> >> MM> ... and as far as I can tell none of them is currently usable > >> MM> on an IPv6-only FreeBSD (like protecting a host with sshguard), > >> MM> none of them supports stateful NAT64, nor IPv6 prefix translation :( > >> IPv6 prefix translation?! AGAIN!? FML. I've thought, that IPv6 will > >> render all that NAT nightmare to void. I hope, IPv6 prefix translation > >> will not be possible never ever! > > KP> Things like ftp-proxy(8) will need address translation even with IPv6. > ftp-proxy is solution to help IPv4 NAT. Why do we need it when every > device could have routable IPv6? Of course, _every_ device should be > protected by border firewall (stateful and IPv6-enabled), but FTP > server should have special rules for it to allow traffic pass, not > some "proxy". > > And, yes, NAT64 will be useful for sure, but it is another story, > not IPv6<->IPv6 translation. We are *way* too late in the game to completely avoid IPv6 NAT. Various flavors already exist in the form of RFCs, e.g. NPTv6: http://tools.ietf.org/html/rfc6296 Steinar Haug, Nethelp consulting, sthaug_at_nethelp.noReceived on Mon Apr 15 2013 - 08:57:44 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:36 UTC