110:: prefixlen 64

Also add the flowing line(s) to /etc/sysctl.conf:

net.inet6.ip6.keepfaith=1
net.inet6.ip6.forwarding=1
# in case you don’t want to do regular IPv4 forwarding at all:
net.inet.ip.forwarding=0

In addition it is strongly recommended to limit access to the translator. One way to do so is (at least on
NetBSD) by creating a /etc/faithd.conf file restricting allowed connections. In the following example
we assume that 2001:db8:10::/48 is the address space in use at the site:

# permit anyone from our site to use the translator, to connect to
# the following IPv4 destinations:
# any location except 10.0.0.0/8 and 127.0.0.0/8
# Permit no other connections.
#
2001:db8:10::/48 deny 10.0.0.0/8
2001:db8:10::/48 deny 129.168.0.0/16
2001:db8:10::/48 deny 127.0.0.0/8
2001:db8:10::/48 permit 0.0.0.0/0

Problems

The main problem in this platform is the scalability. The address resolution used in this case is made by the hosts table. That means that every server we want to access should be one entry of the hosts table. We can try to solve this problem using a special DNS server called totd, which has not been used in this platform.

One important problem with the TRT to be able to provide HTTP is the absolute links in the web pages, because the TRT can not parse them. One solution to that problem could be an ALG (Application Layer Gateway) which will manage with the absolute links properly. That problem makes TRT not recommended in HTTP services.
‹ 5.6.3.3 The Faith TRT for FreeBSD and NetBSD(1)upChapter 6: IP Routing ›