Future of pf / firewall in FreeBSD ? - does it have one ?
Kevin Oberman
rkoberman at gmail.com
Tue Jul 29 16:54:29 UTC 2014
On Tue, Jul 29, 2014 at 7:48 AM, Mark Martinec <Mark.Martinec+freebsd at ijs.si
> wrote:
> me wrote:
>
>> we are talking about NAT64 (IPv6-only datacenter's path to a legacy
>> world),
>> and NPT66 (prefix transalation). I doubt anyone had a traditional NAT in
>> mind.
>>
>
> Kevin Oberman wrote:
>
>> No, all of the messages in the thread are specific about NAT66, not NPT66.
>> NPT66 may have real value. I hate it, but it may well be better than
>> alternatives. [...]
>>
>
> Cy Schubert wrote:
>
>> That I don't disagree with, IPv6 NAT makes no logical sense. Having said
>> that I've received emails asking about NAT66 specifically. It is on
>> people's minds.
>>
>
> My impression is that often the term NAT66 is used indiscriminately,
> even when NPT66 (static prefix translation) is meant.
>
> Mark
>
>
I would hope that is not the case. While NAT66 is "well known" and has been
a topic of discussion for years, NPT66 is relatively new. It does share
many concepts with NAT66 (and, most likely implementations also share
code), but does not require any state, making it vastly less complex and no
longer breaks point to point networking. The names look similar, which may
result in unfortunate confusion, but NPT66 may be the bast solution to a
real problem and it does not create the issues of NAT66.
--
R. Kevin Oberman, Network Engineer, Retired
E-mail: rkoberman at gmail.com
More information about the freebsd-current
mailing list