-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 12/26/2016 01:44 PM, Tom Eastep wrote: > On 12/26/2016 01:12 PM, Simon Hobson wrote: >> Tuomo Soini <[email protected]> wrote: > >>> What do you mean with NPTv6 ? > >> I assume he wants to use NPT (Network Prefix Translation) to >> avoid the complications of multihoming systems with multiple >> IPv6 providers. > > > Bit of dyslexia on my part then. > > My personal approach to multiple IPv6 providers is to assign my > local networks prefixes delegated from one of my provider's routers > and simply use SNAT when sending traffic out of the other provider. > That is stateful and supports problem protocols like FTP. > > In Netfilter, NPT is stateless, so it is a pain to use. There is > therefore no formal support for NPT in Shorewall6 (the > shorewall6-netmap(5) file is no longer usable since the Netfilter > rawpost table has been removed). It is possible to configure NTP > in shorewall-mangle(5) (assuming that your kernel and ip6tables > support the SNPT and DNPT targets) but there is currently no > documentation for how to do that. >
Correction. If you have kernel version 3.7 or later, then stateful network mapping is available in Netfilter. It *should* be available using the shorewall6-netmap(5) file (by omitting the trailing P, O, or T after SNAT or DNAT), but I must confess that I have not tested it. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYYZO5AAoJEJbms/JCOk0QxVwP/RBpHJFQg5JZ/SFoPteda9cR z2KLgnAtJwZPWkMlXQK+b3NB5Ot0bkY5jSPNpgqnDMQD4WtjoGJpcA4UQi+sMSLy X8t8kn62yjHzj2GhZhz/sdTo5HcS5BvJjhHPLnjS4gq5RENATcfEjqSEfsCNx5Rm xKpObL3uENmypumrbUEB5yq1UHMNHqNVNjUqDUzVPJs85V2WmSKTFlsWK+g57xND rU563+ijeomg3Lv7s31ZaZjfA/g4eJiScTZbRUemuE3v9KIiJsnRSzmYR/ENiF9N Evl676ocuLRKPC+36a+KMVY2RBkLXSCm36mKrO3Jz1fC/57JrIIq2SYwPafLdqgQ mgmGgwGdKgFy0EVFe6Onx46hJbUEDimCxp9awLxagrKlrbYYSiix6ZzezyvhlOAp d6efZ/cjbyuEhPvKNml/AIt1NWcF644gZdFoq8jKRpMOBoq6UCxaDYraCl7gvKzr 7AG1KMPtUPuvIzCRprhP3jzc5BXw6tYjc/kw4W+VF1ZnUWamEl496gcaOjgJ8XV3 3iRZTDna6A7oOzIqy/D4HudvWMsNg4npPIZamiSgOLGfBq8RrYj2Rq4kU7s/G35i /jzcp1Nj1Vw4uaLd7HCbG47tN3KUWRdss4k5furflFbJ0UXn6kTAxOkGVJBa2YLF rIhSABhjq1bNMi/zYJAE =HiR7 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
