From owner-freebsd-current@FreeBSD.ORG  Mon Apr 15 10:57:44 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 735DD171
 for <current@freebsd.org>; Mon, 15 Apr 2013 10:57:44 +0000 (UTC)
 (envelope-from sthaug@nethelp.no)
Received: from bizet.nethelp.no (bizet.nethelp.no [195.1.209.33])
 by mx1.freebsd.org (Postfix) with SMTP id B3C94627
 for <current@freebsd.org>; Mon, 15 Apr 2013 10:57:43 +0000 (UTC)
Received: (qmail 91373 invoked from network); 15 Apr 2013 10:51:00 -0000
Received: from bizet.nethelp.no (HELO localhost) (195.1.209.33)
 by bizet.nethelp.no with SMTP; 15 Apr 2013 10:51:00 -0000
Date: Mon, 15 Apr 2013 12:51:00 +0200 (CEST)
Message-Id: <20130415.125100.74672975.sthaug@nethelp.no>
To: lev@FreeBSD.org
Subject: Re: ipfilter(4) needs maintainer
From: sthaug@nethelp.no
In-Reply-To: <195468703.20130415143237@serebryakov.spb.ru>
References: <951943801.20130415141536@serebryakov.spb.ru>
 <CA+7WWSeODqdP1_7MDs6=BiGF+DSR62w21uu4hS3PtTDBkmshsg@mail.gmail.com>
 <195468703.20130415143237@serebryakov.spb.ru>
X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: Mark.Martinec+freebsd@ijs.si, kpaasial@gmail.com, current@freebsd.org,
 freebsd-net@freebsd.org
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2013 10:57:44 -0000

> >> MM> ... and as far as I can tell none of them is currently usable
> >> MM> on an IPv6-only FreeBSD (like protecting a host with sshguard),
> >> MM> none of them supports stateful NAT64, nor IPv6 prefix translation :(
> >>  IPv6 prefix translation?! AGAIN!? FML. I've thought, that IPv6 will
> >> render all that NAT nightmare to void. I hope, IPv6 prefix translation
> >> will not be possible never ever!
> 
> KP> Things like ftp-proxy(8) will need address translation even with IPv6.
>   ftp-proxy is solution to help IPv4 NAT. Why do we need it when every
> device could have routable IPv6? Of course, _every_ device should be
> protected by border firewall (stateful and IPv6-enabled), but FTP
> server should have special rules for it to allow traffic pass, not
> some "proxy".
> 
>  And, yes, NAT64 will be useful for sure, but it is another story,
> not IPv6<->IPv6 translation.

We are *way* too late in the game to completely avoid IPv6 NAT. Various
flavors already exist in the form of RFCs, e.g. NPTv6:

	http://tools.ietf.org/html/rfc6296

Steinar Haug, Nethelp consulting, sthaug@nethelp.no