Look for an ipfw example using NPTv6
Andrey V. Elsukov
bu7cher at yandex.ru
Wed Jun 19 17:09:03 UTC 2019
On 19.06.2019 20:03, Michael Sierchio wrote:
> On 18.06.2019 23:00, Michael Sierchio wrote:
> > I'm looking for a simple firewall example using nptv6 to translate
> > link-local addresses to match the prefix assigned by my ISP. I'll
> be using
> > stateful rules and allowing only outbound traffic.
> >
> > If you have a snippet, I'l be grateful. Thanks.
>
> NPTv6 module is targeted to translate routed traffic. IPv6 link-local
> addresses are not forward-able. Thus you can not configure nptv6
> instance with such prefix.
> Are you saying NPTv6 cannot rewrite a LL prefix to a public prefix, such
> as the one held on the external interface?
Yes. Link-local address must belong to the single "link",
IPv6 scoped addresses architecture doesn't allow forward packets with
link-local addresses from one link to another.
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20190619/a3c035ca/attachment.sig>
More information about the freebsd-ipfw
mailing list