On 2011-12-06 15:00, Martin Rex wrote:
Sabahattin Gucukoglu wrote:
In case you didn't see this:
http://www.h-online.com/open/news/item/Netfilter-developers-working-on-NAT-for-ip6tables-1385877.html
It's a complete IPv6 NAT implementation with the functionality of
the IPv4 one in the same stack. ALGs. Port translation. Connection
tracking. You don't need me to tell you why I don't like this.
I fail to understand the issue that you have with this.
Doing home gateways and *NOT* using dynamic temporary IPv6 addresses for
outbound connections by default (i.e. *NO* static network prefix that
can be linked to a single ISP customer)
I think you're confused. Whatever IPv6 source address is in the outgoing
packet from the CPE is bound 1:1 to the subscriber. You can't conceal
the address of the subscriber, if you ever want to get any packets back.
If you want to protect the privacy of individuals within the home (etc.)
behind the CPE, you can use IPv6 privacy addresses. But the traffic will
still be traceable back to the CPE, of course.
I hope you aren't under the illusion that NAT44 in CPE provides any
privacy.
Brian
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf