>
> Somehow, I thought that DNAT will solve the problem the most
> straightforward way. I was wrong, it was proxy_arp that made
> the day.
Agreed.
> (Yes, one may use a bridge, too
Yup.
> Anyway, IPv4 seems to die slowly. The Internet Service Provider
> I connect through from home, for example, offers a
> gray-IP-plus-NAT access, which is barely the /Internet/ access
What is "gray IP" ? RFC 1918 private addressing ?
> Fortunately, IPv6 has no NAT.
Unfortunately, some people want a NAT implementation for IPv6. I guess
that they have always lived in a NAT environment they view as a
protection, and would feel so naked without it. NAT is not a part of the
IPv4 specification, it is just a hack and it could be implemented for
IPv6 too. Now that netfilter has IPv6 conntrack, I guess that it could
be done in Linux. However the netfilter developpers do not want to add
IPv6 NAT and I support this decision, although IPv6 NAT could be a
helpful quick and dirty hack in a some situations (e.g. source NAT to
work around some flaws in the source address selection).
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment