2

My ISP grants me one IPv4 address and an IPv6 prefix, which has been subdivided into a few networks.

 +--------------+ | | eth1 | |---------- <IPv6 network> | | eth0 | Linux Router | eth2 ISP ----------| |---------- <IPv6 network> | | | | eth3 | |---------- <IPv6 network> +--------------+

It just so happens that one of the nodes from the IPv6 network connected to eth1 would benefit from having the IPv4 address.

It seems that I want the router to bridge IPv4 traffic, and route IPv6 traffic. Nay?

I heard about proxy-ARP, but as far as I can tell, I would need another IPv4 address for the router, otherwise it would not attempt to interact with the ISP's v4 traffic, right? Again, I only have one v4 address.

And normal bridging isn't an option either, I think, because that's Layer 2 and it wouldn't be able to tell the difference between IPv4 traffic and IPv6 traffic. If I bridge IPv4, I also bridge IPv6, which destroys the current IPv6 setup.

Am I forced to NAT the traffic into a private network, and assign the node another address from this network? Is there a more straightforward option?

Improve this question
3
  • 2
    man ebtables see the BROUTING chain Commented Mar 23, 2018 at 0:03
  • Please edit the question with more details: I assume one IPv4 address and several IPv6 address ranges? Do you have one or several machines that would need an IPv4 address? In the last case, you need NAT anyway. In any case, it's probably easier to route and port forward IPv4, if necessary, than to bridge - by default, all home routers do this with IPv4 addresses. And bridging one segment directly to the IPv4 is likely going to give you headaches (multiple machines demanding the same address). So while you can do "brouting" with ebtables, I wouldn't recommend it here. Commented Mar 23, 2018 at 5:17
  • @dirkt edited. I know about NAT; I just want something a little cleaner since I know no other nodes will ever want an IPv4 address. Commented Mar 23, 2018 at 22:26

1 Answer 1

Reset to default
5

(All these commands should be executed on the Linux router.)

Step 1: Create the bridge normally, as if it were to route all traffic between the two interfaces.

ip link add name br0 type bridge ip link set br0 up ip link set eth0 master br0 ip link set eth1 master br0

Step 2: Through ebtables rules, tell the kernel that IPv4 traffic should be bridged, and that IPv6 traffic should be routed.

ebtables -t broute -A BROUTING -p ipv4 -j ACCEPT ebtables -t broute -A BROUTING -p ipv6 -j DROP

(In the BROUTING chain, "ACCEPT" means bridge and "DROP" means ignore the bridge.)

None of the Linux router's interfaces need IPv4 addresses.

This solution should not be tested on Virtualbox VMs, because there's some bridging bug somewhere that prevents br0 from working at all.

Improve this answer
2
  • Actually, the BROUTING chain's default policy is ACCEPT, so the IPv4 ebtables is not needed at all. Commented Mar 26, 2018 at 16:05
  • If one wants to make the reverse setup (bridge IPv6/route IPv4), take heed that ARP traffic must be DROP-ed from the bridge as well. Commented Mar 16, 2023 at 14:15

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.