Re: NAT66 : A first implementation
[Posted July 26, 2011 by corbet]
| From: |
| Harald Welte <laforge-AT-netfilter.org> |
| To: |
| Patrick McHardy <kaber-AT-trash.net> |
| Subject: |
| Re: NAT66 : A first implementation |
| Date: |
| Thu, 21 Jul 2011 09:15:58 +0200 |
| Message-ID: |
| <20110721071558.GE30758@prithivi.gnumonks.org> |
| Cc: |
| David Miller <davem-AT-davemloft.net>, jengelh-AT-medozas.de,
T.Moes-AT-student.ulg.ac.be, netfilter-devel-AT-vger.kernel.org |
| Archive‑link: | |
Article |
Hi all,
just a few words out of the strange land that retired netfilter hackers
go to:
1) I am quite at ease not participating in netfilter/iptables anymore
while the discussion about IPv6 NAT becomes an issue again: I always
indicated "over my dead body", and now that I am no longer in charge,
nobody will have to kill me ;)
2) I agree that there has been a lot of improvement between the
abomination of what we are doing in IPv4 NAT and what is
described in RFC6296.
3) For any netfilter integration, I would strongly suggest something
that does not carry aroudn with it the burden of connection tracking,
but rather something stateless. Or at least have the conntrack
dependency optional. If there's no need for sophisticated state
tracking as per the RFC, then don't make it a hard/mandatory
dependency.
... and now I'll happily retire again to GSM land ...
Regards,
Harald
--
- Harald Welte <laforge@netfilter.org> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
