Re: Future of pf / firewall in FreeBSD ? - does it have one ?

From: Adrian Chadd <adrian_at_freebsd.org>
Date: Tue, 29 Jul 2014 10:05:13 -0700
On 29 July 2014 09:54, Kevin Oberman <rkoberman_at_gmail.com> wrote:
> On Tue, Jul 29, 2014 at 7:48 AM, Mark Martinec <Mark.Martinec+freebsd_at_ijs.si
>> wrote:
>
>> me wrote:
>>
>>> we are talking about NAT64 (IPv6-only datacenter's path to a legacy
>>> world),
>>> and NPT66 (prefix transalation). I doubt anyone had a traditional NAT in
>>> mind.
>>>
>>
>> Kevin Oberman wrote:
>>
>>> No, all of the messages in the thread are specific about NAT66, not NPT66.
>>> NPT66 may have real value. I hate it, but it may well be better than
>>> alternatives. [...]
>>>
>>
>> Cy Schubert wrote:
>>
>>> That I don't disagree with, IPv6 NAT makes no logical sense. Having said
>>> that I've received emails asking about NAT66 specifically. It is on
>>> people's minds.
>>>
>>
>> My impression is that often the term NAT66 is used indiscriminately,
>> even when NPT66 (static prefix translation) is meant.
>>
>>   Mark
>>
>>
> I would hope that is not the case. While NAT66 is "well known" and has been
> a topic of discussion for years, NPT66 is relatively new. It does share
> many concepts with NAT66 (and, most likely implementations also share
> code), but does not require any state, making it vastly less complex and no
> longer breaks point to point networking. The names look similar, which may
> result in unfortunate confusion, but NPT66 may be the bast solution to a
> real problem and it does not create the issues of NAT66.

Course it will. All those bad protocols that embed IP addresses in
them to connect to.

Or wait, is everything written these days mindful of NAT/NPT and tries
desperately to work around it? Hm...



-a
Received on Tue Jul 29 2014 - 15:05:14 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:51 UTC