Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Apr 2013 14:44:28 +0400
From:      Lev Serebryakov <lev@FreeBSD.org>
To:        Kimmo Paasiala <kpaasial@gmail.com>
Cc:        Mark Martinec <Mark.Martinec+freebsd@ijs.si>, freebsd-net@freebsd.org, current@freebsd.org
Subject:   Re: ipfilter(4) needs maintainer
Message-ID:  <621849003.20130415144428@serebryakov.spb.ru>
In-Reply-To: <CA%2B7WWSdbEx7Kbc0WOBNLc-vH19DdKK7L-xORO8SepKcMQR2xEg@mail.gmail.com>
References:  <20130411201805.GD76816@FreeBSD.org> <20130414160648.GD96431@in-addr.com> <36562.1365960622.5652758659450863616@ffe10.ukr.net> <201304150025.07337.Mark.Martinec%2Bfreebsd@ijs.si> <951943801.20130415141536@serebryakov.spb.ru> <CA%2B7WWSeODqdP1_7MDs6=BiGF%2BDSR62w21uu4hS3PtTDBkmshsg@mail.gmail.com> <195468703.20130415143237@serebryakov.spb.ru> <CA%2B7WWSdbEx7Kbc0WOBNLc-vH19DdKK7L-xORO8SepKcMQR2xEg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello, Kimmo.
You wrote 15 =D0=B0=D0=BF=D1=80=D0=B5=D0=BB=D1=8F 2013 =D0=B3., 14:36:27:

>>  And, yes, NAT64 will be useful for sure, but it is another story,
>> not IPv6<->IPv6 translation.
KP> You're forgetting set ups where outgoing traffic is controlled by
KP> filter rules, outgoing passive mode ftp needs help from the proxy to
KP> open holes for arbitrary ports. This is not limited to IPv4 and NAT.
   It could  be  done without IPv6 prefix mapping. Yes, firewall should
 have  ability  to expect some connections fro FTP commands (some flag
 on rule, for sure), but it is not prefix rewriting (there are some
 other protocols, which need similar treatment, like SIP)! I was
 shocked by idea of true NAT from IPv6 to IPv6. IPv6 has its own
 problems and complications, but one REALLY GOOD side of it, that we
 don't need NAT for it anymore! Some special tricks in firewall -- yes,
 maybe, for bad-designed, but widely-deployed application level
 protocols, but not address translations!

  I, personally, don't see any problems to enable all outbound
 connections for dedicated FTP server, though.

--=20
// Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?621849003.20130415144428>