From owner-freebsd-ipfw@freebsd.org Sun Apr 24 13:28:29 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ABFAAB197CF for ; Sun, 24 Apr 2016 13:28:29 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7F04916D8 for ; Sun, 24 Apr 2016 13:28:29 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 25E3F23C3A for ; Sun, 24 Apr 2016 09:28:28 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute2.internal (MEProxy); Sun, 24 Apr 2016 09:28:28 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=4VwiMvzq8aMWp1p Cn3CbJDYL61E=; b=Ia1E2k4PXpa6nxyf5DniNGSwoj9FvJMpxAQJBVJ0lIodoZI EPj1Oh0PC1ZtqURejIO280Jh+toEt2qNCkz2IbpoK5LP/VYIY0xoH2VPCdNTUyVW PUPRJulxuNeLGR27QOtHNXGtRv6qFW8avLQbVr/h92hXmgCXX5tOJRlxLLPI= Received: by web3.nyi.internal (Postfix, from userid 99) id E9A8810AE76; Sun, 24 Apr 2016 09:28:27 -0400 (EDT) Message-Id: <1461504507.3722666.587983145.7C4C681F@webmail.messagingengine.com> X-Sasl-Enc: pmQ5xr4dPUutclCjJ1U0tSUSFg6wefspj1sUka5oVRyN 1461504507 From: Mark Felder To: samira , freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-76f1c811 Subject: Re: Whether IPFW generates " No buffer space available " error ? Date: Sun, 24 Apr 2016 08:28:27 -0500 In-Reply-To: <1461394000058-6093661.post@n5.nabble.com> References: <1461394000058-6093661.post@n5.nabble.com> X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Apr 2016 13:28:29 -0000 On Sat, Apr 23, 2016, at 01:46, samira wrote: > Hi everyone, > I using FreeBSD9.2 and defining a rule in ipfw that divert tcp packets on > port 80 to port 8000 and by suricata will be reviewed. > ipfw list: > 01901 divert 8000 tcp from any to any dst-port 80 > > And then the packets is sent by altq to queue defined > ipfw list: > 03009 skipto 3011 tcp from any to any dst-port 80 > 03010 skipto 3012 ip from any to any > 03011 allow altq http-gbeth3-out ip from any to any via gbeth3 out > > And we limit bandwidth in pf.conf for http traffic > pf.conf: > queue http-gbeth3-out bandwidth 50Kb hfsc ( upperlimit 50Kb ) > > When the transmission of huge amounts of http packets and pf action is to > drop packets, suricata crash and the following message appears in the > suricata.log file: > - [ERRCODE: SC_WARN_IPFW_XMIT(84)] - Write to ipfw divert > socket > failed: No buffer space available > > Has anyone dealt with this issue? > > There is a similar problem: > By sending ICMP packets to the queue and send ping from the interface > also > seen this problem and the following message is displayed: > ping: sendto: No buffer space available > > > If the specified bandwidth increased and not drop any packets, this > problem > does not occur. > > Thank you for all of your comments and help. > > I ran into this "No buffer space available" problem when I was first setting up QoS on my IPFW firewall. The problem ended up being an issue with my IPFW/QoS rules combined with my NAT; the order of my rules was incorrect and I think packets kept getting reprocessed. I can't be sure of the issue in your situation, but you may want to carefully review your entire ruleset. Remember that IPFW is "first match wins". -- Mark Felder ports-secteam member feld@FreeBSD.org From owner-freebsd-ipfw@freebsd.org Mon Apr 25 07:31:27 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A1000B1C920 for ; Mon, 25 Apr 2016 07:31:27 +0000 (UTC) (envelope-from nazari.s11@gmail.com) Received: from mbob.nabble.com (mbob.nabble.com [162.253.133.15]) by mx1.freebsd.org (Postfix) with ESMTP id 90EEF1A5A for ; Mon, 25 Apr 2016 07:31:27 +0000 (UTC) (envelope-from nazari.s11@gmail.com) Received: from msam.nabble.com (unknown [162.253.133.85]) by mbob.nabble.com (Postfix) with ESMTP id 4CE12261406C for ; Mon, 25 Apr 2016 00:17:17 -0700 (PDT) Date: Mon, 25 Apr 2016 00:31:19 -0700 (MST) From: samira To: freebsd-ipfw@freebsd.org Message-ID: <1461569479635-6094082.post@n5.nabble.com> In-Reply-To: <1461504507.3722666.587983145.7C4C681F@webmail.messagingengine.com> References: <1461394000058-6093661.post@n5.nabble.com> <1461504507.3722666.587983145.7C4C681F@webmail.messagingengine.com> Subject: Re: Whether IPFW generates " No buffer space available " error ? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Apr 2016 07:31:27 -0000 Mark Felder wrote > On Sat, Apr 23, 2016, at 01:46, samira wrote: >> Hi everyone, >> I using FreeBSD9.2 and defining a rule in ipfw that divert tcp packets on >> port 80 to port 8000 and by suricata will be reviewed. >> ipfw list: >> 01901 divert 8000 tcp from any to any dst-port 80 >> >> And then the packets is sent by altq to queue defined >> ipfw list: >> 03009 skipto 3011 tcp from any to any dst-port 80 >> 03010 skipto 3012 ip from any to any >> 03011 allow altq http-gbeth3-out ip from any to any via gbeth3 out >> >> And we limit bandwidth in pf.conf for http traffic >> pf.conf: >> queue http-gbeth3-out bandwidth 50Kb hfsc ( upperlimit 50Kb ) >> >> When the transmission of huge amounts of http packets and pf action is to >> drop packets, suricata crash and the following message appears in the >> suricata.log file: >> > > - [ERRCODE: SC_WARN_IPFW_XMIT(84)] - Write to ipfw divert >> socket >> failed: No buffer space available >> >> Has anyone dealt with this issue? >> >> There is a similar problem: >> By sending ICMP packets to the queue and send ping from the interface >> also >> seen this problem and the following message is displayed: >> ping: sendto: No buffer space available >> >> >> If the specified bandwidth increased and not drop any packets, this >> problem >> does not occur. >> >> Thank you for all of your comments and help. >> >> > > I ran into this "No buffer space available" problem when I was first > setting up QoS on my IPFW firewall. The problem ended up being an issue > with my IPFW/QoS rules combined with my NAT; the order of my rules was > incorrect and I think packets kept getting reprocessed. I can't be sure > of the issue in your situation, but you may want to carefully review > your entire ruleset. Remember that IPFW is "first match wins". > > -- > Mark Felder > ports-secteam member > > feld@ > _______________________________________________ > freebsd-ipfw@ > mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to " > freebsd-ipfw-unsubscribe@ > " We have common point in IPFW and QOS, but i use one rule in ipfw for divert packets to suricata in port 8000, what is your NAT config ? are you use ipfw rule for NAT? And is possible send me your rules before and after that problem is solved? Also i changed my scenario and now i have 3 rules but i see again "no buffer space ..." warning in suricata.log. all of my rules are: 01900 divert 8000 tcp from any to any dst-port 80 ipfw pipe 1 config bw 40Kbit 02000 pipe 1 tcp from any to any dst-port 80 via gbeth3 out 65535 allow ip from any to any -- View this message in context: http://freebsd.1045724.n5.nabble.com/Whether-IPFW-generates-No-buffer-space-available-error-tp6093661p6094082.html Sent from the freebsd-ipfw mailing list archive at Nabble.com. From owner-freebsd-ipfw@freebsd.org Sat Apr 30 17:36:06 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 58853B2241A for ; Sat, 30 Apr 2016 17:36:06 +0000 (UTC) (envelope-from g_amanakis@yahoo.com) Received: from nm8-vm2.bullet.mail.ne1.yahoo.com (nm8-vm2.bullet.mail.ne1.yahoo.com [98.138.90.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 294FD1531 for ; Sat, 30 Apr 2016 17:36:05 +0000 (UTC) (envelope-from g_amanakis@yahoo.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1462037654; bh=QzNvzJwjW6BB9w9T251RB18pxhczXy1AJCzc6kZdpqo=; h=Subject:From:To:Date:From:Subject; b=H34VAamp12HlvOlHPXNys3iVUOMdZK4QoJ5jhSo99RLrMLOfkoyQ/QAAFsGU8o9jz1bfeakBoSGJqrdnFJA/vlr9P8jCbaINyK538A/G/8TXMOMGwM8hX3T35RKOq/g+znb77Tk4mDtDy+8XpJK78aM33vwtiZczVU8qnmWarLLMYQFIO/YT0CuQR+IVygJ9xdqjm8AAmqoFk1p4yNYvHf9kzdGHJUWneXqfmT9M+Fld5Xm/SjTSo1MXveunLFZCYa6le8S/ICbGstT5gdTRyy03pwUNH6c5g2aOXcBtgAvrqnC8/nBxZCmP1vBVlZDpj2vO5ey4xZfu3G1pU+7jIg== Received: from [98.138.226.179] by nm8.bullet.mail.ne1.yahoo.com with NNFMP; 30 Apr 2016 17:34:14 -0000 Received: from [98.138.226.128] by tm14.bullet.mail.ne1.yahoo.com with NNFMP; 30 Apr 2016 17:34:14 -0000 Received: from [127.0.0.1] by smtp215.mail.ne1.yahoo.com with NNFMP; 30 Apr 2016 17:34:14 -0000 X-Yahoo-Newman-Id: 931384.72021.bm@smtp215.mail.ne1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: UnCcsGAVM1mBUL6HRBpy.BV6GHHgOAoyP53l_Rg5lh9a0Ds c4XuCoCvB99J_cdjR0kAiMlY7TaDRxfJiiPkcL1p4Mnquvow6n81ioVZe0hC KqIP8ymSjQ.tJspVfb2fQAZPkQ1IELpdsSMuWgjLOKEzE5_ArHSfi.cSqOWU J.k84HtuzBsxq6yyBKizoHlZjKzdhnTNCEuiSZJSuEY2lTCGRaATlm8SyA.6 C.mnF5alavNruPOqPb4NipLgiECpW9B_KX0QjU3Pw1JI3_jC8Dh7LJ.T8OXM Ioztt7O6ILDbEO0vHMYLwujW5czwFwvakmIA3KlKkAYDTxcxqTH23dPSLW4V EIVGbuKk7t13s49wY_KUuH9fWO.nu8FtAjG96pOMEPHk0tmfQvzORxLOOpKK 4nfiN6kClDeGn4spSUgmGR0tkgGIZfpnwo5mjkUQL9XiH8uCG9pv.dGLe0Ea P0fVXqgSsbDEQ7O92suyZcrRrFI28UWF8c.vSbL.z0FBcAn7axhyNAQixOmK 3mv2us0Fvk5SXrLw9zdOYXHrEpLi7rkIm X-Yahoo-SMTP: 6sUo5IiswBDB2TZm6JKJ6DaI.Rsz4O0- Message-ID: <1462037652.2104.2.camel@yahoo.com> Subject: IPv6 NAT From: Georgios Amanakis To: freebsd-ipfw@freebsd.org Date: Sat, 30 Apr 2016 13:34:12 -0400 Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Apr 2016 17:36:06 -0000 Does anyone know if someone works on implementing IPv6 NAT (like IPv4 NAT, not prefix translation only) in IPFW? As far as I can tell FreeBSD's pf has this functionality. Linux implemented this since kernel 3.9, too. From owner-freebsd-ipfw@freebsd.org Sat Apr 30 18:35:26 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 39C62AD9054 for ; Sat, 30 Apr 2016 18:35:26 +0000 (UTC) (envelope-from me@sharktooth.org) Received: from mail-yw0-x22c.google.com (mail-yw0-x22c.google.com [IPv6:2607:f8b0:4002:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 02F88101E for ; Sat, 30 Apr 2016 18:35:25 +0000 (UTC) (envelope-from me@sharktooth.org) Received: by mail-yw0-x22c.google.com with SMTP id t10so229088007ywa.0 for ; Sat, 30 Apr 2016 11:35:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sharktooth-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=0HxG/J8ttt+tASRH122RE2ollg7/8gLog/U33Ww7ngs=; b=V/ib/uPK5ah94JSmEjFB3Pwq+f3zRH7UwWcWHiQ51fR+tpncaMXBRR17z5MqZ+k4eQ n3s/zo9iZ3iakolLYxciYjK9wjkuSq7X0151lGJYBpH/Hm1xtVgOoHhovubh2WVvDuKM m7wDQsjSBrs3F9l23Cj4JRJ6gC3gaCzQSfaeqDPqxGAdFHOaEiw1I2IufQoWiG6D9TMp lLGDwy02EpaYANfte/RWd/OI41iT4koGZtgi0qBfdmIiTQNzxlk5i6YT+UWcBI8de/IM 4+bmcpykVLHF8/Es00oyTrmEFV1eToEETm6THI9/hPHVUkPiHB+NrD/ydwJXpTKSL2FW HeTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=0HxG/J8ttt+tASRH122RE2ollg7/8gLog/U33Ww7ngs=; b=TMuuc1lKc8eu6/h2jmGrHWjTVjgMzjvEQEFX48jxOG6xPGnGRzgAiZP3NzFyBzOPtC KmQxPR6wh2u2R0KUUwKpDkw7ESqNGa4ccrK4ZcWIZ/4OyPgK8zE2ORpbojGUeN/35k5U GBL1CrY4zNchaeGhGmEg/ByX23SyGr49b/UmXxlu/zBXRKiEd/6NgvwX5g+ty/FKXcBT EokFEOewHUc5haMSnzsFVp3ntswxK0M/qvjLzQXR6tgSoSFKAofWtVnSuiFFrtsozxGD AVXPC9skAVh80ipFWgoxwsVje0g+j5HBq78pUth08Z31iM8tbjOrfup4np4IbPcPft+U iA5Q== X-Gm-Message-State: AOPr4FUdoUm+mUKTmv/97/ScVdqG+58Fa8CfoLbVDNiXBW2abeOBtzgJNQr6Lo47ijH0Bt+BVl4qNw1pjbnmGg== MIME-Version: 1.0 X-Received: by 10.129.70.195 with SMTP id t186mr2112350ywa.34.1462041324998; Sat, 30 Apr 2016 11:35:24 -0700 (PDT) Received: by 10.13.224.5 with HTTP; Sat, 30 Apr 2016 11:35:24 -0700 (PDT) X-Originating-IP: [2001:470:8747:1705:b5a4:fcb:7a04:c8ad] In-Reply-To: <1462037652.2104.2.camel@yahoo.com> References: <1462037652.2104.2.camel@yahoo.com> Date: Sat, 30 Apr 2016 12:35:24 -0600 Message-ID: Subject: Re: IPv6 NAT From: Jason Lewis To: Georgios Amanakis Cc: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Apr 2016 18:35:26 -0000 Folks have said that IPv6 does not support NAT, so I believe they will not be putting it into IPFW. I do know that pf has supported IPv6 NAT or NAT6 since 2006 and it has been working great for me for more than five years. On 4/30/16, Georgios Amanakis via freebsd-ipfw wrote: > Does anyone know if someone works on implementing IPv6 NAT (like IPv4 > NAT, not prefix translation only) in IPFW? As far as I can tell > FreeBSD's pf has this functionality. Linux implemented this since > kernel 3.9, too. > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > From owner-freebsd-ipfw@freebsd.org Sat Apr 30 19:11:24 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4E513AD9B8D for ; Sat, 30 Apr 2016 19:11:24 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward7h.cmail.yandex.net (forward7h.cmail.yandex.net [IPv6:2a02:6b8:0:f35::e7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EB7FE1953 for ; Sat, 30 