Date: Fri, 21 Jun 2019 14:16:46 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Michael Sierchio <kudzu@tenebras.com>, Jan Bramkamp <crest@rlwinm.de> Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org> Subject: Re: Look for an ipfw example using NPTv6 Message-ID: <42efa235-d4f4-2fe8-2f9c-73a8de95744a@yandex.ru> In-Reply-To: <CAHu1Y70oavnHz0sL05J8v9BeKHV_Rs%2Bu6NUEXEiT0qVJXn8USQ@mail.gmail.com> References: <CAHu1Y72ezsU-f7WbYpH3h0Qcj1uttCsnQHqFue9F9xJmOtZd=w@mail.gmail.com> <3629aeba-61ef-2cce-4971-c3a0ed973765@rlwinm.de> <CAHu1Y70oavnHz0sL05J8v9BeKHV_Rs%2Bu6NUEXEiT0qVJXn8USQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --1lbdaScRqRPAWoSmYauDKEncJIEGwjFTL Content-Type: multipart/mixed; boundary="g9Vb8MHuwx7kN86tt6fUdRgloY9ZDD7xe"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Michael Sierchio <kudzu@tenebras.com>, Jan Bramkamp <crest@rlwinm.de> Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org> Message-ID: <42efa235-d4f4-2fe8-2f9c-73a8de95744a@yandex.ru> Subject: Re: Look for an ipfw example using NPTv6 References: <CAHu1Y72ezsU-f7WbYpH3h0Qcj1uttCsnQHqFue9F9xJmOtZd=w@mail.gmail.com> <3629aeba-61ef-2cce-4971-c3a0ed973765@rlwinm.de> <CAHu1Y70oavnHz0sL05J8v9BeKHV_Rs+u6NUEXEiT0qVJXn8USQ@mail.gmail.com> In-Reply-To: <CAHu1Y70oavnHz0sL05J8v9BeKHV_Rs+u6NUEXEiT0qVJXn8USQ@mail.gmail.com> --g9Vb8MHuwx7kN86tt6fUdRgloY9ZDD7xe Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 20.06.2019 17:35, Michael Sierchio wrote: > Oh, the problem is simply that my ISP assigns me a ::/64 but there is n= o > guarantee that it's mine for the duration. >=20 > I'm in the process of securing my own IPv6 block, but was hoping for an= > interim solution. >=20 > One that occurred to me is to use a public ::/56 that's allocated (but > unused) to me in an AWS VPC. Route advertisements from them would make= > them unusable directly, but then NPTv6 would work. >=20 > Open to any suggestions.... ;-) You can use some own prefix with global IPv6 addresses in the internal network, and use NPTv6 with "ext_if external_ifname" option. It will automatically use configured on the external interface prefix. This feature is available in stable/12+. --=20 WBR, Andrey V. Elsukov --g9Vb8MHuwx7kN86tt6fUdRgloY9ZDD7xe-- --1lbdaScRqRPAWoSmYauDKEncJIEGwjFTL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl0MvJ4ACgkQAcXqBBDI oXovfQf9G0X7mYiG3lnJzNlN6kTmN4aV0g5/Hxn7rjCYnJSqDUgaJ2dS/C2wH1BC t7X7nrqPHUX2zlbKJS6Xy4ApQxXKFhhfbaeYm3yzO3Uitna8pxEG/sUt1Zz+1YLu wGnlwFSB6aqzdAj1kvFT52pOYxmrUbR+00mzYcNAkot3i6S8j/HG3znWhXsuFXyR r9Q0WiqqiD//3Hn72BWPXrtZ1NbxHX8Hnd0xTJ5SVEAvZJ5pnrv/0sZI2ZKKRGaw kYfRlVT7ayrsJRHD72FzVhvSfXHMJs+RXsIjTYPO7SUK3IfCazWmHpvH5tj0V+I8 bmzEI48jPDa9RdcFm+I6rS0MI7OLTg== =sz30 -----END PGP SIGNATURE----- --1lbdaScRqRPAWoSmYauDKEncJIEGwjFTL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42efa235-d4f4-2fe8-2f9c-73a8de95744a>