PSARC/2008/250 IPv6 NAT for IPFilter
yifan evan xu - Sun Microsystems - Beijing China
Evan.Xu at Sun.COM
Wed Apr 9 03:25:38 PDT 2008
Darren J Moffat wrote:
> Darren Reed wrote:
>> I'm submitting the attached spec as the proposal for the IPv6 NAT
>> project
>> on behalf of Yifan Xu.
>
> I thought the whole point of IPv6 was to avoid the need for NAT, sigh.
>
> On this case specifically, why is it acceptable to provide IPv6 NAT
> support without the proxies ? Are they not useful or is it just a
> project scoping issue for resourcing ?
>
The requirement comes from the exploitation of implementing transparent
proxying in IPv6 network, which has been exploited in IPv4 environment.
Transparent proxying is achieved through two NATing steps:
1) Redirect client connections to local host, by applying ipfilter RDR
rules.
2) Forward the client request to the server using client's IP as the
source address, by inserting ipfilter MAP sessions through SIOCSTPUT ioctl.
This project aims to provide the capabilities to support this kind of
use case for IPv6 network.
Simply NATing IPv6 addresses for intranet host does seem useless. That's
why kernel proxies are not involved in the scope.
Yifan
More information about the opensolaris-arc
mailing list