Em 22-09-2015 15:06, Daniel Gillen escreveu:
> Hi
>
> I currently have the following rule to nat traffic out to the internet:
>
> match out on $if_ext inet6 from $if_int:network to any nat-to ($if_ext)
>
> But this chooses from one of the configures addresses (using round-robin).
>
> Is there a way
Em 25-10-2015 01:37, Fernando Gont escreveu:
> ... as long as IPv6 addresses are not embedded in the app protocol.
>
> FWIW, I wouldn't go this way. ULAs (fd00::/8) erver a different purpose:
> e.g., still be able to communicate within your network if global
> connectivity/addressing fails.
The fa
On 09/23/2015 11:16 PM, Marios Makassikis wrote:
> On 23 September 2015 at 15:34, Giancarlo Razzolini
> wrote:
>> Em 23-09-2015 04:40, Stuart Henderson escreveu:
>>> Saves messing about with DHCPv6-PD
>>
>> I see. So you translate from what exactly? Wouldn't it be better to use
>> af-to instead o
On 09/25/2015 04:51 AM, Devin Reade wrote:
>> On Sep 24, 2015, at 07:49, Giancarlo Razzolini
>> wrote:
>>
>> Em 24-09-2015 08:36, Stuart Henderson escreveu:
>>> What is the purpose of IPv6? The main purpose that I see is
>>> "ability to continue getting internet addresses after v4 runout".
>>> (I
On Thu, Sep 24, 2015 at 05:25:31PM -0300, Giancarlo Razzolini wrote:
> The fact is, that OpenBSD and the other OS's should prefer
> privacy address for everything (even pf itself). This already happens on
> some linux configurations, where you have a semi stable privacy address
> any given time on
Em 24-09-2015 16:51, Devin Reade escreveu:
> Another consideration that has entered the picture since that idea came out,
> though, is how much easier it will be in the non-NAT world for advertisers or
> whomever to track individuals' behaviour. Not everyone likes that.
Hence privacy addres
> On Sep 24, 2015, at 07:49, Giancarlo Razzolini wrote:
>
> Em 24-09-2015 08:36, Stuart Henderson escreveu:
>> What is the purpose of IPv6? The main purpose that I see is "ability to
>> continue getting internet addresses after v4 runout". (If it had been left
>> at that and didn't change a bunch
Em 24-09-2015 08:36, Stuart Henderson escreveu:
> What is the purpose of IPv6? The main purpose that I see is "ability to
> continue getting internet addresses after v4 runout". (If it had been left
> at that and didn't change a bunch of other things at the same time, perhaps
> more people would be
On 2015-09-23, Giancarlo Razzolini wrote:
> Em 23-09-2015 11:49, Stuart Henderson escreveu:
>> Exactly. It also makes it easier to handle multiple ISPs for load-balancing
>> or failover, which IPv6 handles poorly (short of using BGP).
>
> Wouldn't multipath and properly constructed ifstated script
On 2015-09-23, Giancarlo Razzolini wrote:
> Em 23-09-2015 11:16, Marios Makassikis escreveu:
>> Rather than announcing the prefix obtained via DHCPv6-PD you can pick a
>> prefix
>> from fd00::/8 and announce that on your network.
>> It is the equivalent to RFC1918 addresses, except it is for IPv6
For the record, some ISPs offer both dynamic and static IPv6 subnets to
their clients, like Internode, which uses router advertisements for
dynamic subnets, and DHCPv6 IA_PD for static subnets.
On 23/09/2015 16:16, Marios Makassikis wrote:
> On 23 September 2015 at 15:34, Giancarlo Razzolini
> wrote:
>> Em 23-09-2015 04:40, Stuart Henderson escreveu:
>>> Saves messing about with DHCPv6-PD
>>
>> I see. So you translate from what exactly? Wouldn't it be better to use
>> af-to instead of n
Giancarlo,
Why are you unable to route your DHCPv6-PD? I ask because I have been
able to use OpenBSD as a typical IPv4 NAT type of router as well as a
pure IPv6 router (does use pf for firewalling the router and the PD
subnet, but no NAT on IPv6) all for my home network LAN.
I use a fair bit of
Em 23-09-2015 11:49, Stuart Henderson escreveu:
> Exactly. It also makes it easier to handle multiple ISPs for load-balancing
> or failover, which IPv6 handles poorly (short of using BGP).
Wouldn't multipath and properly constructed ifstated scripts be better
in this case? Like reloading dhcpv6 se
Em 23-09-2015 11:16, Marios Makassikis escreveu:
> Rather than announcing the prefix obtained via DHCPv6-PD you can pick a prefix
> from fd00::/8 and announce that on your network.
> It is the equivalent to RFC1918 addresses, except it is for IPv6.
Figured it. These are ULA, right?
> Therefore, i
On 2015/09/23 16:16, Marios Makassikis wrote:
> On 23 September 2015 at 15:34, Giancarlo Razzolini
> wrote:
> > Em 23-09-2015 04:40, Stuart Henderson escreveu:
> >> Saves messing about with DHCPv6-PD
> >
> > I see. So you translate from what exactly? Wouldn't it be better to use
> > af-to instead
On 23 September 2015 at 15:34, Giancarlo Razzolini wrote:
> Em 23-09-2015 04:40, Stuart Henderson escreveu:
>> Saves messing about with DHCPv6-PD
>
> I see. So you translate from what exactly? Wouldn't it be better to use
> af-to instead of nat?
Hello,
Rather than announcing the prefix obtained
Em 23-09-2015 04:40, Stuart Henderson escreveu:
> Saves messing about with DHCPv6-PD
I see. So you translate from what exactly? Wouldn't it be better to use
af-to instead of nat? But I can relate to that, given that my CPE will
give me a PD, but won't route packets back because it thinks the prefi
On 2015-09-22, Giancarlo Razzolini wrote:
> Nat on IPv6? Why?
Saves messing about with DHCPv6-PD ;)
On 2015-09-22, Daniel Gillen wrote:
> Hi
>
> I currently have the following rule to nat traffic out to the internet:
>
> match out on $if_ext inet6 from $if_int:network to any nat-to ($if_ext)
>
> But this chooses from one of the configures addresses (using round-robin).
>
> Is there a way I can c
Em 22-09-2015 15:06, Daniel Gillen escreveu:
> Hi
>
> I currently have the following rule to nat traffic out to the internet:
>
> match out on $if_ext inet6 from $if_int:network to any nat-to ($if_ext)
>
> But this chooses from one of the configures addresses (using round-robin).
>
> Is there a way
Hi
I currently have the following rule to nat traffic out to the internet:
match out on $if_ext inet6 from $if_int:network to any nat-to ($if_ext)
But this chooses from one of the configures addresses (using round-robin).
Is there a way I can configure pf to prefer the privacy address (the one
22 matches
Mail list logo
