Em 26-06-2015 16:17, Christian Weisgerber escreveu:
So you have TWO networks. One between the CPE and your OpenBSD firewall, and one containing the firewall and your internal machines.
Yes. Two interfaces, to be more exactly.
So you get ONE network address.
I get a prefix on the CPE. And I can configure any address in the prefix on any machine on my LAN (or the OpenBSD LAN iface). And traffic gets out. Just won't get replies.
You can't use a single network address for two networks. This has nothing to do with IPv6. It's the same with IPv4.
I'm aware of that fact. But, since my CPE replies to an IA_PD request, I imagined it would be able to route the packets correctly.
You can use private addresses for your internal network and run NAT on the firewall. Or you can configure your firewall as a bridge and filter there. http://www.openbsd.org/faq/faq6.html#Bridge
I'm trying to get some NDP proxy running on OpenBSD. But all of them are linux centric. Perhaps, for now, I will use it as a filtering bridge. Since I have enough interfaces on my OpenBSD machine, I will have a bridge specifically for IPv6. And IPv4 will still be NATed.
Cheers, Giancarlo Razzolini
