Date: Mon, 15 Apr 2013 12:51:00 +0200 (CEST) From: sthaug@nethelp.no To: lev@FreeBSD.org Cc: Mark.Martinec+freebsd@ijs.si, kpaasial@gmail.com, current@freebsd.org, freebsd-net@freebsd.org Subject: Re: ipfilter(4) needs maintainer Message-ID: <20130415.125100.74672975.sthaug@nethelp.no> In-Reply-To: <195468703.20130415143237@serebryakov.spb.ru> References: <951943801.20130415141536@serebryakov.spb.ru> <CA%2B7WWSeODqdP1_7MDs6=BiGF%2BDSR62w21uu4hS3PtTDBkmshsg@mail.gmail.com> <195468703.20130415143237@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> >> MM> ... and as far as I can tell none of them is currently usable > >> MM> on an IPv6-only FreeBSD (like protecting a host with sshguard), > >> MM> none of them supports stateful NAT64, nor IPv6 prefix translation :( > >> IPv6 prefix translation?! AGAIN!? FML. I've thought, that IPv6 will > >> render all that NAT nightmare to void. I hope, IPv6 prefix translation > >> will not be possible never ever! > > KP> Things like ftp-proxy(8) will need address translation even with IPv6. > ftp-proxy is solution to help IPv4 NAT. Why do we need it when every > device could have routable IPv6? Of course, _every_ device should be > protected by border firewall (stateful and IPv6-enabled), but FTP > server should have special rules for it to allow traffic pass, not > some "proxy". > > And, yes, NAT64 will be useful for sure, but it is another story, > not IPv6<->IPv6 translation. We are *way* too late in the game to completely avoid IPv6 NAT. Various flavors already exist in the form of RFCs, e.g. NPTv6: http://tools.ietf.org/html/rfc6296 Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130415.125100.74672975.sthaug>