Darren J Moffat wrote: > Darren Reed wrote: >> I'm submitting the attached spec as the proposal for the IPv6 NAT >> project >> on behalf of Yifan Xu. > > I thought the whole point of IPv6 was to avoid the need for NAT, sigh. > > On this case specifically, why is it acceptable to provide IPv6 NAT > support without the proxies ? Are they not useful or is it just a > project scoping issue for resourcing ? >
The requirement comes from the exploitation of implementing transparent proxying in IPv6 network, which has been exploited in IPv4 environment. Transparent proxying is achieved through two NATing steps: 1) Redirect client connections to local host, by applying ipfilter RDR rules. 2) Forward the client request to the server using client's IP as the source address, by inserting ipfilter MAP sessions through SIOCSTPUT ioctl. This project aims to provide the capabilities to support this kind of use case for IPv6 network. Simply NATing IPv6 addresses for intranet host does seem useless. That's why kernel proxies are not involved in the scope. Yifan
