1MIREDO(8) System Manager's Manual MIREDO(8)
2
6 miredo - Teredo IPv6 tunneling for Unix
7
9 miredo [-c config_file] [-f] [-u user] [ -t chrootdir] [server_name]
10
13 Miredo is a daemon program providing a Teredo tunnel service compatible
14 with the "Teredo: Tunneling IPv6 over UDP through NATs" Internet pro‐
15 posed standard (RFC 4380). It can provide either Teredo client or
16 Teredo relay functionality.
17 This is mostly useful to provide IPv6 connectivity to users behind NAT,
19 most of which do not support IPv6 at all. Many NATs do not even support
20 proto-41 forwarding, so it is not possible to set up a 6to4 or point-
21 to-point IPv6-over-IPv4 tunnel through them.
22 A Teredo relay is an IPv6 router which forwards IPv6 packets between
24 the IPv6 Internet and Teredo clients by encapsulating these IPv6 pack‐
25 ets over UDP/IPv4.
26 A Teredo client is an IPv6-enabled host which is located behind an
28 IPv4-only Network Address Translator (a.k.a. NAT), and encapsulates its
29 IPv6 traffic inside UDP over IPv4 packets.
30 A Teredo server is a special Teredo relay which is required for Teredo
32 clients to setup their IPv6 connectivity through Teredo. A Teredo
33 server must have to global static subsequent IPv4 addresses. It
34 receives packets from Teredo clients and Teredo relays on UDP port
35 3544.
36
39 -c config_file or --config config_file
40 Specify an alternate configuration file for Miredo instead of
41 the default, /etc/miredo/miredo.conf.
42 -f or --foreground
45 Do not detach from the console. Run the program in the fore‐
46 ground.
47 -h or --help
50 Display some help and exit.
51 -t or --chrootdir
54 Specify a directory to use as a root after initialization is
55 completed. When used as a Teredo client, the hostname resolver
56 library files must be present in the chroot. The directory can
57 safely be left empty for a Teredo relay.
58 -u username or --user username
61 Override the user that the program will run as. By default, it
62 runs as nobody.
63 -V or --version
66 Display program version and license and exit.
67 server_name
70 This optional command argument specifies a Teredo server to use.
71 It will override any ServerAddress directive found in the con‐
72 figuration file. It is ignored if RelayType is not set to
73 "client" (see miredo.conf).
74
77 Miredo requires root privileges to create its IPv6 tunneling network
78 interface, and to set it up properly. Once its initialization is com‐
79 plete, it will setgid, chroot into an empty directory and ultimately
80 setuid (see option -u), so as to decrease the system's exposure to
81 potential security issues. However, if Miredo runs as a Teredo client,
82 it needs root privileges when running, in order to change the tunneling
83 network interface settings automatically. To prevent possible root com‐
84 promise, Miredo implements priveleges separation. The process that han‐
85 dles data from the network is not privileged.
86 While that is not specific to nor dependant on Miredo, it should be
88 noted that Teredo connectivity allows anyone behind a NAT to obtain
89 global public IPv6 connectivity. It might break some corporate policy.
90 If that is an issue, outgoing UDP packets with destination port 3544
91 should be blocked at the perimeter firewall.
92
95 SIGHUP Force a reload of the daemon.
96 SIGINT, SIGTERM Shutdown the daemon.
98 SIGUSR1, SIGUSR2 Do nothing, might be used in future versions.
100
103 /etc/miredo/miredo.conf
104 The default configuration file.
105 /var/run/miredo.pid
108 The process-id file.
109
112 miredo.conf(5), miredo-server(8), ipv6(7), route(8), ip(8)
113
116 Rémi Denis-Courmont <remi at remlab dot net>
117 http://www.remlab.net/miredo/
119miredo February 2008 MIREDO(8)