Apr 2016 19:11:23 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from smtp4h.mail.yandex.net (smtp4h.mail.yandex.net [IPv6:2a02:6b8:0:f05::118]) by forward7h.cmail.yandex.net (Yandex) with ESMTP id 2080E214C5; Sat, 30 Apr 2016 22:11:12 +0300 (MSK) Received: from smtp4h.mail.yandex.net (localhost [127.0.0.1]) by smtp4h.mail.yandex.net (Yandex) with ESMTP id A19EE2C0167; Sat, 30 Apr 2016 22:11:11 +0300 (MSK) Received: by smtp4h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 1jXwmSE0Hy-BBW44SRt; Sat, 30 Apr 2016 22:11:11 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1462043471; bh=eQ1yaOXf+rinqQZbO7JkXsZEbfJd5pzY5jFMdJfjHbs=; h=Subject:To:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type; b=F2I5hbhrH+0zYOaHsMafVREvpcC5FJPgPpyAnVxTujTbcugB2zeWE5ilLqecSFie5 7WysMWRjaKZzaJb7wltBKj2e1kC1bU1+6me880x73Dfsc9OP81CLyqRLJrhx+o6+Rq DjYBtVqnUz83tc9d/qHL6AU2G4sfxkWitVMEM2Vk= Authentication-Results: smtp4h.mail.yandex.net; dkim=pass header.i=@yandex.ru X-Yandex-ForeignMX: US X-Yandex-Suid-Status: 1 0,1 0 Subject: Re: IPv6 NAT To: Georgios Amanakis , freebsd-ipfw@freebsd.org References: <1462037652.2104.2.camel@yahoo.com> From: "Andrey V. Elsukov" Message-ID: <572502B7.80303@yandex.ru> Date: Sat, 30 Apr 2016 22:08:39 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.7.1 MIME-Version: 1.0 In-Reply-To: <1462037652.2104.2.camel@yahoo.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="D2BkaSJ36XleQDVhwR35lkUdhbNqENNik" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Apr 2016 19:11:24 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --D2BkaSJ36XleQDVhwR35lkUdhbNqENNik Content-Type: multipart/mixed; boundary="tnmH6o7PO6IjN3hEvXUdT3TpNqnS23Q3a" From: "Andrey V. Elsukov" To: Georgios Amanakis , freebsd-ipfw@freebsd.org Message-ID: <572502B7.80303@yandex.ru> Subject: Re: IPv6 NAT References: <1462037652.2104.2.camel@yahoo.com> In-Reply-To: <1462037652.2104.2.camel@yahoo.com> --tnmH6o7PO6IjN3hEvXUdT3TpNqnS23Q3a Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 30.04.16 20:34, Georgios Amanakis via freebsd-ipfw wrote: > Does anyone know if someone works on implementing IPv6 NAT (like IPv4 > NAT, not prefix translation only) in IPFW? As far as I can tell > FreeBSD's pf has this functionality. Linux implemented this since > kernel 3.9, too. Hi, we have implemented IPv6 NPT (RFC 6296) and basic NAT64 (stateless and statefull) for ipfw. Currently we are preparing to commit them into FreeBSD head/. I hope I'll do this in several weeks before 11.0 freeze. --=20 WBR, Andrey V. Elsukov --tnmH6o7PO6IjN3hEvXUdT3TpNqnS23Q3a-- --D2BkaSJ36XleQDVhwR35lkUdhbNqENNik Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJXJQK3AAoJEAHF6gQQyKF62tAIAKHGBK8ZYr2ck2cyfAtpGiB+ OIygVpxpFMMZ0NMp1fSD8jMO9UAvcdeDluaP91QUSH4CvjSRcoBPT0LvsGkJVe4E GboOt8jAOQinCJWxhGRiHjuCH28xXuVXZ6khEJ9p7vrLrAcIpK01I0ICSGQ1ExyY bFOuQAxvytXyAWa+JmQR/9WVqf5eL810Mtt737SjbTn8pa3zPYPvHDLxUWDkPa2y oxGdeKrIUHAenNg3zzBbPCkCR0QIL8N4wpQioc4TLsLaNJ8Bvo7bQqqFnE6BhJZg eAPAyRPNttkW089PxZ+QpzTTCR3y1y/CJgxiflkwmqMOOB+Ey3zG1V0OFoBPqqQ= =R1uM -----END PGP SIGNATURE----- --D2BkaSJ36XleQDVhwR35lkUdhbNqENNik--