Yes, but unless that ipv6 that isn't globally routed is NAT66 to the outside world, then it wouldn't have external access.
> -----Original Message----- > From: Jon Lewis [mailto:jle...@lewis.org] > Sent: Thursday, February 03, 2011 11:41 AM > To: Iljitsch van Beijnum > Cc: nanog@nanog.org > Subject: Re: quietly.... > > On Thu, 3 Feb 2011, Iljitsch van Beijnum wrote: > > > On 3 feb 2011, at 17:16, Jon Lewis wrote: > > > >> When someone breaks or shuts off that filter, traffic through the NAPT > >> firewall stops working. On > the stateful firewall with public IPs on both sides, everything > works...including the traffic you > didn't want. > > > >> People are going to want NAT66...and not providing it may slow down IPv6 > >> adoption. > > > > Hm, if you turn off the NAT66 function, wouldn't the traffic pass through > > unhindered, too? > > Outbound traffic would. Inbound, if on the inside, you're using IPv6 > space that's not globally routed, won't. Just like what happens now with > NAPT with rfc1918 space on the inside when you stop doing > translation...private IP traffic leaks out...but nothing comes back > because there is no return path. > > ---------------------------------------------------------------------- > Jon Lewis, MCP :) | I route > Senior Network Engineer | therefore you are > Atlantic Net | > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
