Mastodawn

Nice! NAT64 in action, My IPv6-only jail can successfully talk with Github. No tayga, just the new "af-to" feature, that the "pf" firewall got in 15.0-RELEASE:

pass in quick on bastille0 inet6 from $jail_net to 64:ff9b::/96 \
af-to inet from ($ext_if) keep state

This is genuinly nice! 🙂

#freebsd #networking #pf #nat64 #ipv6

Show thread

Bruce Simpson, Ph.D.Mar 8

@Larvitz OT: Patches accepted for IPv6 "longer loopback": https://datatracker.ietf.org/doc/draft-kumari-ipv6-loopback/

The IPv6 Loopback Address Prefix

This document updates the IP Version 6 Address Architecture to define the IPv6 address prefix ::/96 as the Loopback address prefix.

IETF Datatracker

Show thread

Peter Wemm Mar 11

I should take another look at this. Tayga does a bunch of internal packet level impedance matching beyond simply rewriting the header. Presumably af-to takes care of all of that unpleasant conversion stuff?

Show thread

Larvitz 5d ago

@karinjiri Yes, af-to "just works" 🙂