On 19/6/26 07:50, Seklecki, Brian (GE Vernova, consultant) wrote:
To be unambiguous in my question:
Does PF in OpenBSD 7.9 implement RFC 6052 address rewriting for NAT46 /
NAT64?
Yes, something like this ext_if=203.0.113.100/24,
ext_if6=2001:DB8:DEAD:BEEF::100/64
## NAT46
pass in on $ext_if inet proto tcp to ($ext_if:0) port { www, https }
af-to inet6 from 2001:db8:dead:1::1
# Egress traffic NAT64
pass in on ! $ext_if inet6 from any to 64:ff9b::/96 af-to inet from
($ext_if:0)
pass out
----
Note: For the NAT46, you must plumb up an alias on the internal
destination host as 2001:db8:dead:1::ffff:cb00:7164/64 (This might help:
https://dnschecker.org/ipv4-to-ipv6.php )
For egress, unbound needs:
module-config: "dns64 iterator"
dns64-prefix: 64:FF9B::/96
Cheers,
Jason.
