How to use teredo behind a symmetric NAT

[spring...@gmail.com]

In Miscrosoft it said symmetric NAT is not support by teredo.

I am using an Linksys WRT gateway, which should be using symmetric NAT.

And I find a post in the group:

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
"If your client is behind a symmetric NAT, you need to

1. Configure your Teredo client to listen on a fixed UDP port.

c:\> netsh interface ipv6 set teredo client teredo.ipv6.microsoft.com.
clientport=34567

2. Configure your NAT with a rule that would cause it to forward all
UDP
packets to the chosen port (34567 in the above example) to your Teredo
client.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

As it said, It is possible to use teredo behind a symmetric NAT

I do as what the post said. and here is my result on PC:

First step:
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
D:\>netsh interface ipv6 set teredo client 203.233.154.10
clientport=34567

D:\>netsh inter ipv6 show teredo
Teredo
---------------------------------------------
类型 : client
服务器名称 : 203.233.154.10
客户端刷新间隔 :60 秒
客户端口 : 34567
状态 : probe(cone)
类型 : teredo client
网络 : unmanaged
NAT : cone

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

But I really confuse about what to do in the step 2.
So I set my Lan PC to be the DMZ host. which means my Lan Pc's all
ports are opened to the Wan Side.

but the teredo doesn't work.

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
D:\>ping6 www.kame.net -t

Pinging www.kame.net [2001:200:0:8002:203:47ff:fea5:3085]
from fe80::214:78ff:fe9e:5cae%5 with 32 bytes of data:

Reply from fe80::214:78ff:fe9e:5cae%5: 无法到达目标地址。
Reply from fe80::214:78ff:fe9e:5cae%5: 无法到达目标地址。
Reply from fe80::214:78ff:fe9e:5cae%5: 无法到达目标地址。
Reply from fe80::214:78ff:fe9e:5cae%5: 无法到达目标地址。

Ping statistics for 2001:200:0:8002:203:47ff:fea5:3085:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Control-C
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

After that I try to directly dial PPPoE on my computer and use the
route just for bridged,
teredo works well....

Can anybody help me out here?
At least tell me if it is possible to use teredo behind a symmetric
NAT.

Thx

[TestMan]

spring...@gmail.com a écrit :

Hello,

AFAIK, only Vista support teredo on symetrical cone NAT at this time
from what I've understood :(

But, as you are running a WRT router, you can use DD-WRT firmware (or
openwrt if you are a CLI fan) and setup the 6to4 anycast !

http://www.dd-wrt.com/wiki/index.php/IPv6

Doing so you will get valid ipv6 LAN :) You might even add other tunel
if required ... realy DD-WRT is win-win ! and WRT devices are bargain
for ipv6 :)

Rgs,
TM

[Remi Denis-Courmont]

Le jeudi 30 novembre 2006 09:37, spring...@gmail.com a écrit :

> 2. Configure your NAT with a rule that would cause it to forward all
> UDP
> packets to the chosen port (34567 in the above example) to your Teredo
> client.

How (and whether it is possible and works properly) depends on your NAT
vendor and model. Please refer to the documentation from your vendor.

> D:\>netsh inter ipv6 show teredo
> Teredo
> ---------------------------------------------
> 类型 : client
> 服务器名称 : 203.233.154.10
> 客户端刷新间隔 :60 秒
> 客户端口 : 34567
> 状态 : probe(cone)

^^^^^^^^^^^

Means Teredo has not completed its initialization yet.

> Pinging www.kame.net [2001:200:0:8002:203:47ff:fea5:3085]
> from fe80::214:78ff:fe9e:5cae%5 with 32 bytes of data:

^^^^

This is a link-local address. No chance it's every

> Can anybody help me out here?
> At least tell me if it is possible to use teredo behind a symmetric
> NAT.

It depends on the availability of UDP port forwarding on the use. Vista
additionally has better support for symmetric NAT (but I think full support
is impossible).

--
Rémi Denis-Courmont

[spring...@gmail.com]

"TestMan 写道：

Thank you for all the info.
In fact, my OS is Vista RC2 5860
and 6to4 tunnle had been set up on my WRT

but I do want to know how the teredo work on my PC through the NAT.

In Vista, I could only established the teredo connect to Microsofte's
teredo server,
all the other servers seem to be impossible to finished the connecting.

The Ethereal showed that when teredo probing the sytle of my NAT, it
need to
connect to two different servers, which also described in Microsoft's
Document,
behind my symmetric NAT, I couldn't receive any packet from the second
server except when I use teredo.ipv6.microsoft.com.
Maybe MS change its protcol, or MS's server is different from other
servers?

[spring...@gmail.com]

And by the way, even I could finish the probing with Miscrosoft' server

and the teredo state shows "qualified"

I still couldn't ping6 www.kame.net neither make the kame dancing on
the webpage.
Maybe MS could fix or update this when Vista official release....I
doubt that
"springwate...@gmail.com 写道：

[Remi Denis-Courmont]

Le lundi 4 décembre 2006 02:39, spring...@gmail.com a écrit :

> And by the way, even I could finish the probing with Miscrosoft' server
>
> and the teredo state shows "qualified"
>
> I still couldn't ping6 www.kame.net neither make the kame dancing on
> the webpage.
> Maybe MS could fix or update this when Vista official release....I
> doubt that

It's actually been done, from what I've heard. It's even been pushed to XP
SP2 IPv6 stack via Windows Update a few months ago.

--
Rémi Denis-Courmont

[spring...@gmail.com]

Another interesting thing

There is a tereo-like client named Miredo under Linux
I can easily access IPv6 network via teredo server by Miredo
even I am behind a symmetric NAT (wrtxxx)

"spring...@gmail.com 写道：

[TestMan]

spring...@gmail.com a écrit :

> Another interesting thing
>
> There is a tereo-like client named Miredo under Linux
> I can easily access IPv6 network via teredo server by Miredo
> even I am behind a symmetric NAT (wrtxxx)

Yes, plus Miredo's "father", Remi, is already answering on the thread ;-)

Rgs,
TM