From owner-freebsd-current@FreeBSD.ORG Tue Jul 29 17:05:14 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7BF7C5FC for ; Tue, 29 Jul 2014 17:05:14 +0000 (UTC) Received: from mail-qg0-x22a.google.com (mail-qg0-x22a.google.com [IPv6:2607:f8b0:400d:c04::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3BD7C28FC for ; Tue, 29 Jul 2014 17:05:14 +0000 (UTC) Received: by mail-qg0-f42.google.com with SMTP id j5so10487731qga.15 for ; Tue, 29 Jul 2014 10:05:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=VlleDqn2WeywwI+C+yMzVgUDmJdZjkQQ+f6qELD4pbI=; b=R6JdtCP9iRcpsb2C05iO1ZxzRMInvGckfNVh9ciZBDPvfGrunaYPsNB6nu9SNBLQE2 TGs2XOzPmc1yhF9sXZ40L9VHOQh9r0Jd1IjggU3+saOb6pZiVIq8kg7ANO9pNjOpuPEn aPNb/zbKG4HtWUBORRGQij4CpE+nU2RDD5pRT3p03N8FT3K9B7HdiPyuKYLY6xH1tX+a BO9E99fWLTkQiOXb9oSM52fCdaRIN4t5hphdbWlYQ/F4E7zw7ntlABsRBrOiBKfWfI3T Wc5WJ+ElpA+0DD3gEDzDNf2rThRHJUOh6yAQ3lDYHi+GKCkLSdTpbQ4FENOZsr0qSq3Y SCsw== MIME-Version: 1.0 X-Received: by 10.140.92.13 with SMTP id a13mr5254823qge.88.1406653513369; Tue, 29 Jul 2014 10:05:13 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.224.1.6 with HTTP; Tue, 29 Jul 2014 10:05:13 -0700 (PDT) In-Reply-To: References: <201407291320.s6TDK5ZS005328@slippy.cwsent.com> <444fc5248aaa7d474cf9bde66f3d7f64@mailbox.ijs.si> Date: Tue, 29 Jul 2014 10:05:13 -0700 X-Google-Sender-Auth: fGgz77S18BlP3JL1NLFSrjwoseA Message-ID: Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? From: Adrian Chadd To: Kevin Oberman Content-Type: text/plain; charset=UTF-8 Cc: Mark Martinec , FreeBSD Current X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2014 17:05:14 -0000 On 29 July 2014 09:54, Kevin Oberman wrote: > On Tue, Jul 29, 2014 at 7:48 AM, Mark Martinec > wrote: > >> me wrote: >> >>> we are talking about NAT64 (IPv6-only datacenter's path to a legacy >>> world), >>> and NPT66 (prefix transalation). I doubt anyone had a traditional NAT in >>> mind. >>> >> >> Kevin Oberman wrote: >> >>> No, all of the messages in the thread are specific about NAT66, not NPT66. >>> NPT66 may have real value. I hate it, but it may well be better than >>> alternatives. [...] >>> >> >> Cy Schubert wrote: >> >>> That I don't disagree with, IPv6 NAT makes no logical sense. Having said >>> that I've received emails asking about NAT66 specifically. It is on >>> people's minds. >>> >> >> My impression is that often the term NAT66 is used indiscriminately, >> even when NPT66 (static prefix translation) is meant. >> >> Mark >> >> > I would hope that is not the case. While NAT66 is "well known" and has been > a topic of discussion for years, NPT66 is relatively new. It does share > many concepts with NAT66 (and, most likely implementations also share > code), but does not require any state, making it vastly less complex and no > longer breaks point to point networking. The names look similar, which may > result in unfortunate confusion, but NPT66 may be the bast solution to a > real problem and it does not create the issues of NAT66. Course it will. All those bad protocols that embed IP addresses in them to connect to. Or wait, is everything written these days mindful of NAT/NPT and tries desperately to work around it? Hm... -a