Mr. Patel,
Well, like I told Mr. Alexey, I think NAT in its major form for IPv6 is
dead. Right now, the only use ip6_conntrack would be to an IPv6 firewall
implementation would be tracking packet states via -m state. However,
maybe once the code is stable and people are starting to use it, I may
ask Mr. Henrik if he wants to write a reduced NAT layer for IPv6 which
only offers redirection-type NAT.
Is this a good idea? Or is ip6_conntrack really not going to see any use
except for packet state tracking?
Brad
P.S. BTW do you want a patch copy or a source copy of my latest work on
ip6_conntrack?
Imran Patel wrote:
I am currently completing a port of the Netfilter connection
tracking subsystem from IPv4 to IPv6. Most of the features in this
port are complete, except for fragment handling,
This is the last thing to complete transition from IPv6 back
to IPv4 wickedness. :-)
On the contrary, it might be useful for transition from IPv4 to IPv6 ;-)
IPv6 connection tracking is useful for NAT-PT. However, other options on top
of IPv6 conntrack like masquerading, v6-v6 NAT, etc look useless and silly.
imran
|