On 19.06.2019 20:03, Michael Sierchio wrote: > On 18.06.2019 23:00, Michael Sierchio wrote: > > I'm looking for a simple firewall example using nptv6 to translate > > link-local addresses to match the prefix assigned by my ISP. I'll > be using > > stateful rules and allowing only outbound traffic. > > > > If you have a snippet, I'l be grateful. Thanks. > > NPTv6 module is targeted to translate routed traffic. IPv6 link-local > addresses are not forward-able. Thus you can not configure nptv6 > instance with such prefix. > Are you saying NPTv6 cannot rewrite a LL prefix to a public prefix, such > as the one held on the external interface?
Yes. Link-local address must belong to the single "link", IPv6 scoped addresses architecture doesn't allow forward packets with link-local addresses from one link to another. -- WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
