Re: ipfilter(4) needs maintainer
> >> MM> ... and as far as I can tell none of them is currently usable
> >> MM> on an IPv6-only FreeBSD (like protecting a host with sshguard),
> >> MM> none of them supports stateful NAT64, nor IPv6 prefix translation :(
> >> IPv6 prefix translation?! AGAIN!? FML. I've thought, that IPv6 will
> >> render all that NAT nightmare to void. I hope, IPv6 prefix translation
> >> will not be possible never ever!
>
> KP> Things like ftp-proxy(8) will need address translation even with IPv6.
> ftp-proxy is solution to help IPv4 NAT. Why do we need it when every
> device could have routable IPv6? Of course, _every_ device should be
> protected by border firewall (stateful and IPv6-enabled), but FTP
> server should have special rules for it to allow traffic pass, not
> some "proxy".
>
> And, yes, NAT64 will be useful for sure, but it is another story,
> not IPv6<->IPv6 translation.
We are *way* too late in the game to completely avoid IPv6 NAT. Various
flavors already exist in the form of RFCs, e.g. NPTv6:
http://tools.ietf.org/html/rfc6296
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 47 之 74 篇):